Juniper.Actualtest.JN0-643.v by-VIOLET.201q

Transcription

1 Juniper.Actualtest.JN0-643.v by-VIOLET.201q Number: JN0-643 Passing Score: 800 Time Limit: 120 min File Version: Exam Code: JN0-643 Exam Name: Enterprise Routing and Switching, Professional (JNCIP-ENT) Modified by DD corrected some of the answers in the dump provided by Gaber I changed the answers for Q 17, 19, 31, 165, 167, 168, 169, 170, 177, 179 A lot of the questions are missing exhibits or seem to have an exhibit not associated with the question. Missing exhibits Q 107, 116, 117, 120,123,125,130,132,135, 139,140, 141, 185 Wrong exhibits Q 124, 178

2 Exam A QUESTION 1 A user complains about connectivity problems from their IP address ( ) to a server ( ). Which Junos command can help verify connectivity in the network? A. mroute B. traceoptions C. ping D. clear bgp neighbor Correct Answer: C QUESTION 2 Port authentication falls back to Captive Portal. In which two scenarios would the port authentication move back to 802.1X? (Choose two.) A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state B. if Captive Portal is deactivated on the interface C. if the user gets logged out D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating state Correct Answer: BD Fallback of Authentication Methods You can configure multiple authentication methods on a single interface to enable fallback to another method if one method fails. If an interface is configured in multiple supplicant mode, all end devices connecting through the interface must use either captive portal or a combination of 802.1X and MAC RADIUS, captive portal cannot be mixed with 802.1X or MAC RADIUS. Therefore, if there is already an end device on the interface that was authenticated through 802.1X or MAC RADIUS authentication, then additional end devices authenticating do not fall back to captive portal. If only 802.1X authentication or MAC RADIUS authentication is configured, some end devices can be authenticated using 802.1X and others can still be authenticated using MAC RADIUS. Fallback of authentication methods occurs in the following order: 802.1X authentication If 802.1X is configured on the interface, the switch sends EAPoL requests to the end device and attempts to authenticate the end device through 802.1X authentication. If the end device does not respond to the EAP requests, the switch checks whether MAC RADIUS authentication is configured on the interface.

3 MAC RADIUS authentication If MAC RADIUS authentication is configured on the interface, the switch sends the MAC RADIUS address of the end device to the authentication server. If MAC RADIUS authentication is not configured, the switch checks whether captive portal is configured on the interface. Captive portal authentication If captive portal is configured on the interface, the switch attempts to authenticate using this method after attempting any other configured authentication methods. If an end device is authenticated on the interface using captive portal, this becomes the active authentication method on the interface. When captive portal is the active authentication method, the switch falls back to 802.1X authentication if there are no sessions in the authenticated state and if the interface receives an EAP packet. QUESTION 3 A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use a single IGP for both IPv4 and IPv6 traffic. Which protocol meets this requirement? A. OSPFv2 B. BGPv4 C. ES-ISv1 D. OSPFv3 Correct Answer: D QUESTION 4 A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period. You must prevent this behavior in the future. Which protocol should you enable on the EX Series switch to address this condition in the future? A. DVMRP B. L2TPv3 C. STP D. RSVP Correct Answer: C QUESTION 5 You have implemented 802.1X authentication in your Layer 2 network and you have only a single RADIUS server. You are asked to ensure that if the RADIUS server becomes unreachable or fails, users connected to the ge-0/0/0 port are still able to reach the Internet using a predefined guest VLAN.

4 Which command allows this access? A. [edit] set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest B. [edit] set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name guest C. [edit] set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan guest D. [edit] set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign guest Juniper JN0-643 Exam Correct Answer: B Server fail fallback allows you to specify how end devices connected to the switch are supported if the RADIUS authentication server becomes unavailable or sends a RADIUS access-reject message. Juniper Networks EX Series Ethernet Switches use authentication to implement access control in an enterprise network. If 802.1X, MAC RADIUS, or captive portal authentication are configured on the interface, end devices are evaluated at the initial connection by an authentication (RADIUS) server. If the end device is configured on the authentication server, the device is granted access to the LAN and the EX Series switch opens the interface to permit access. A RADIUS server timeout occurs if no RADIUS authentication servers are reachable when an end device logs in and attempts to access the LAN. Server fail fallback allows you to specify one of four actions to be taken toward end devices awaiting authentication when the server is timed out: Permit authentication, allowing traffic to flow from the end device through the interface as if the end device were successfully authenticated by the RADIUS server. Deny authentication, preventing traffic from flowing from the end device through the interface. This is the default. Move the end device to a specified VLAN. (The VLAN must already exist on the switch.) Sustain authenticated end devices that already have LAN access and deny unauthenticated end devices. If the RADIUS servers time out during reauthentication, previously authenticated end devices are reauthenticated and new users are denied LAN access. Server fail fallback is triggered most often during reauthentication when the already configured and in-use RADIUS server becomes inaccessible. However, server fail fallback can also be triggered by an end device s first attempt at authentication through the RADIUS server.

5 Server fail fallback allows you to specify that an end device be moved to a specified VLAN if the switch receives a RADIUS access-reject message. The configured VLAN name overrides any attributes sent by the server. Configure an interface to move an end device to a specified VLAN if a RADIUS server timeout occurs (in this case, the VLAN name is vlan1): [edit protocols dot1x authenticator] user@switch# set interface ge-0/0/1 server-fail vlan-name vlan1 QUESTION 6 Which option is a valid IPv6 multicast address? A. fe80::205:8640:471:3200/64 B. :: /126 C. ff03:365:ba::23 D. ff01:cgfc:345:22::226:8ff:fee4:bf6f Correct Answer: C QUESTION 7 A company is deploying a new 802.1X port-based security infrastructure to allow users to access resources through wired Ethernet ports. However they recently deployed an RSA token-based system for users to connect remotely. The network administrator wants to reuse the same security database for 802.1X port-based security. Which 802.1X authentication protocol is required? A. EAP-TLS B. LAN-PEAP C. RSA-EAP D. EAP-TTLS Correct Answer: D With EAP-TTLS, you do not need to create a new infrastructure of user certificates. User authentication is performed against the same security database that is already in use on the corporate LAN; for example, SQL or LDAP databases, or token systems. The routing of the inner authentication request is handled either by means of standard Steel-Belted Radius Carrier authentication request routing, or by means of a directed realm. If your EAP-TTLS tunnel ends at a dedicated server, and you want all the inner authentication requests to be performed by other servers, use standard request routing so the proxy realm target can be determined in a standard fashion (that is, the decoration of the username revealed by inner authentication). If your EAP-TTLS tunnel and inner

6 authentication are handled by the same server, you can use a directed realm to specify which authentication methods handle the inner authentication. QUESTION 8 Which protocol reachability is advertised by OSPFv2? A. IPv4 B. IPv5 C. IPv6 D. ISO Correct Answer: A QUESTION 9 You are AS Which AS path regular expression matches only routes originated in your AS? A. "6573.*" B. ".*" C. "{" D. "^$" Correct Answer: D

7 QUESTION 10 Voice traffic is coming in on UDP port This traffic must be classified into the expedited- forwarding forwarding class. Which type of classifier is needed? A. code point alias B. rewrite marker C. multifield D. behavior aggregate Correct Answer: C The Junos OS supports two general types of packet classification: behavior aggregate (BA) classification and multifield classification: BA classification, or CoS value traffic classification, refers to a method of packet classification that uses a CoS configuration to set the forwarding class or PLP of a packet based on the CoS value in the IP packet header. The CoS value examined for BA classification purposes can be the Differentiated Services code point (DSCP) value, DSCP IPv6 value, IP precedence value, MPLS EXP bits, and IEEE 802.1p value. The default classifier is based on the IP precedence value. Multifield classification refers to a method of packet classification that uses a standard stateless firewall filter to set the forwarding class or PLP for packets entering or exiting the interface based on multiple fields in the IP packet. You can configure multifield classifier that specifies match conditions based on CoS values (such as DSCP value, IP precedence value, MPLS EXP bits, or IEEE 802.1p bits), other packet values (such as IP address fields, the IP protocol type field, or the port number in the UDP or TCP pseudoheader field), or a combination. Use multifield classification instead of BA classification when you need to classify packets based on information in the packet other than the CoS values only. With multifield classification, a firewall filter term can specify the packet classification actions

8 for matching packets though the use of the forwarding-class class-name or loss-priority (high medium-high medium-low low) nonterminating actions in the term s then clause. QUESTION 11 Which three attributes must a BGP update contain? (Choose three.) A. next-hop B. MED C. origin D. AS-path E. local preference Correct Answer: ACD QUESTION 12 You must configure your access switch with more than 3000 VLANs and you want the ability to load-balance across them.

9 Which spanning-tree approach has the least impact on control-plane performance? A. Configure your access switch with a load-balancing policy and apply it under [edit protocols rstp]. B. Configure your access switch for Rapid-PVST+. C. Configure your access switch for MSTP, incorporating the use of MSTIs. D. Configure your access switch for both VSTP and RSTP. Correct Answer: C QUESTION 13 You are implementing MSTP in your network.

10 Which three values must match on all switches within the MST region? (Choose three) A. Context identifier B. Region name C. VLANs D. Revision E. Configuration manifest Correct Answer: BCD Configuring MSTP Regions When enabling MSTP, you define one or more MSTP regions. An MSTP region defines a logical domain where MSTIs can be administered independently of MSTIs in other regions, setting the boundary for Bridge Protocol Data Units (BPDUs) sent by one MSTI. An MSTP region is a group of switches that is defined by three parameters: Region name User-defined alphanumeric name for the region. Revision level User-defined value that identifies the region. Mapping table Numerical digest of VLAN-to-instance mappings. An MSTP region can support up to 64 MST instances, and each MSTI can support from 1 to 4094 VLANs. When you define a region, MSTP automatically creates an internal spanningtree instance (IST instance 0) that provides the root switch for the region and includes all currently configured VLANs that are not specifically assigned to a user-defined Multiple Spanning-Tree Instance (MSTI). An MSTI includes all static VLANs that you specifically add to it. The switch places any dynamically created VLANs in the IST instance by default, unless you explicitly map them to another MSTI. Once you assign a QUESTION 14 You have been asked to implement a private VLAN with two community VLANs. This private VLAN will be confined to a single switch in your Layer 2 network. This private VLAN, along with other VLANs configured on the switch, will require gateway services provided through a connected router. Which statement about this deployment is true? A. All isolated ports must be configured as trunk ports. B. A minimum of one promiscuous trunk port is required. C. Both community VLANs must have an assigned VLAN IDs. D. A minimum of one private VLAN trunk port is required. Correct Answer: B A promiscuous access port carries untagged traffic and can be a member of only one primary VLAN. Traffic that ingresses on a promiscuous access port is forwarded to the ports of the secondary VLANs that are members of the primary VLAN that the promiscuous

11 access port is a member of. This traffic carries the appropriate secondary VLAN tags when it egresses from the secondary VLAN ports if the secondary VLAN port is a trunk port. QUESTION 15 During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute. Which two routing tables are checked during this process in a default Junos configuration? (Choose two.) A. inet.0 B. inet.1 C. inet.2 D. inet.3 Correct Answer: AD The Border Gateway Protocol (BGP) uses different tables to resolve protocol next-hop for different applications. In a normal BGP application like IPv4, the prefix is learned in the default table inet.0. BGP will try to resolve its protocol next-hop in the table inet.3 first; if fails, it will resolve in the table inet.0. However, in L3VPN and L2VPN applications, BGP will resolve its protocol next-hop in the table inet.3 only. QUESTION 16 You have a requirement for a device to provide 20 W of power over Ethernet. What meets this requirement? A. Bond two standard PoE ports together to achieve 30.8 W of power. B. Install an external redundant power supply in the switch to increase the total power load. C. Select a switch that has PoE+ support. D. Enable LLDP-MED to transfer power from other switches. Correct Answer: C

12 QUESTION 17 R1 has an OSPF adjacency with R2 over a point-to-point link. Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.) A. It has a value in the link ID field with R2's interface IP address. B. It has a value in the link ID field with R2's router ID. C. It has a link-type of point-to-point (Type 1). D. It has a link-type of Transit (Type 2). E. It has a link-type of stub (Type 3). Correct Answer: BCE Answer was B, D and E The OSPF Router LSA [LSA Type 1] In the extensive ospf database output link type-field, such as (3), is followed by comments for explanation. Each point-to-point link is advertised as two links: one stub and the other point-to-point. This is because on a pt-to-pt link, an OSPF router alwasys forms an adjacency with its peer over an unnumbered connection. Hence, the link ID = the neighbor's router ID QUESTION 18

13 What is the significance of the multicast address range through ? A. They have link-local scope. B. They have administrative region scope. C. They are reserved for future use. D. They have a scope of two or more hops from a router. Correct Answer: A There are two well-known scopes: IPv4 local scope This scope comprises addresses in the range /16. The local scope is the minimal enclosing scope and is not further divisible. Although the exact extent of a local scope is site-dependent, locally scoped regions must not span any other scope boundary and must be contained completely within or be equal to any larger scope. If scope regions overlap in an area, the area of overlap must be within the local scope. IPv4 organization local scope This scope comprises /14. It is the space from which an organization allocates subranges when defining scopes for private use. The ranges /10, /10, and /10 are unassigned and available for expansion of this space. Two other scope classes already exist in IPv4 multicast space: the statically assigned linklocal scope, which is /24, and the static global scope allocations, which contain various addresses. QUESTION 19 You must prioritize VoIP packets on your network. Which feature will accomplish this goal? A. RSVP B. Multicast Routing C. VPLS D. Class of Service Correct Answer: AD Answer was C/D Resource Reservation Protocol - Traffic Engineering is an extension of the resource reservation protocol (RSVP) for traffic engineering. It supports the reservation of resources across an IP network. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter, maximum burst, and so forth) of the packet streams they want to receive. RSVP runs on both IPv4 and IPv6.

14 QUESTION 20 You notice that a number of IGMP leave group messages are passing through a BMA network and are impacting the network's performance. What would you do to resolve this issue without affecting multicast traffic? A. Apply an import policy to control leave group messages. B. Suppress group-specific queries. C. Suppress generic IGMP queries. D. Enable promiscuous-mode in IGMP. Correct Answer: B Responding To Group Membership Queries IGMPv1 and IGMPv2 use a Report suppression technique to avoid a 'storm' of responses to an IGMP Query message. When a host receives a Query, it starts a randomized timer for each group that it is a member of. When this timer pops, the host sends an IGMP Report message addressed to that group. Any other hosts that are members of the group also receive the message, at which point they cancel their timer for the group. This mechanism ensures that, under most circumstances, a single IGMP Report message is sent for each multicast group in response to a single Query. IGMPv3 removed the need for this, by packing multiple group memberships in a single Report message to reduce the number of packets sent. Improving Group Membership Latency When a host joins a new multicast group on an interface, it immediately sends an unsolicited IGMP Report message for that group. IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a group-specific IGMP Query message to the multicast group. The Leave Group message is not used with IGMPv3, as its source address filtering mechanism provides the same functionality QUESTION 21 A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below: class-of-service { forwarding-classes { class best-effort queue-num 0; class bulk-data queue-num 1; class critical queue-num 3; class voice queue-num 6; class call-sig queue-num 3;

15 Based on the configuration, which option prioritizes call-sig traffic over critical traffic? A. Assign call-sig and critical to different schedulers. B. Assign call-sig and critical to different scheduler maps. C. Assign a loss priority of high to the packets in the critical forwarding class and configure drop profiles in the scheduler configuration. D. Assign a loss priority of high to the packets in the critical forwarding class and set priority high in the scheduler configuration. Correct Answer: C Set the packet loss priority to high, which means that means that packets are more susceptible to being dropped. An individual device interface has multiple queues assigned to store packets temporarily before transmission. To determine the order in which to service the queues, the device uses a round-robin scheduling method based on priority and the queue's weighted round-robin (WRR) credits. Junos OS schedulers allow you to define the priority, bandwidth, delay buffer size, rate control status, and RED drop profiles to be applied to a particular queue for packet transmission. You configure schedulers to assign resources, priorities, and drop profiles to output queues. By default, only queues 0 and 3 have resources assigned. QUESTION 22 A Layer 2 transparent firewall separates two OSPFv3 routers. For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall? A. IPv4 protocol 89 B. IPv6 protocol 89 C. TCP port 89 D. UDP port 89 Correct Answer: B OSPFv3 Messages OSPFv2 and OSPFv3 both have the same protocol number of 89, although OSPFv3, being an IPv6 protocol, more accurately has a Next Header value of 89. And like OSPFv2, OSPFv3 uses multicast whenever possible. The IPv6 AllSPFRouters multicast address is FF02::5, and the AllDRouters multicast

16 address is FF02::6. Both have link-local scope. You can easily see the similarity in the last bits with the OSPFv2 addresses of and QUESTION 23 In MSTP, which two factors determine the root bridge in each region? (Choose two.) A. The switch with the higher priority becomes the root bridge. B. The switch with the lower priority becomes the root bridge. C. The switch with the lower MAC address becomes the root bridge when priorities are tied. D. The switch with the higher MAC address becomes the root bridge when priorities are tied. Correct Answer: BC QUESTION 24 Which two LSA types are only generated by an ABR router? (Choose two.) A. ASBR summary LSA (Type 4) B. ASBR LSA (Type 5) C. Summary LSA (Type 3) D. Router LSA (Type 1) Correct Answer: AC

17 QUESTION 25 Which two statements about MVRP on EX Series switches are true? (Choose two.) A. MVRP can add VLANs on access interfaces. B. MVRP can add VLANs on trunk interfaces. C. MVRP adds VLANs on MVRP-enabled interfaces by default. D. MVRP is in transparent mode on MVRP-enabled interfaces by default. Correct Answer: BC How MVRP Works The VLAN registration information sent by MVRP protocol data units (PDUs) includes the current VLANs membership that is, which routers are members of which VLANs and which router interfaces are in which VLAN. MVRP shares all information in the PDU with all routers participating in MVRP in the switching network. MVRP stays synchronized using these PDUs. The routers in the network participating in MVRP receive these PDUs during state changes and update their MVRP states accordingly. MVRP timers dictate when PDUs can be sent and when routers receiving MVRP PDUs can update their MVRP information.

18 VLAN information is distributed as part of the MVRP message exchange process and can be used to dynamically create VLANs, which are VLANs created on one switch and propagated to other routers as part of the MVRP message exchange process. Dynamic VLAN creation using MVRP is enabled by default but can be disabled QUESTION 26 A company's security policy does not allow outside computers or smart phones into their work areas. All company-provided computers are strictly controlled using 802.1X authentication on all of their switches. All computers obtain DHCP IP addresses from centralized servers and all switches have IP spoofing enabled. However, one of the computers was able to send IP spoofed packets. Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded? A. The IP source guard database timeout was set too low. B. The DHCP snooping feature was not enabled on any of the switches. C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic ARP Inspection feature. D X feature was not enabled on the port that was directly connected to the infected computer. Correct Answer: B DHCP snooping enables the switch to monitor and control DHCP messages received from untrusted devices connected to the switch. When DHCP snooping is enabled, the system snoops the DHCP messages to view DHCP lease information and build and maintain a database of valid IP address to MAC address (IP-MAC) bindings called the DHCP snooping database. Only clients with valid bindings are allowed access to the network. QUESTION 27 What is a valid router ID configuration for OSPFv3 in the Junos OS? A. set routing-options router-id 2001:1:2::1 B. set protocols ospf3 router-id fe80:223:2887:ab31::1 C. set routing-options router-id D. set protocols ospf3 router-id Correct Answer: C QUESTION 28 You are setting up a new switch in your network that is using MSTP. You have configured all access ports as edge ports, and you want to make sure that the access ports can never transition to nonedge ports. How can you meet this requirement?

19 A. Configure the interfaces as shared. B. Configure the hello-time option as zero. C. Configure the interfaces as a no-root-port. D. Configure bpdu-block-on-edge. Correct Answer: D Description Configure bridge protocol data unit (BPDU) protection on all edge ports of a switch. When the bpdu-block-on-edge statement is configured and the interface encounters an incompatible BPDU, the interface shuts down. If the disable-timeout statement is included in the BPDU configuration, the interface is automatically reenabled after the timer expires. Otherwise, you must use the operational mode command clear ethernet-switching bpdu-error to unblock and reenable the interface. bpdu-block-on-edge Syntax bpdu-block-on-edge; Hierarchy Level [edit logical-systems logical-system-name protocols (mstp rstp vstp)],[edit logical-systems logicalsystem-name routing-instances routing-instance-name protocols (mstp rstp vstp)],[edit protocols (mstp rstp vstp)],[edit routing-instances routing-instance-name protocols (mstp rstp vstp)] Release Information Statement introduced in Junos OS Release 9.4. Support for logical systems added in Junos OS Release 9.6. Description Enable BPDU blocking on the edge ports of a virtual switch. QUESTION 29 When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.) A. Multicast traffic received at the receiver's designated router (DR). B. PIM join received at the receiver's designated router (DR). C. PIM join received at the source designated router (DR). D. PIM registers received by the rendezvous point (RP). Correct Answer: AD In order to have the multicast traffic sent down the shared tree, the RP must register with the multicast source.

20 Please note that the receivers can join the shared tree before the source register with the RP. There is no process of order operation here. But for this example we will start by registering the source with the RP as frequently the multicast source may begin sending traffic before any receivers join the group. In order for the source to register with the RP, the RP must build a SPT (source path tree) to the source but in order to do that the RP must somehow know that the source exist so PIM SM makes uses of the PIM register and PIM Register stop messages to implement a source registration process to accomplish the task. PIM register message are sent by the first-hop DR (that is the DR directly connected to the source) to the RP. QUESTION 30 A coffee shop offering free Internet service to customers wants to implement the following security policies: 1. Every customer must agree to a set of terms and conditions before accessing the Internet. 2. Log out customers that are logged in for more than one hour. 3. Log out customers that are idle for more than 5 minutes. 4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions. The following configuration has been applied to the switch: - set access radius-server port set access radius-server secret Am@zingC00f33 - set access profile dot1x authentication-order radius - set access profile dot1x radius authentication-server What would you add to implement these policies? A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use" B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use" C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal interface ge-0/0/12.0 user-timeout 3600 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use" D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator authentication-profile-name dot1x

21 set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use" Correct Answer: A QUESTION 31 What is an IP multicast routing protocol? A. RSVP B. OSPF C. PIM D. CDP Correct Answer: BC Was C/D CDP not routing protocol QUESTION 32 Which version of BGP would an enterprise use to peer with an ISP? A. Confederation BGP B. External BGP C. Internal BGP D. Labeled-Unicast Correct Answer: C Regions are an important concept because they address many of the challenges inherent in large routed networks. By dividing the network into regions, service providers can increase the scale of their networks and improve convergence times. Regions essentially partition the network into sections or zones, which can be OSPF areas or IS-IS levels within a single autonomous system (AS), or each region can be an AS using a separate IGP. The characteristics of a multi-region network are quite similar to a multi-area OSPF network, multilevel IS-IS network, or BGP AS, but the regions don t exchange routing information as would a typical area or level. No

22 IGP routing information, LDP signaling, or RSVP signaling is exchanged between regions. Rather, regions are connected by and communicate with BGP labeled unicast. Like these other concepts, the primary advantage of regions is reducing the number of entries in the routing and forwarding tables of individual routers. This simplifies the network, enabling greater scale and faster convergence. LDP and RSVP label-switched paths are contained within a region, reducing the amount of LDP and RSVP state network-wide. Lowering the amount of resources required by each node prolongs the life span of each node as the network continues to grow. Regions also simplify network integration and troubleshooting. Network integrations and expansions do not require compatible IGPs or compatible LDP/RSVP implementations between networks. The new network or region only needs BGP labeled unicast compatibility with the existing network. Troubleshooting a multi-region network is simplified because problems are more likely to be contained within a single region rather than spread across multiple regions. In a multi-region network, BGP-LU is essential to enabling inter-region end-to-end routing, as it provides the communication and connectivity between multiple regions. Defined in RFC 31071, it enables BGP to advertise unicast routes with an MPLS label binding (a prefix and label). To accomplish this, BGP-LU leverages Multiprotocol Border Gateway Protocol (MP-BGP) and subsequent address family identifier (SAFI) 4 which indicates that the network layer reachability information (NLRI) contains a label mapping. BGP-LU has long been used for inter-as VPN services such as carrier s carrier and is now being applied to intra-as in a similar way to achieve massive scaling. QUESTION 33 You are setting up a new switch in your network that is using MSTP. You want to make sure that any port connected to a host starts forwarding traffic immediately. How can you meet this requirement? A. Configure the interfaces as point-to-point. B. Configure the interfaces as edge. C. Configure the forward-delay option as zero. D. Configure the interfaces as shared. Correct Answer: B QUESTION 34 You have been asked to implement 802.1X in your network and to ensure that all authorized users continue to be permitted should the RADIUS server fail. Which solution will satisfy this requirement? A. Implement the persistent MAC feature with the override option. B. Implement the server fail fallback feature with the use-cache option. C. Implement the persistent MAC feature with the use-cache option. D. Implement the server fail fallback feature with the override option. Correct Answer: B

23 With Juniper switches you can be rest assured that even if your radius server fails, Your network would still be up. Users would still be able login into the network using a phenomenal feature called Switch Cache. If radius server fails, switch can use cache to authenticate the dot1x clients. use-cache If the RADIUS servers time out during reauthentication, previously authenticated supplicants are reauthenticated, but LAN access is denied for new supplicants. Configuration: set protocols dot1x authenticator authentication-profile-name auth set protocols dot1x authenticator interface ge-0/0/0.0 supplicant multiple set protocols dot1x authenticator interface ge- 0/0/0.0 retries 4 set protocols dot1x authenticator interface ge-0/0/0.0 reauthentication 30 set protocols dot1x authenticator interface ge-0/0/0.0 server-timeout 20 set protocols dot1x authenticator interface ge-0/0/0.0 server-fail use-cache set access radius-server secret "x.x.x.x" set access profile auth auth QUESTION 35 How does an administrator block IGMP reports for the /8 group range? A. Create a routing policy and apply it to IGMP using the group-policy feature. B. Create a routing policy and apply it to IGMP using the report-policy feature. C. Create a routing policy and apply it to IGMP as export. D. Create a routing policy and apply it to IGMP as import. Correct Answer: A Filtering Unwanted IGMP Reports at the IGMP Interface Level Suppose you need to limit the subnets that can join a certain multicast group. The group-policy statement enables you to filter unwanted IGMP reports at the interface level. When this statement is enabled on a router running IGMP version 2 (IGMPv2) or version 3 (IGMPv3), after the router receives an IGMP report, the router compares the group against the specified group policy and performs the action configured in that policy (for example, rejects the report if the policy matches the defined address or network). You define the policy to match only IGMP group addresses (for IGMPv2) by using the policy's route-filter statement to match the group address. You define the policy to match IGMP (source, group) addresses (for IGMPv3) by using the policy's route-filter statement to match the group address and the policy's sourceaddress-filter statement to match the source address. To filter unwanted IGMP reports: Configure an IGMPv2 policy. [edit policy-statement reject_policy_v2]user@host# set from route-filter /32 exactuser@host# set from route-filter /8 orlongeruser@host# set then reject Configure an IGMPv3 policy. [edit policy-statement reject_policy_v3]user@host# set from route-filter /32 exactuser@host# set from route-filter /8 orlongeruser@host# set from sourceaddress-filter /8 orlongeruser@host# set from source-address-filter /8 orlongeruser@host# set then reject Apply the policies to the IGMP interfaces on which you prefer not to receive specific group or (source, group) reports. In this example, ge-0/0/0.1 is running IGMPv2, and ge-0/1/1.0 is running IGMPv3. [edit protocols igmp]user@host# set interface ge-0/0/0.1 group-policy reject_policy_v2user@host# set interface ge-0/1/1.0 group-policy reject_policy_v3 Verify the operation of the filter by checking the Rejected Report field in the output of the show igmp statistics command

24 QUESTION 36 You have been asked to implement a private VLAN with two community VLANs. This private VLAN must span multiple switches in your Layer 2 network. Which two statements about this deployment are true? (Choose two.) A. All isolated ports must be configured as trunk ports. B. A minimum of one promiscuous trunk port is required. C. Both community VLANs must have assigned VLAN IDs. D. A minimum of one private VLAN trunk port is required. Correct Answer: CD PVLAN Ethernet Switch Ports PVLANs can have the following types of switch ports: Promiscuous port An upstream (trunk) port that is connected to the routers or shared resources. These ports have Layer 2 connectivity to all the other ports on the switch, including the isolated ports. Community port An access port that belongs to a community. These ports have Layer 2 connectivity with other ports in the same community. Isolated port An access port that is isolated from the other ports on the switch. Isolated ports have Layer 2 connectivity only with promiscuous ports and PVLAN trunk ports. An isolated port cannot communicate with another isolated port even if they are members of the same isolated VLAN (or inter-switch isolated VLAN) domain. Typically, a server (such as a mail server or a backup server) is connected on this type of port. PVLAN trunk port A trunk port that connects two switches when a PVLAN is configured spanning those switches. The PVLAN trunk port is a member of all the VLANs within the PVLAN (that is, the primary VLAN, the community VLANs, and the inter-switch isolated VLAN). It can communicate with all ports other than the isolated ports. The membership of the PVLAN trunk port in the inter-switch isolated VLAN is egress-only. Incoming traffic on the PVLAN trunk port will never get assigned to the inter-switch isolated VLAN. The communication between a PVLAN trunk port and an isolated port is unidirectional. An isolated port can forward packets to a PVLAN trunk port, but a PVLAN trunk port cannot forward packets to an isolated port. QUESTION 37 Which configuration parameter causes a router to ignore router ID and peer ID from the BGP route selection algorithm? A. multihop B. as-path loops C. multipath D. next-hop self Correct Answer: C

25 QUESTION 38 If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.) A. MED B. Origin C. Local preference D. Community Correct Answer: BC QUESTION 39 A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any device that fails authentication must be provided limited access through a VLAN called NONAUTH. How do you provide this access? A. Configure NONAUTH VLAN as the guest VLAN. B. Configure NONAUTH VLAN as the server-reject VLAN. C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN. D. Configure a separate VLAN for each type of user: 802.1X and non-802.1x. Correct Answer: C How 802.1X Authentication Works 802.1X authentication works by using an Authenticator Port Access Entity (the switch) to block all traffic to and from a supplicant (end device) at the port until the supplicant's credentials are presented and matched on the Authentication server (a RADIUS server). When authenticated, the switch stops blocking traffic and opens the port to the supplicant X Features Overview 802.1X features on Juniper Networks EX Series Ethernet Switches are: Guest VLAN Provides limited access to a LAN, typically just to the Internet, for end devices that are not 802.1X enabled when MAC RADIUS authentication has not been configured on the switch interfaces to which the hosts are connected. Server-reject VLAN Provides limited access to a LAN, typically just to the Internet, for end devices that are 802.1X enabled but have sent the wrong credentials. Server-fail VLAN Provides limited access to a LAN, typically just to the internet, for 802.1X end devices during a RADIUS server timeout. Dynamic VLAN Enables an end device, after authentication, to be a member of a VLAN dynamically. Private VLAN Enables configuration of 802.1X authentication on interfaces that are members of private VLANs (PVLANs). Dynamic changes to a user session Allows the switch administrator to terminate an already authenticated session. This feature is based on support of the RADIUS Disconnect Message defined in RFC 3576.

26 Support for VoIP Supports IP telephones. If the phone is 802.1X-enabled, it is authenticated like any other supplicant. If the phone is not 802.1X-enabled, but has another 802.1X-compatible device connected to its data port, that device is authenticated, and then VoIP traffic can flow to and from the phone (providing that the interface is configured in single mode and not in single-secure mode). QUESTION 40 When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree? A. Multicast traffic received at the receiver's designated router (DR). B. An IGMPv3 report received at the receiver's designated router (DR). C. Multicast traffic received at the rendezvous point (RP). D. An IGMPv3 report received at the source's designated router (DR). Correct Answer: B PIM SSM is simpler than PIM sparse mode because only the one-to-many model is supported. Initial commercial multicast Internet applications are likely to be available to subscribers (that is, receivers that issue join messages) from only a single source (a special case of SSM covers the need for a backup source). PIM SSM therefore forms a subset of PIM sparse mode. PIM SSM builds shortest-path trees (SPTs) rooted at the source immediately because in SSM, the router closest to the interested receiver host is informed of the unicast IP address of the source for the multicast traffic. That is, PIM SSM bypasses the RP connection stage through shared distribution trees, as in PIM sparse mode, and goes directly to the source-based distribution tree. QUESTION 41 Which statement regarding LLDP update messages is correct? A. Updates can be secured using the MD5 algorithm. B. Updates are advertised every 60 seconds by default. C. Updates require bidirectional communication. D. Updates can be triggered by local changes. Correct Answer: D QUESTION 42 When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs? A. The authentication sequence is based on the order of the configuration. B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out, 802.1X will start. C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by the RADIUS server, then Captive Portal will start. D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the RADIUS server, then Captive Portal will start.

27 Correct Answer: D How 802.1X Authentication Works 802.1X authentication works by using an Authenticator Port Access Entity (the switch) to block all traffic to and from a supplicant (end device) at the port until the supplicant's credentials are presented and matched on the Authentication server (a RADIUS server). When authenticated, the switch stops blocking traffic and opens the port to the supplicant X Features Overview 802.1X features on Juniper Networks EX Series Ethernet Switches are: Guest VLAN Provides limited access to a LAN, typically just to the Internet, for end devices that are not 802.1X enabled when MAC RADIUS authentication has not been configured on the switch interfaces to which the hosts are connected. Server-reject VLAN Provides limited access to a LAN, typically just to the Internet, for end devices that are 802.1X enabled but have sent the wrong credentials. Server-fail VLAN Provides limited access to a LAN, typically just to the internet, for 802.1X end devices during a RADIUS server timeout. Dynamic VLAN Enables an end device, after authentication, to be a member of a VLAN dynamically. Private VLAN Enables configuration of 802.1X authentication on interfaces that are members of private VLANs (PVLANs). Dynamic changes to a user session Allows the switch administrator to terminate an already authenticated session. This feature is based on support of the RADIUS Disconnect Message defined in RFC Support for VoIP Supports IP telephones. If the phone is 802.1X-enabled, it is authenticated like any other supplicant. If the phone is not 802.1X-enabled, but has another 802.1X-compatible device connected to its data port, that device is authenticated, and then VoIP traffic can flow to and from the phone (providing that the interface is configured in single mode and not in single-secure mode). QUESTION 43 You are troubleshooting a problem on interface ge-0/0/3. Which command shows statistics in real time? A. show interfaces statistics B. monitor interface statistics ge-0/0/3 C. monitor interface traffic D. monitor traffic interface ge-0/0/3 Correct Answer: C monitor traffic interface Note: Because the Packet Forwarding Engine removes Layer 2 header information before sending packets to the Routing Engine: The monitor traffic command cannot apply match conditions to inbound traffic. The monitor traffic interface command also cannot apply match conditions for Layer 3 and Layer 4 packet data,

28 resulting in the match pipe option ( match) for this command for Layer 3 and Layer 4 packets not working either. Therefore, ensure that you specify match conditions as described in this command summary. The 802.1Q VLAN tag information included in the Layer 2 header is removed from all inbound traffic packets. Because the monitor traffic interface ae[x] command for aggregated Ethernet interfaces (such as ae0) only shows inbound traffic data, the command does not show VLAN tag information in the output. QUESTION 44 Which CoS component helps with TCP global synchronization problems? A. WRR with rewrite rules B. WRED with drop profiles C. tail drop profiles with a behavior aggregate classifier D. exact term with a scheduler Correct Answer: B

29 QUESTION 45 You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support varying requirements, interfaces ge-0/0/0 through ge-0/0/3 should each be rate-limited separately, using the same parameters. What is the correct way to meet these requirements? A. Configure a single policer and apply it directly on the appropriate interfaces. B. Configure four policers and apply each one directly on the appropriate interface. C. Configure a policer and reference it in a firewall filter that uses the interface-specific option; apply the filter to the appropriate interfaces. D. Configure four policers and reference them all in a firewall filter; apply the filter to the appropriate interfaces. Correct Answer: C

30 QUESTION 46 You are configuring BGP peering with a neighboring AS. Multiple physical links exist between your edge router and the neighboring edge router, and you want a configuration that supports the highest degree of redundancy. How can you implement this scenario? A. Configure multiple peerings between the routers' physical interfaces. B. Use the multipath feature. C. Configure multiple peerings between the routers' logical interfaces. D. Use the multihop feature. Correct Answer: D QUESTION 47 An OSPF router is an ABR but not an ASBR. Which three types of LSAs would you expect this router to generate? (Choose three.) A. Type 1 LSA B. Type 3 LSA C. Type 4 LSA D. Type 5 LSA E. Type 6 LSA Correct Answer: ABC QUESTION Exhibit -- user@r1> show configuration protocols pim rp local { address ; auto-rp discovery; static { address ;

31 show route /16 inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both /32 *[Direct/0] 3w4d 04:58:14 > via lo /32 *[OSPF/10] 00:52:25, metric 1 > via lt-0/0/ /32 *[OSPF/10] 00:48:06, metric 1 > via lt-0/0/ /32 *[OSPF/10] 00:48:06, metric 1 > via lt-0/0/ Exhibit -- Router R1 in the exhibit is receiving auto-rp announce messages specifying an RP of and BSR messages specifying an RP-set with an RP of Which address will R1 use as the RP for traffic destined to the multicast group? A B C D Correct Answer: D QUESTION Exhibit

32 -- Exhibit -- In the exhibit, customers connected to Area 3 must have access to external prefixes received from the data center connected to the router in Area 1. These configurations are currently applied to the routers in Area 1: {master:0[edit] user@area-1-abr# show protocols ospf no-nssa-abr; area { nssa; interface ge-1/1/1.100; {master:0[edit] user@area-1-external# show protocols ospf area { stub no-summaries; interface ge-1/1/1.100;

33 What must you change for these configurations to work? A. Configure the ABR router in Area 1 to support a virtual link. B. Delete no-summary-lsa from the ABR router in Area 1. C. Configure the external router in Area 1 for NSSA. D. Configure the ABR in Area 1 for a default LSA with a default-metric of 10 and no-summaries. Correct Answer: C QUESTION Exhibit /8 *[BGP/170] 01:10:38, localpref 100, from AS path: 100 I > to via ge-0/0/0.0 [BGP/170] 00:00:59, localpref 100 AS path: 100? > to via ge-0/0/ Exhibit -- Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the /8 route? A. The origin is IGP. B. The origin is unknown. C. The AS path is longer. D. Multihop is enabled. Correct Answer: A QUESTION Exhibit -- Group: Source: Flags: sparse,spt

34 Upstream interface: so-1/0/0.0 Upstream neighbor: Upstream state: Local RP, Join to Source Keepalive timeout: 344 Downstream neighbors: Interface: Pseudo-GMP fe-0/0/0.0 fe-0/0/1.0 fe-0/0/3.0 Interface: so-1/0/0.0 (pruned) State: Prune Flags: SR Timeout: 174 Interface: mt-1/1/ State: Join Flags: S Timeout: Infinity -- Exhibit -- Referring to the exhibit, which two statements are true? (Choose two.) A. The router has pruned the RPT. B. The router has pruned the SPT only. C. The router has pruned the RPT only. D. The router has pruned the SPT. Correct Answer: AD QUESTION Exhibit -- user@switch# run show spanning-tree statistics interface ge-0/0/0 STP interface statistics for VLAN 10 Interface BPDUs sent BPDUs received Next BPDU transmission ge-0/0/ STP interface statistics for VLAN 20 Interface BPDUs sent BPDUs received Next BPDU transmission ge-0/0/

35 -- Exhibit -- Based on the exhibit, which spanning-tree protocol is running on ge-0/0/0? A. VSTP B. MSTP C. RSTP D. PVST Correct Answer: A QUESTION Exhibit -- Exhibit -- Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.) A. The ge-0/0/0 interface on Provider Bridge A must be configured as an access port. B. The ge-0/0/0 interface on Provider Bridge A must be configured as a trunk port. C. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 100. D. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 200. Correct Answer: AD QUESTION Exhibit

36 -- Exhibit -- You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations shown in the exhibit. What must be changed on Switch_A to allow both Dot1q-tunneling VLANs and non-dot1q- tunneling VLANs on the same trunk interface? A. Change the Dot1q-tunneling Ethertype to 0x9100. B. Change the Dot1q-tunneling Ethertype to 0x88a8. C. Change the Dot1q-tunneling Ethertype to 0x8100. D. Change the Dot1q-tunneling Ethertype to 0x98a8. Correct Answer: C QUESTION Exhibit

37 -- Exhibit -- In the exhibit, Host2 is the only host currently joining group , but S1 is still flooding the traffic to all hosts on VLAN 100. What feature can be configured on S1 to limit the multicast flooding of traffic to only interested hosts on VLAN 100? A. Multicast scoping B. IGMP snooping C. Multicast VLAN registration D. IGMP immediate leave Correct Answer: B Internet Group Management Protocol (IGMP) snooping constrains the flooding of IPv4 multicast traffic on VLANs on a switch. When IGMP snooping is enabled on a VLAN, a Juniper Networks EX Series Ethernet Switch examines IGMP messages between hosts and multicast routers and learns which hosts are interested in receiving traffic for a multicast group. Based on what it learns, the switch then forwards multicast traffic only to those interfaces in the VLAN that are connected to interested receivers instead of flooding the traffic to all interfaces. QUESTION Exhibit -- {master:0[edit] user@switch# show protocols vstp vlan 100; {master:0[edit] user@switch# run show spanning-tree bridge

38 STP bridge parameters Context ID : 1 Enabled protocol : RSTP STP bridge parameters for VLAN 100 Root ID : :c5:8d:ae:94:80 Hello time : 2 seconds Maximum age : 20 seconds Forward delay : 15 seconds Message age : 0 Number of topology changes : 0 Local parameters Bridge ID : :c5:8d:ae:94:80 Extended system ID : 1 Internal instance ID : 0 {master:0[edit] user@switch# run show spanning-tree interface {master:0[edit] user@switch# -- Exhibit -- Based on the output shown in the exhibit, why is VSTP not working for VLAN 100? A. No interfaces are assigned to VLAN 100. B. Your MSTI is misconfigured. C. RSTP is configured in addition to VSTP. D. No native VLAN is configured. Correct Answer: A QUESTION Exhibit

39 -- Exhibit -- Referring to the exhibit, what is the correct RPF path toward the multicast source from R6? A. R6-R5 B. R6-R7-R4-R5 C. R6-R4-R5 D. R6-R4-R3-R2-R5 Correct Answer: A QUESTION Exhibit -- {master:0[edit] user@switch# show ethernet-switching-options voip interface ge-0/0/16.0 { vlan phones; {master:0[edit] user@switch# show interfaces ge-0/0/16 unit 0 {

40 family ethernet-switching { port-mode access; vlan { members internet; {master:0[edit] user@switch# show vlans hr { vlan-id 513; internet { vlan-id 15; phones { vlan-id 25; servers { vlan-id 30; {master:0[edit] user@switch# show interfaces ge-0/0/23 description uplink; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ hr internet ];

41 -- Exhibit -- You have recently implemented a Layer 2 network designed to support VoIP. Users have reported that they cannot use their IP phones to make calls. Based on the switch configuration shown in the exhibit, which command will resolve this issue? A. set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members phones B. set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode trunk C. set ethernet-switching-options voip interface ge-0/0/23 vlan phones D. set vlans phones vlan-id 513 Correct Answer: A QUESTION Exhibit -- Exhibit -- Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1? A. R2-R3 B. R2-R5-R4 C. R3

42 D. R2-R4 Correct Answer: C QUESTION Exhibit -- Mar 16 18:39: BGP RECV > Mar 16 18:39: BGP RECV message type 1 (Open) length 59 Mar 16 18:39: BGP RECV version 4 as 2 holdtime 90 id parmlen 30 Mar 16 18:39: BGP RECV MP capability AFI=2, SAFI=1 Mar 16 18:39: BGP RECV Refresh capability, code=128 Mar 16 18:39: BGP RECV Refresh capability, code=2 Mar 16 18:39: BGP RECV Restart capability, code=64, time=120, flags= Mar 16 18:39: BGP RECV 4 Byte AS-Path capability (65), as_num 2 Mar 16 18:39: advertising receiving-speaker only capabilty to neighbor (External AS 2) Mar 16 18:39: bgp_send. sending 59 bytes to (External AS 2) Mar 16 18:39: Mar 16 18:39: BGP SEND > Mar 16 18:39: BGP SEND message type 1 (Open) length 59 Mar 16 18:39: BGP SEND version 4 as 1 holdtime 90 id parmlen 30 Mar 16 18:39: BGP SEND MP capability AFI=1, SAFI=1 Mar 16 18:39: BGP SEND Refresh capability, code=128 Mar 16 18:39: BGP SEND Refresh capability, code=2 Mar 16 18:39: BGP SEND Restart capability, code=64, time=120, flags= Mar 16 18:39: BGP SEND 4 Byte AS-Path capability (65), as_num 1 Mar 16 18:39: bgp_process_caps: mismatch NLRI with (External AS 2): peer: <inet6-unicast>(16) us: <inet-unicast>(1) Mar 16 18:39: bgp_process_caps:2561: NOTIFICATION sent to (External AS 2): code 2 (Open Message Error) subcode 7 (unsupported capability) value 1 Mar 16 18:39: bgp_sens: sending 23 bytes to (External AS 2) Mar 16 18:39:

43 Mar 16 18:39: BGP SEND > Mar 16 18:39: BGP SEND message type 3 (Notification) length 23 Mar 16 18:39: BGP SEND Notification code 2 (Open Message Error) subcode 7 (unsupported capability) Mar 16 18:39: BGP SEND Data (2 bytes): Exhibit -- Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in Established state? A. BGP refresh is not supported. B. There is a router ID mismatch. C. IPv6 is not supported on the local peer. D. The peer AS number is misconfigured. Correct Answer: C QUESTION Exhibit -- Exhibit --

44 In the exhibit, which statement about the ABR between Area 8 and Area 2 is true? A. The router has connectivity to all areas. B. The router has connectivity to Area 8 only. C. The router has connectivity to Area 2 only. D. The router has connectivity to all routers in Area 8 and Area 2. Correct Answer: D QUESTION Exhibit -- user@router> show class-of-service scheduler-map two Scheduler map: two, Index: Scheduler: sch-best-effort, Forwarding class: best-effort, Index: Transmit rate: 1 percent, Rate Limit: exact, Buffer size: remainder, Buffer Limit: exact, Priority: low Excess Priority: unspecified Drop profiles: Loss priority Protocol Index Name Low any 1 <default-drop-profile> Medium low any 1 <default-drop-profile> Medium high any 1 <default-drop-profile> High any 1 <default-drop-profile> Scheduler: sch-expedited-forwarding, Forwarding class: expedited-forwarding, Index: Transmit rate: 1 percent, Rate Limit: none, Buffer size: 1 percent, Buffer Limit: none, Priority: high Excess Priority: unspecified Drop profiles: Loss priority Protocol Index Name Low any 1 <default-drop-profile>

45 Medium low any 1 <default-drop-profile> Medium high any 1 <default-drop-profile> High any 1 <default-drop-profile> user@router> show interfaces ge-0/0/1 extensive find "CoS Information" CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort r 0 low exact 1 expedited-forwarding high none Logical interface ge-0/0/1.823 (Index 74) (SNMP ifindex 506) (Generation 139) Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x ] Encapsulation: ENET2 Traffic statistics: Input bytes : Output bytes : Input packets: Output packets: (... output truncated...) user@router> show interfaces ge-0/0/1 extensive find "Queue Counters" Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort expedited-fo assured-forw network-cont 0 0 Queue number: Mapped forwarding classes 0 best-effort 1 expedited-forwarding

46 2 assured-forwarding 3 network-control Active alarms : None Active defects : None (... output truncated...) -- Exhibit -- Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform? A. The drop-profile fill level is set too low. B. Packets are dropped by a firewall policy. C. The best-effort queue is being shaped. D. The scheduler is not being applied correctly. Correct Answer: C QUESTION Exhibit -- [edit protocols bgp] user@router# show group ext-peer2 { type external; peer-as 1; neighbor ; [edit protocols bgp] user@router# run show route inet.0: 9 destinations, 10 routes (7 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both /32 *[Static/5] 00:01:56 > to via ge-0/0/1.0 [edit protocols bgp]

47 run show bgp summary Groups: 1 Peers: 1 Down peers: 1 Table Tot Paths Act Paths Suppressed History Damp State Pending inet inet Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State #Active/Received/Accepted/Damped Idle -- Exhibit -- Looking at the output in the exhibit, why is the BGP neighbor not in Established state? A. BGP Refresh is not supported. B. Multihop is not configured. C. The peer address is not reachable. D. Authentication is configured. Correct Answer: B QUESTION Exhibit -- user@switcha# show protocols dot1x authenticator { authentication-profile-name dot1x; interface { ge-0/0/0.0 { supplicant single; ge-0/0/1.0 { supplicant single-secure; ge-0/0/2.0 {

48 supplicant multiple; {master:0[edit] show access radius-server { { port 1812; secret "$9$vqs8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA profile dot1x { authentication-order radius; radius { authentication-server ; accounting-server ; accounting { order radius; immediate-update; {master:0[edit] user@switcha# -- Exhibit -- Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choose three.) A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with their correct user credentials. B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with their correct user credentials.

49 C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with its correct credentials only after the first user logs out. D. Switch A allows complete access to all users connected to port ge-0/0/0 without authentication after the first user has logged in with its correct user credentials. E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log in using HTTPS with their correct user credentials. Correct Answer: ACD QUESTION Exhibit -- Mar 16 17:48: OSPF periodic xmit from to (IFL 69 area ) Mar 16 17:48: ospf_trigger_build_telink_lsas : No peer found Mar 16 17:48: ospf_trigger_build_telink_lsas : No peer found Mar 16 17:48: ospf_set_lsdb_state: Router LSA adv-rtr state QUIET- >GEN_PENDING Mar 16 17:48: OSPF trigger router LSA 0x156d0f0 build for area lsa-id Mar 16 17:48: ospf_set_lsdb_state: Router LSA adv-rtr state GEN_PENDING->QUIET Mar 16 17:48: OSPF built router LSA, area , link count 2 Mar 16 17:48: OSPF sent Hello > (ge-0/0/1.0 IFL 69 area ) Mar 16 17:48: Version 2, length 44, ID , area Mar 16 17:48: mask , hello_ivl 10, opts 0x2, prio 128 Mar 16 17:48: dead_ivl 40, DR , BDR Mar 16 17:48: OSPF DR is , BDR is Mar 16 17:48: OSPF sent Hello > (ge-0/0/1.0 IFL 69 area ) Mar 16 17:48: Version 2, length 44, ID , area Mar 16 17:48: mask , hello_ivl 10, opts 0x2, prio 128 Mar 16 17:48: dead_ivl 40, DR , BDR Mar 16 17:48: OSPF DR is , BDR is Mar 16 17:48: OSPF packet ignored. area mismatch ( ) from on intf ge-0/0/1.0 area Mar 16 17:48: OSPF rcvd Hello > (ge-0/0/1.0 IFL 69 area )

50 Mar 16 17:48: Version 2, length 44, ID , area Mar 16 17:48: checksum 0x8065, authtype 0 Mar 16 17:48: mask , hello_ivl 10, opts 0x2, prio 128 Mar 16 17:48: dead_ivl 40, DR , BDR commit complete -- Exhibit -- Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state? A. There is an MTU mismatch. B. There is a network mask mismatch. C. The routers are in different areas. D. No BDR has been elected. Correct Answer: C QUESTION 66 A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in the exhibit, two links are being used for this configuration. The goal of this configuration is to load- balance traffic across both EBGP links. Which configuration accomplishes this goal? A. {master:0[edit] user@router# show protocols bgp group External { multihop; local-address ; peer-as 65532; neighbor neighbor ; {master:0[edit] user@router# show routing-options static { route /32 next-hop ; autonomous-system 65432; B. {master:0[edit] user@router# show protocols bgp group External { multihop; local-address ; peer-as 65532; neighbor ;

51 {master:0[edit] show routing-options static { route /32 next-hop [ ]; autonomous-system 65432; forwarding-table { export load-balance; {master:0[edit] user@router# show policy-options policy-statement load-balance term balance { then { load-balance per-packet; accept; C. {master:0[edit] user@router# show protocols bgp group External { multi-path; local-address ; peer-as 65532; neighbor ; {master:0[edit] user@router# show routing-options static { route /32 next-hop [ ]; autonomous-system 65432; D. {master:0[edit] user@router# show protocols bgp group External { multipath; local-address ; peer-as 65532; neighbor ; neighbor ; {master:0[edit] user@router# show routing-options static { route /32 next-hop ; autonomous-system 65432; Correct Answer: B QUESTION Exhibit

52 -- Exhibit -- In the exhibit, R5 is receiving five x routes from the RIP router, and is advertising them into Area 1 using an export policy. You do not want any of the RIP routes to be in the routing table of R Which two solutions meet this requirement? (Choose two.) A. On R1, configure an export policy to reject the routes. B. On R1, configure an import policy to reject the routes. C. On R1, configure each address as a martian route. D. On R1, configure the no-nssa-abr option. Correct Answer: BC QUESTION Exhibit

53 -- Exhibit -- In the exhibit, a customer wants to configure an EBGP connection to two different routers in a neighboring autonomous system. The goal of this configuration is to use per-prefix load balancing across both EBGP links. Which configuration accomplishes this goal? A. {master:0[edit] user@router# show protocols bgp group External { multihop; peer-as 65532; neighbor ; neighbor ; B. {master:0[edit] user@router# show protocols bgp group External { multipath; peer-as 65532; neighbor ; neighbor ; C. {master:0[edit] user@router# show protocols bgp group External { multihop; local-address ; peer-as 65532; neighbor ; neighbor ; user@router# show routing-options static { route next-hop [ ]; autonomous-system 65432; D. {master:0[edit] user@router# show protocols bgp group External { multihop; local-address ; peer-as 65532; multipath; neighbor ; neighbor ; user@router# show routing-options static { route next-hop [ ]; autonomous-system 65432; Correct Answer: B

54 QUESTION Exhibit -- Exhibit -- Referring to the exhibit, R4 in AS 100 is sending routes /8 and /8. R3 sees the routes but R5 does not. What must be configured on the R3 router for the R5 router to install the routes? A. Anext-hop self policy B. As-override toward the R5 router C. As-loops 2 D. Local-as 100 Correct Answer: B QUESTION Exhibit

55 -- Exhibit -- You are asked to configure an OSPF virtual link that connects remote Area 4 to the backbone. Referring to the exhibit, what are two requirements for an OSPF virtual link to operate correctly? (Choose two.) A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit area 1. B. The interface of the transit area must be of type vt. C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface address of the neighbor on the far end. D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID (RID) of the neighbor on the far end. Correct Answer: AD QUESTION Exhibit

56 -- Exhibit -- In the exhibit, R5 is receiving five x routes from the RIP router, and is advertising them into Area 1 using an export policy. You want to summarize the RIP routes into Area 0 with the most specific prefix. Which configuration will accomplish goal? A. [edit protocols] user@r1# show ospf { area { area-range /29; interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; area { nssa { default-lsa type-7; interface ge-0/0/3.0; B. [edit protocols] user@r1# show ospf { area { interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; area { nssa { default-lsa type-7; area-range /28; interface ge-0/0/3.0; C. [edit protocols] user@r1# show ospf {

57 area { interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; area { nssa { default-lsa type-7; area-range /29; interface ge-0/0/3.0; D. [edit protocols] user@r1# show ospf { area { area-range /28; interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; area { nssa { default-lsa type-7; interface ge-0/0/3.0; Correct Answer: C QUESTION Exhibit -- user@router> show bgp summary Groups: 3 Peers: 3 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet inet Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State #Active/Received/Accepted/Damped :45 5/5/5/0 0/0/0/ Establ inet.0: 3/5/5/0 inet6.0: 3/4/4/0

58 2001:ffff::3: :53 Establ inet6.0: 0/0/0/0 user@router> -- Exhibit -- Examine the output of the show bgp summary command shown in the exhibit. From which BGP peer is the router receiving IPv6 routes? A B C. 2001:ffff::3:5 D. 2001:ffff:3:5 Correct Answer: B QUESTION Exhibit -- user@switcha> show dot1x interface detail ge-0/0/2.0 ge-0/0/2.0 Role: Authenticator Administrative state: Auto Supplicant mode: Multiple Number of retries: 3 Quiet period. 60 seconds Transmit period. 30 seconds Mac Radius: Enabled Mac Radius Restrict: Enabled Reauthentication: Enabled Configured Reauthentication interval: 3600 seconds Supplicant timeout: 30 seconds Server timeout: 30 seconds Maximum EAPOL requests: 2

59 Guest VLAN member: <not configured> Number of connected supplicants: 2 user@switcha> -- Exhibit -- Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 do not support 802.1X. They can authenticate and connect to the Internet. Host 3 was added and it supports 802.1X; however, it is unable to authenticate. Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintain secure access? A. Enable fallback authentication for 802.1X. B. Disable MAC RADIUS Restrict option on ge-0/0/2. C. Disable MAC RADIUS option on ge-0/0/2. D. Enable Administrative mode for 802.1X. Correct Answer: B QUESTION Exhibit -- user@rp> show pim join extensive Instance: PIM.master Family: INET R = Rendezvous Point Tree, S = Sparse, W = Wildcard Group: Source: * RP: Flags: sparse,rptree,wildcard Upstream interface: Local Upstream neighbor: Local Upstream state: Local RP Downstream neighbors: Interface: so-0/0/ State: Join Flags: SRW Timeout: 176 Group:

60 Source: Flags: sparse,spt Upstream interface: unknown (no nexthop) Upstream neighbor: unknown Upstream state: Local RP Keepalive timeout: 106 Downstream neighbors: Interface: so-0/0/ State: Join Flags: S Timeout: 176 Instance: PIM.master Family: INET6 R = Rendezvous Point Tree, S = Sparse, W = Wildcard -- Exhibit -- The CLI output shown in the exhibit was taken from the RP in a PIM-SM network. Which statement explains the output shown in the exhibit? A. No tunnel PIC is installed on the RP router. B is not a local IP address on the RP router. C. Multicast traffic is arriving on the so-0/0/0.0 interface. D. The router does not have a unicast route to Correct Answer: D QUESTION OSPF database, Area Type ID Adv Rtr Seq Age Opt Cksum Len Router * x d 30 0x22 0x8d bits 0x0, link count 9 id , data , Type Stub (3) Topology count: 0, Default metric. 1

61 id , data , Type Stub (3) Topology count: 0, Default metric. 1 id , data , Type Transit (2) Topology count: 0, Default metric. 1 id , data , Type Transit (2) Topology count: 0, Default metric. 1 id , data , Type Stub (3) Topology count: 0, Default metric. 0 id , data , Type PointToPoint (1) Topology count: 0, Default metric. 65 id , data , Type Stub (3) Topology count: 0, Default metric. 65 id , data , Type PointToPoint (1) Topology count: 0, Default metric. 2 id , data , Type Stub (3) Topology count: 0, Default metric. 2 Topology default (ID 0) Type: PointToPoint, Node ID MetriC. 2, Bidirectional Type: PointToPoint, Node ID MetriC. 65, Bidirectional Type: Transit, Node ID MetriC. 1, Bidirectional Type: Transit, Node ID MetriC. 1, Bidirectional -- Exhibit -- The exhibit shows the output of an OSPF router LSA. Which interface ID represents the router's loopback address? A. ID

62 B. ID C. ID D. ID Correct Answer: B QUESTION Exhibit -- {master:0[edit] user@router# show class-of-service classifiers { inet-precedence normal-traffic { forwarding-class best-effort { loss-priority low code-points [ my1 my2 ]; code-point-aliases { inet-precedence { my1 000; my2 001; cs1 010; cs2 011; cs3 100; cs4 101; cs5 111; cs6 111;

63 -- Exhibit -- In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bits should be mapped to a forwarding class named best-effort. A classifier named normal-traffic is defined. What must you add to complete this configuration? A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new code points. B. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza. C. Configure a rewrite marker on the ingress Gigabit Ethernet interface. D. Add code point values for the expedited-forwarding forwarding class as well as the best-effort forwarding class. Correct Answer: B QUESTION Exhibit -- user@router> show configuration routing-options autonomous-system 65550; user@router> show configuration protocols bgp group ibgp { type internal; neighbor ; group ibgpv6 { type internal; local-address 2001:ffff::3:4; neighbor 2001:ffff::3:5; group as65010 { family inet { unicast;

64 family inet6 { unicast; export as65010-out; peer-as 65010; neighbor ; user@router> show configuration policy-options policy-statement as65010-out { term locally-originated { from as-path local-only; then { metric 7000; term from-as65222 { from as-path as65222-orig; then as-path-prepend " "; term transit-as701 { from as-path transit-as701; then { metric 6; then accept; as-path local-only "(.*)"; as-path as65222-orig ".* 65222";

65 as-path transit-as701 ".* 701.*"; show route advertising-protocol bgp inet.0: 43 destinations, 47 routes (43 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * /30 Self 7000 I * /30 Self 7000 I * /30 Self 7000 I * /30 Self 7000 I * /32 Self 7000 I * /32 Self 7000 I * /32 Self 7000 I * /30 Self 7000 I * /30 Self 7000 I * /32 Self 7000 I * /32 Self 7000 I * /24 Self 7000 I * /16 Self I * /24 Self I * /25 Self I * /25 Self I * /25 Self I * /25 Self I * /30 Self 7000 I * /30 Self 7000 I * / I * / I * /24 Self 7000 I * /24 Self 7000 I * / I

66 * / I * / I * / I inet6.0: 23 destinations, 28 routes (23 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * :: /126 Self 7000 I * 2001:1:1::/64 Self 7000 I * 2001:1:2::/64 Self 7000 I * 2001:ffff::3:3/128 Self 7000 I * 2001:ffff::3:4/128 Self 7000 I * 2001:ffff::3:5/128 Self 7000 I * 2001:ffff::9:7/128 Self 7000 I user@router> -- Exhibit -- You are configuring an EBGP peer in a transit environment. You must advertise routes learned from other EBGP peers in your AS. Any routes originated from within your AS should have a MED of 7000 set. Any routes that originate in AS65222 should be prepended four times. Any routes that transit AS701 should have a MED set to 6. This scenario results in the unintended advertisement of internal /8 networks to your peer. What caused the accidental advertisement of internal networks to your EBGP peer? A. Your AS number of is a private AS number. B. The BGP group as65010 is configured for both family inet unicast and family inet6 unicast protocol families. C. The export policy as65010-out is misconfigured. D. The as-path local-only includes a misconfigured regular expression. Correct Answer: C QUESTION Exhibit -- [edit] user@router# run show ospf database external lsa-id extensive OSPF AS SCOPE link state database

67 Type ID Adv Rtr Seq Age Opt Cksum Len Extern x x22 0x171b 36 mask Topology default (ID 0) Type: 2, MetriC. 0, Fwd addr: , Tag: Aging timer 00:58:06 Installed 00:01:53 ago, expires in 00:58:06, sent 00:01:53 ago Last changed 00:01:53 ago, Change count: 1 Extern x a 487 0x22 0x587e 36 mask Topology default (ID 0) Type: 2, MetriC. 0, Fwd addr: , Tag: Aging timer 00:51:52 Installed 00:08:01 ago, expires in 00:51:53, sent 00:07:59 ago Last changed 2d 19:33:58 ago, Change count: 1 Extern x c 540 0x22 0xf73e 36 mask Topology default (ID 0) Type: 1, MetriC. 30, Fwd addr: , Tag: Aging timer 00:51:00 Installed 00:08:59 ago, expires in 00:51:00, sent 00:08:59 ago Last changed 00:08:59 ago, Change count: 3 -- Exhibit -- As shown in the exhibit, a router is receiving three external LSAs for the prefix Which path is preferred? A. The path through is preferred. B. The path through is preferred. C. The path through is preferred. D. The paths through and become active to allow load-balancing. Correct Answer: C

68 QUESTION Exhibit -- Exhibit -- In the exhibit, the /16 prefix is introduced at autonomous system 1 (AS1) and propagated through to AS3. Router A in AS3 receives two different paths to these prefixes, one through AS2 and the other through AS4. No BGP attributes have been altered. Which path would router A prefer for the /16 prefix? A. The route with the lowest interface address for the EBGP peering session B. The route with the lowest local preference C. The route to the EBGP peer that has the lowest RID D. The route from the EBGP peer that arrived first Correct Answer: D

69 QUESTION Exhibit -- [edit] show routing-options router-id router-id ; [edit] show protocols ospf area { interface ge-0/0/7.0; [edit] user@r2# show routing-options router-id router-id ; [edit] user@r2# show protocols ospf area { interface ge-0/0/8.0 { priority 200; [edit] user@r3# show routing-options router-id router-id ; [edit] user@r3# show protocols ospf area { interface ge-0/0/8.0; [edit]

70 show routing-options router-id router-id ; [edit] show protocols ospf area { interface ge-0/0/6.0 { priority 0; -- Exhibit -- All four routers in the exhibit are in the same broadcast domain. The routers were powered on at the same time. Based on the configurations, which devices are the DR and the BDR? A. R4 is the DR and R2 is the BDR. B. R2 is the DR and R3 is the BDR. C. R2 is the DR and R1 is the BDR. D. R3 is the DR and R2 is the BDR. Correct Answer: B QUESTION Exhibit -- user@router> show interfaces ge-0/0/0 extensive find "Queue counters" Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort expedited-fo assured-forw network-cont

71 -- Exhibit -- You recently deployed an SRX Series Gateway in your network. It uses the default class of service configuration. Based on the output in the exhibit, what reason explains the packet drops in Queue 1? A. Interface ge-0/0/0 should be used only for management network operations. B. Queue 0 has higher priority than Queue 1. C. A policer is reclassifying all traffic into Queue 1. D. No bandwidth reservation exists on Queue 1. Correct Answer: D QUESTION Exhibit -- Mar 16 19:12: BGP RECV > Mar 16 19:12: BGP RECV message type 1 (Open) length 59 Mar 16 19:12: BGP RECV version 4 as 2 holdtime 90 id parmlen 30 Mar 16 19:12: BGP RECV MP capability AFI=1, SAFI=1 Mar 16 19:12: BGP RECV Refresh capability, code=128 Mar 16 19:12: BGP RECV Refresh capability, code=2 Mar 16 19:12: BGP RECV Restart capability, code=64, time=120, flags= Mar 16 19:12: BGP RECV 4 Byte AS-Path capability (65), as_num 2 Mar 16 19:12: advertising receiving-speaker only capabilty to neighbor (External AS 2) Mar 16 19:12: bgp_send. sending 59 bytes to (External AS 2) Mar 16 19:12: Mar 16 19:12: BGP SEND > Mar 16 19:12: BGP SEND message type 1 (Open) length 59 Mar 16 19:12: BGP SEND version 4 as 1 holdtime 90 id parmlen 30 Mar 16 19:12: BGP SEND MP capability AFI=1, SAFI=1 Mar 16 19:12: BGP SEND Refresh capability, code=128 Mar 16 19:12: BGP SEND Refresh capability, code=2 Mar 16 19:12: BGP SEND Restart capability, code=64, time=120, flags=

72 Mar 16 19:12: BGP SEND 4 Byte AS-Path capability (65), as_num 1 Mar 16 19:12: bgp_send. sending 19 bytes to (External AS 2) Mar 16 19:12: Mar 16 19:12: BGP SEND > Mar 16 19:12: BGP SEND message type 4 (KeepAlive) length 19 Mar 16 19:12: Mar 16 19:12: BGP RECV > Mar 16 19:12: BGP RECV message type 4 (KeepAlive) length 19 Mar 16 19:12: bgp_send. sending 19 bytes to (External AS 2) Mar 16 19:12: Mar 16 19:12: BGP SEND > Mar 16 19:12: BGP SEND message type 4 (KeepAlive) length 19 Mar 16 19:12: bgp_send. sending 23 bytes to (External AS 2) Mar 16 19:12: Mar 16 19:12: BGP SEND > Mar 16 19:12: BGP SEND message type 2 (Update) length 23 Mar 16 19:12: BGP SEND End of RIB. AFI 1 SAFI 1 Mar 16 19:12: Mar 16 19:12: BGP RECV > Mar 16 19:12: BGP RECV message type 4 (KeepAlive) length 19 Mar 16 19:12: bgp_read_v4_message: done with (External AS 2) received 19 octets 0 updates 0 routes Mar 16 19:12: Mar 16 19:12: BGP RECV > Mar 16 19:12: BGP RECV message type 2 (Update) length 23 Mar 16 19:12: BGP RECV End of RIB. AFI 1 SAFI 1 Mar 16 19:12: bgp_read_v4_message: done with (External AS 2) received 23 octets 1 update 0 routes Mar 16 19:13: bgp_send. sending 19 bytes to (External AS 2) Mar 16 19:13: Mar 16 19:13: BGP SEND >

73 Mar 16 19:13: BGP SEND message type 4 (KeepAlive) length 19 Mar 16 19:13: Mar 16 19:13: BGP RECV > Mar 16 19:13: BGP RECV message type 4 (KeepAlive) length 19 Mar 16 19:13: bgp_read_v4_message: done with (External AS 2) received 19 octets 0 updates 0 routes Mar 16 19:13: bgp_send. sending 19 bytes to (External AS 2) Mar 16 19:13: Mar 16 19:13: BGP SEND > Mar 16 19:13: BGP SEND message type 4 (KeepAlive) length 19 Mar 16 19:13: Mar 16 19:13: BGP RECV > Mar 16 19:13: BGP RECV message type 4 (KeepAlive) length 19 Mar 16 19:13: bgp_read_v4_message: done with (External AS 2) received 19 octets 0 updates 0 routes -- Exhibit -- Looking at the traceoptions output, what is the current keepalive timer set for in BGP? A. 1 second B. 10 seconds C. 30 seconds D. 90 seconds Correct Answer: C QUESTION Exhibit

74 -- Exhibit -- As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not support LLDP-MED, but does allow configuration using DHCP. Existing network CoS policies dictate that VoIP traffic must use VLAN 10. Which two actions put VoIP traffic onto VLAN 10? (Choose two.) A. Configure protocols cdp on Switch-1. B. Manually configure the voice VLAN on the IP phone. C. Configure vlan 1 under forwarding-options bootp. D. Configure interface ge-0/0/5 under forwarding-options bootp. Correct Answer: BD QUESTION Exhibit

75 -- Exhibit Which statement about the non-abr router in Area 2 in the exhibit is true? A. The router has connectivity to all areas. B. The router has connectivity to Area 2 only. C. The router has connectivity to Area 2 and Area 0. D. The router has connectivity to Area 2 and Area 8. Correct Answer: D QUESTION Exhibit

76 -- Exhibit -- Referring to the exhibit, you want to configure Switch-1 to allow a user on interface ge-0/0/10 to accommodate both voice and data traffic. Your phones and your switches are LLDP-MED capable. What is the minimal configuration that allows LLDP-MED to autoconfigure your phone's voice VLAN? A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan Exam. Any set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switchingoptions voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0 B. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp interface ge-0/0/10.0 C. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 forwarding-class assured-forwarding set protocols lldp-med interface ge-0/0/10.0 D. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0 Correct Answer: D QUESTION Exhibit -- Exhibit -- Click the Exhibit button Site A is sending voice traffic marked with DSCP code EF. SRX A has the default CoS classifier.

77 Into which forwarding class is SRX A classifying traffic? A. best-effort B. expedited-forwarding C. network-control D. assured-forwarding Correct Answer: A QUESTION Exhibit -- Exhibit -- In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF next hop for the RP. Host1 is currently receiving multicast traffic for group Host2 has come online and is attempting to join group R2 has just received an IGMP message with the source and group addresses. Which step happens next so that Host2 can join the multicast group? A. R2 sends a PIM join upstream towards R3 to join the shared tree. B. R2 sends a PIM join upstream towards R3 to join the source tree. C. R2 sends a PIM join upstream towards R1 to join the shared tree. D. R2 sends a PIM join upstream towards R1 to join the source tree. Correct Answer: D

78 PIM Sparse Mode (PIM-SM) is a multicast routing protocol designed on the assumption that recipients for any particular multicast group will be sparsely distributed throughout the network. In other words, it is assumed that most subnets in the network will not want any given multicast packet. In order to receive multicast data, routers must explicitly tell their upstream neighbors about their interest in particular groups and sources. Routers use PIM Join and Prune messages to join and leave multicast distribution trees. QUESTION Exhibit -- Exhibit -- In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic over VLAN 200. What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A? A. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode access; ge-0/0/10 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test; vlans { test { vlan-id 200; interface { ge-0/0/0.0; dot1q-tunneling { customer-vlans 100;

79 B. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test; ge-0/0/10 { unit 0 { family ethernet-switching { port-mode access; vlans { test { vlan-id 200; interface { ge-0/0/0.0; dot1q-tunneling { customer-vlans 100; C. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test; ge-0/0/10 { unit 0 { family ethernet-switching { port-mode access; vlans { test { vlan-id 200; interface { ge-0/0/10.0; dot1q-tunneling { customer-vlans 100;

80 D. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode access; ge-0/0/10 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test; vlans { test { vlan-id 100; interface { ge-0/0/0.0; dot1q-tunneling { customer-vlans 200; Correct Answer: A QUESTION Exhibit

81 -- Exhibit -- In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to influence the path that AS4 takes to reach prefixes originated by AS1? (Choose two.) A. Local Preference B. AS Path C. Origin D. MED Correct Answer: BC QUESTION Exhibit -- Exhibit -- Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule on R1 to mark HTTP traffic with a specific DSCP value. What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain? A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1 and R2. B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3. C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3. D. Use the default settings already in place on the device. Correct Answer: D

82 QUESTION Exhibit -- Exhibit -- In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged traffic from different ports. The administrator wants to mirror all tagged and untagged traffic entering VLAN10 to analyzer port ge- 0/0/10. All VLAN tags must be preserved for traffic that is mirrored to the analyzer port. Which configuration will achieve this? A. set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 B. set ethernet-switching-options analyzer vlan10_analyzer input interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 C. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set vlans default interface ge-0/0/10.0 D. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set vlans VLAN10 interface ge-0/0/10.0 Correct Answer: C QUESTION Exhibit -- Mar 16 17:18: ospf_trigger_build_telink_lsas : No peer found Mar 16 17:18: ospf_set_lsdb_state: Network LSA adv-rtr state QUIET- >GEN_PENDING

83 Mar 16 17:18: OSPF trigger network LSA build for interface ge-0/0/1.0 area Mar 16 17:18: OSPF DR is , BDR is Mar 16 17:18: OSPF trigger router LSA 0x156d0f0 build for area lsa-id Mar 16 17:18: ospf_trigger_build_telink_lsas : No peer found Mar 16 17:18: OSPF sent Hello > (ge-0/0/1.0 IFL 69 area ) Mar 16 17:18: Version 2, length 44, ID , area Mar 16 17:18: mask , hello_ivl 10, opts 0x2, prio 128 Mar 16 17:18: dead_ivl 40, DR , BDR Mar 16 17:18: OSPF rcvd Hello > (ge-0/0/1.0 IFL 69 area ) Mar 16 17:18: Version 2, length 44, ID , area Mar 16 17:18: checksum 0x0, authtype 0 Mar 16 17:18: mask , hello_ivl 10, opts 0x2, prio Exhibit -- Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state? A. There is an MTU mismatch. B. There is a network mask mismatch. C. The routers are in different areas. D. No BDR has been elected. Correct Answer: B QUESTION Exhibit

84 -- Exhibit -- As shown in the exhibit, the 10.10/16 prefix is redistributed into OSPF through R2 and R5. R2 is advertising the prefix with a Type 1 metric of 100 and R5 is advertising the prefix with a Type 2 metric of 10. What is the preferred path to reach 10.10/16 from R6? A. R6-R5 B. R6-R4-R5 C. R6-R4-R5-R2 D. R6-R4-R3-R2 Correct Answer: D QUESTION Exhibit

85 -- Exhibit -- Based on the exhibit, which statement about the Layer 2 topology is true? A. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic. B. A total of 64 MST instances for MST region A and region B can be configured. C. MSTI BPDUs are exchanged between MST regions and the CST root bridge. D. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and 7. Correct Answer: A QUESTION 95

86 -- Exhibit -- {master:0[edit] run show ospf interface vl extensive Interface State Area DR ID BDR ID Nbrs vl Down Type: Virtual, Address: , Mask: , MTU: 0, Cost: 1 Transit AreA Adj count: 0 Hello: 10, Dead. 40, ReXmit: 5, Not Stub Auth type: None Protection type: None, No eligible backup Topology default (ID 0) -> Down, Cost: 0 -- Exhibit -- Your company is integrating another OSPF area into your existing OSPF infrastructure. You created a virtual link that spans Area 2 and connects Area 3 to the backbone area. Based on the exhibit, what is preventing the adjacency? A. The interface configured for the virtual link is incorrect. It should be a vt and not a vl interface. B. No designated router (DR) has been elected. C. The backup route to Area 2 has not been configured. D. The wrong transit area is configured. Correct Answer: D QUESTION Exhibit -- Exhibit --

87 In the exhibit, an EBGP session is currently established between R1 and R2. R2 changes its import policy to accept 10 of the routes it previously denied from R1. Which BGP capability must be negotiated on the BGP session for R2 to install the routes accepted by the new policy? A. route refresh B. AddPath C. outbound route filtering (ORF) D. multiprotocol BGP (MBGP) Correct Answer: A Route-Refresh Capabilities Overview NSM supports BGP route-refresh. This feature provides a soft reset mechanism that allows the dynamic exchange of route refresh requests and routing information between BGP peers and the subsequent readvertisement of the outbound or inbound routing table. Routing policies for a BGP peer using route-maps might impact inbound or outbound routing table updates because whenever a route policy change occurs, the new policy takes effect only after the BGP session is reset. A BGP session can be cleared through a hard or soft reset. A soft reset allows the application of a new or changed policy without clearing an active BGP session. The route-refresh feature allows a soft reset to occur on a per-neighbor basis and does not require preconfiguration or extra memory. A dynamic inbound soft reset generates inbound updates from a neighbor. An outbound soft reset sends a new set of updates to a neighbor. Outbound resets do not require preconfiguration or routing table update storage. The route-refresh feature requires that both BGP peers advertise route-refresh feature support in the OPEN message. If the route-refresh method is successfully negotiated, either BGP peer can use the route-refresh feature to request full routing information from the other end. QUESTION Exhibit -- user@router> show bgp summary Groups: 1 Peers: 3 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet inet Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State #Active/Received/Accepted/Damped :ffff::3: :20 Establ inet6.0: 0/1/1/0 2001:ffff::3: :16 Establ inet6.0: 0/0/0/0

88 2001:ffff::9: :00 Establ inet6.0: 0/0/0/0 user@router> show route receive-protocol bgp 2001:ffff::3:3 inet.0: 32 destinations, 33 routes (32 active, 0 holddown, 0 hidden) juniper_private1.inet.0: 4 destinations, 4 routes (2 active, 0 holddown, 2 hidden) iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) inet6.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path 2001:1:2::/ :ffff::3:3 100 I user@router> show route 2001:1:2:: inet6.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2001:1:2::/64 *[OSPF3/10] 01:54:11, metric 201 > to fe80::217:cb03:2448:bd00 via fe-0/0/1.804 [BGP/170] 00:18:43, localpref 100, from 2001:ffff::3:3 AS path: I > to fe80::217:cb03:2448:bd00 via fe-0/0/1.804 user@router> show route advertising-protocol bgp 2001:ffff::9:7 user@router> show configuration protocols bgp group ibgpv6 { type internal; local-address 2001:ffff::3:5; cluster ; neighbor 2001:ffff::3:3; neighbor 2001:ffff::3:4; neighbor 2001:ffff::9:7; user@router> -- Exhibit --

89 You are using an IBGP route reflector within your network. Your route reflector has received the 2001:1:2::/64 prefix, but it is not advertising the prefix to its cluster members. After examining the route reflector, you notice the output shown in the exhibit. Which configuration statement causes the route reflector to transmit the route to its IBGP peers? A. set protocols bgp group ibgpv6 advertise-inactive B. set protocols bgp group ibgpv6 accept-remote-nexthop C. set protocols bgp group ibgpv6 multipath D. set protocols bgp group ibgpv6 include-mp-next-hop Correct Answer: A QUESTION Exhibit -- {master:0[edit] user@router# show class-of-service classifiers { inet-precedence normal-traffic { forwarding-class best-effort { loss-priority low code-points [ my1 my2 ]; code-point-aliases { inet-precedence { my1 000; my2 001; scheduler-maps { one { forwarding-class expedited-forwarding scheduler special;

90 forwarding-class best-effort scheduler normal; "Pass Any Exam. Any Time." Juniper JN0-643 Exam schedulers { special { transmit-rate percent 30; priority strict-high; normal { transmit-rate percent 70; priority low; -- Exhibit -- The configuration in the exhibit shows incoming traffic with specific IP precedence bits that should be mapped to a forwarding class named best-effort. What must you add to complete this configuration? A. defined behaviors to the interfaces stanza in the class-of-service section B. rewrite-rules for the best-effort forwarding class C. a WRED drop-profile for the best-effort scheduler D. a firewall filter that matches and discards the original code point values Correct Answer: A QUESTION Exhibit

91 -- Exhibit -- Based on the exhibit, why is R2 marking the routes coming from AS 200 as hidden? A. R3 has an import policy filtering all routes. B. R4 is not configured with a next-hop self policy. C. R2 does not have a route to the peer ID of R4. D. AS 200 is configured with the advertise-inactive option. Correct Answer: C QUESTION Exhibit -- user@router> show configuration routing-options rib-groups { foo { import-rib [ inet.8 inet.2 inet.0 ]; user@router> show configuration protocols pim rib-group inet foo; interface all; -- Exhibit -- Based on the configuration in the exhibit, which routing table is used for IPv4 multicast RPF checks?

92 A. inet.0 B. inet.2 C. foo.inet.0 D. inet.8 Correct Answer: D QUESTION Exhibit -- Mar 16 17:54: OSPF periodic xmit from to (IFL 69 area ) Mar 16 17:54: ospf_trigger_build_telink_lsas : No peer found Mar 16 17:54: ospf_trigger_build_telink_lsas : No peer found Mar 16 17:54: ospf_set_lsdb_state: Router LSA adv-rtr state QUIET- >GEN_PENDING Mar 16 17:54: OSPF trigger router LSA 0x156d0f0 build for area lsa-id Mar 16 17:54: ospf_set_lsdb_state: Router LSA adv-rtr state GEN_PENDING->QUIET Mar 16 17:54: OSPF built router LSA, area , link count 2 Mar 16 17:54: OSPF sent Hello > (ge-0/0/1.0 IFL 69 area ) Mar 16 17:54: Version 2, length 44, ID , area Mar 16 17:54: mask , hello_ivl 10, opts 0x2, prio 128 Mar 16 17:54: dead_ivl 40, DR , BDR Mar 16 17:54: OSPF DR is , BDR is Mar 16 17:54: OSPF sent Hello > (ge-0/0/1.0 IFL 69 area ) Mar 16 17:54: Version 2, length 44, ID , area Mar 16 17:54: mask , hello_ivl 10, opts 0x2, prio 128 Mar 16 17:54: dead_ivl 40, DR , BDR Mar 16 17:54: OSPF DR is , BDR is Mar 16 17:54: OSPF rcvd Hello > (ge-0/0/1.0 IFL 69 area ) Mar 16 17:54: Version 2, length 44, ID , area Mar 16 17:54: checksum 0x0, authtype 0

93 Mar 16 17:54: mask , hello_ivl 10, opts 0x2, prio 128 Mar 16 17:54: dead_ivl 40, DR , BDR Exhibit -- Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state? A. There is an MTU mismatch. B. There are duplicate router IDs. C. The routers are in different areas. D. No BDR has been elected. Correct Answer: B QUESTION Exhibit -- Exhibit -- Referring to the exhibit and based on the output below from Sw-1 and Sw-2, which statement is true? Sw-1> show spanning-tree mstp configuration MSTP information Context identifier : 0 Region name : juniper Revision : 1 Configuration digest : 0x9357ebb7a8d74dd5fef4f2bab50531aa MSTI Member VLANs 0 0-9,11-19,

94 Sw-2# run show spanning-tree mstp configuration MSTP information Context identifier : 0 Region name : juniper Revision : 1 Configuration digest : 0x387b5f2ea2394b14e091f0921ee7b9a8 MSTI Member VLANs 0 0-9,11-14,16-19, , A. There will be only one MSTI 2 root bridge. B. There will be only one CST root bridge. C. Sw-1 and Sw-2 are in different MSTP regions. D. There will be only one CIST root bridge. Correct Answer: C QUESTION Exhibit -- Interface State Area DR ID BDR ID Nbrs em2.0 DR Type: LAN, Address: , Mask: , MTU: 1500, Cost: 1 DR addr: , BDR addr: , Priority: 128 Adj count: 1 Hello: 10, DeaD. 40, ReXmit: 5, Stub Auth type: None Protection type: None Topology default (ID 0) -> Cost: 1 -- Exhibit --

95 Referring to the exhibit, which statement is true? A. The OSPF cost of the interface is 128. B. The authentication type of the area is MD5. C. This interface is part of a stub area. D. This router is the BDR. Correct Answer: C New Questions QUESTION 104 Which statement is true about the IPv6 network shown in the exhibit? A. OSPFv2 must be configured to route IPv4 prefixes. B. Areas 1 and 2 cannot be a stub or NSSA. C. OSPFv3 can use MD5 authentication. D. OSPFv3 can route IPv4 prefixes. Correct Answer: D QUESTION 105

96 Referring to the exhibit, what is the shortest path from R6 to R5? A. R6, R4, R2, R1, R3, R5 B. R6, R4, R2, R3, R5 C. R6, R4, R5 D. R6, R5 Correct Answer: D QUESTION 106 Which statement is true regarding OSPF multi-area adjacencies? A. A type 3 (stub) link is advertised for a multi-area adjacency. B. Configuring a multi-area adjacency allows the corresponding link to be considered an interarea link, so it will be less preferred over an intra-area link. C. One logical interface will be a primary link, and the other configured as a secondary link; the secondary link will be established as an unnumbered point-to-point interface. D. A DR and a BDR will be elected over the secondary interface, because it is not point-to-point. Correct Answer: C Support for OSPFv3 was introduced in Junos OS Release 9.4. As defined in RFC 5185, OSPF Multi-Area Adjacency, the ABRs establish multiple adjacencies belonging to different areas over the same logical interface. Each multiarea adjacency is announced as a point-to-point unnumbered link in the configured area by the routers connected to the link. For each area, one of the logical interfaces is treated as primary, and the remaining interfaces that are configured for the area are designated as secondary. QUESTION 107?????? Referring to the exhibit, which two statements are correct? (Choose two.) A. Traffic destined for R2 will be blackholed. B. Transit traffic will follow the R1-R2-R4 path. C. Traffic destined for R2 will reach R2. D. Transit traffic will follow the R1-R3-R4 path. Correct Answer: CD

97 QUESTION 108 Which statement is true about using an OSPF import policy? A. Import policies are not allowed in OSPF, applying the policy will do nothing. B. Applying an import policy to OSPF may block normal LSA flooding. C. Import policies are allowed only for external route types. D. Applying this policy will cause a commit failure. Correct Answer: C OSPF import policy allows you to prevent external routes from being added to the routing tables of OSPF neighbors. The import policy does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements. The filtering is done only on external routes in OSPF. The intra-area and interarea routes are not considered for filtering. The default action is to accept the route when the route does not match the policy. QUESTION 109 Which statement is true regarding the SPF algorithm? A. The SPF algorithm is run on a per-domain basis. B. If you apply an import policy to OSPF, it keeps LSAs from being flooded, and the SPF calculation can be affected. C. There are two databases used in the calculation, the link-state database and the tree database. D. The SPF calculation is run on a per-area basis on each router. Correct Answer: D QUESTION 110

98 Referring to the exhibit, which answer is correct? A. R2 is the DR and R1 is the BDR. B. R4 is the DR and R2 is the BDR. C. R2 is the DR and R3 is the BDR. D. R3 is the DR and R2 is the BDR. Correct Answer: C QUESTION 111 user@router> show ospf database network extensive OSPF link state database, area Type ID Adv Rtr Seq Age Opt Cksum Len Network x x2 0x 32 mask attached router attached router Aging timer 00:46:27

99 Installed 00:13:32 ago, expires in 00:46:27, sent 1w5d 01:07:09 ago Referring to the exhibit, which statement is true regarding the OSPF network LSA? A. The ID field value shows the router ID of the advertising router. B. The ID field is the local interface IP address from which the LSA will be advertised. C. The options field indicates this is a Type 2 LSA. D. The output shows that is the designated router. Correct Answer: D QUESTION 112 user@router> show log ospf Sep 19 00:22: OSPF packet ignored: MTU mismatch from on intf ge-0/0/2.0 area Sep 19 00:22: OSPF periodic xmit from to (IFL 75 area ) Sep 19 00:22: OSPF periodic xmit from to (IFL 84 area ) Sep 19 00:22: OSPF packet ignored: no matching interface from , IFL 85 Sep 19 00:22: OSPF packet ignored: MTU mismatch from on intf ge-0/0/2. 0 area

100 Sep 19 00:22: OSPF packet ignored: subnet mismatch from on intf ge-0/0/1.0 area Sep 19 00:22: OSPF rcvd Hello > (ge-0/0/1.0 IFL 75 area ) Sep 19 00:22: Version 2, length 44, ID , area Sep 19 00:22: checksum 0x0, authtype 0 Sep 19 00:22: mask , hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22: dead_ivl 40, DR , BDR Sep 19 00:22: OSPF packet ignored: MTU mismatch from on intf ge-0/0/2. 0 area Sep 19 00:22: OSPF packet ignored: area mismatch ( ) from on intf ge- 0/0/4.0 area Sep 19 00:22: OSPF rcvd Hello > (ge-0/0/4.0 IFL 84 area ) Sep 19 00:22: Version 2, length 44, ID , area Sep 19 00:22: checksum 0xd51e, authtype 0 Sep 19 00:22: mask , hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22: dead_ivl 40, DR , BDR Sep 19 00:22: OSPF packet ignored: no matching interface from , IFL 85 Sep 19 00:22: OSPF hello from (IFL 83, area ) absorbed Sep 19 00:22: OSPF periodic xmit from to (IFL 84 area ) Sep 19 00:22: OSPF packet ignored: no matching interface from , IFL 85 Sep 19 00:22: OSPF periodic xmit from to (IFL 83 area ) Sep 19 00:22: OSPF periodic xmit from to (IFL 75 area ) Sep 19 00:22: OSPF packet ignored: MTU mismatch from on intf ge-0/0/2. 0 area Sep 19 00:22: OSPF hello from (IFL 83, area ) absorbed Sep 19 00:22: OSPF packet ignored: MTU mismatch from on intf ge-0/0/2. 0 area Sep 19 00:22: OSPF packet ignored: subnet mismatch from on intf ge-0/0/1.0 area Sep 19 00:22: OSPF rcvd Hello > (ge-0/0/1.0 IFL 75 area ) Sep 19 00:22: Version 2, length 44, ID , area Sep 19 00:22: checksum 0x0, authtype 0 Sep 19 00:22: mask , hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22: dead_ivl 40, DR , BDR Referring to the exhibit, what is preventing the OSPF adjacency on interface ge-0/0/4 from forming?

101 A. area mismatch B. subnet mismatch C. MTU mismatch D. authentication mismatch Correct Answer: A QUESTION 113 Referring to the exhibit, you are asked to prevent the /24 route from entering the backbone. Which configuration statements would accomplish the task? A. On router R1, issue the set protocols ospf area 3 nssa area-range /24 restrict command. B. On router R3, issue the set protocols ospf area 0 area-range /24 restrict command. C. On router R3, issue the set protocols ospf area 3 area-range /24 restrict command. D. On router R3, issue the set protocols ospf area 3 nssa area-range /24 restrict command. Correct Answer: D exact (Optional) Summarization of a route is advertised only when an exact match is made with the configured summary range. mask-length Number of significant bits in the network mask. network IP address. You can specify one or more IP addresses. override-metric metric (Optional) Override the metric for the IP address range and configure a specific metric value. restrict (Optional) Do not advertise the configured summary. This hides all routes that are contained within the summary, effectively creating a route filter. QUESTION 114

102 You are asked to connect Area 2 to the backbone. Which configuration would be required on R3? A. [edit protocols ospf3] 6ad965a4-a28b-4dcc-876d-bc593e6a51ee user@r3# show f6d a-4e72-a98f-bf2e62eeb99c area { virtual-link neighbor-id transit-area ; interface ge-0/0/5. 0; B. [edit protocols ospf] user@r3# show area { virtual-link neighbor-id transit-area ; interface ge-0/0/5. 0 { interface-type p2p; C. [edit protocols ospf3] user@r3# show area { virtual-link neighbor-id transit-area ; interface ge-0/0/5. 0; D. [edit protocols ospf3] user@r3# show area { virtual-link neighbor-id transit-area ; interface ge-0/0/5. 0; Correct Answer: C In this example, Device R1 and Device R2 are the routing devices at each end of the virtual

103 link, with Device R1 physically connected to the backbone, as shown in Figure 1. You configure the following virtual link settings: neighbor-id Specifies the IP address of the routing device at the other end of the virtual link. In this example, Device R1 has a router ID of , and Device R2 has a router ID of transit-area Specifies the area identifier through which the virtual link transits. In this example, area is not connected to the backbone, so you configure a virtual link session between area and the backbone area through area Area is the transit area. Configuration on the local routing device (Device R1): user@r1#: show routing-optionsrouter-id ; user@r1# show protocols ospf area { virtual-link neighbor-id transit-area ; Configuration on the remote ABR (Device R2): user@r2#: show routing-optionsrouter-id ; user@r2# show protocols ospf area { virtual-link neighbor-id transit-area ;

104 QUESTION 115 [edit protocols ospf] show area { nssa { default-lsa { default-metric 10; metric-type 2; type-7; no-summaries; interface so-0/1/1. 0; Referring to the exhibit, which statement is true? A. The ABR will generate a Type 3 summary default route into the NSSA. B. The ASBR will generate a Type 7 default route into the NSSA. C. The type-7 parameter allows interoperability with newer versions of the Junos OS. D. The only LSA types allowed into the area are Type 1, Type 2, Type 3, and Type 7. Correct Answer: B nssa Specifies an OSPF NSSA. You must include the nssa statement on all routing devices in area 9 because this area only has external connections to static routes. no-summaries Prevents the ABR from advertising summary routes into the NSSA. If configured in combination with the default-metric statement, the NSSA only allows routes internal to the area and advertises the default route into the area. External routes and destinations to other areas are no longer summarized or allowed into the NSSA. Only the ABR requires this additional configuration because it is the only routing device within the NSSA that creates Type 3 LSAs used to receive and send traffic from outside the area.

105 default-lsa Configures the ABR to generate a default route into the NSSA. default-metric Specifies that the ABR generate a default route with a specified metric into the NSSA. This default route enables packet forwarding from the NSSA to external destinations. You configure this option only on the ABR. The ABR does not automatically generate a default route when attached to an NSSA. You must explicitly configure this option for the ABR to generate a default route. metric-type (Optional) Specifies the external metric type for the default LSA, which can be either Type 1 or Type 2. When OSPF exports route information from external ASs, it includes a cost, or external metric, in the route. The difference between the two metrics is how OSPF calculates the cost of the route. Type 1 external metrics are equivalent to the link-state metric, where the cost is equal to the sum of the internal costs plus the external cost. Type 2 external metrics use only the external cost assigned by the AS boundary router. By default, OSPF uses the Type 2 external metric. type-7 (Optional) Floods Type 7 default LSAs into the NSSA if the no-summaries statement is configured. By default, when the no-summaries statement is configured, a Type 3 LSA is injected into NSSAs for Junos OS release 5.0 and later. To support backward compatibility with earlier Junos OS releases, include the type-7 statement. To disable exporting Type 7 LSAs into the NSSA by include the no-nssa-abr statement on the routing device that performs the functions of both an ABR and an AS boundary router. QUESTION 116 Referring to the exhibit, you are asked to verify certain routing information within your OSPFv3 routing domain. You must review the prefixes learned from R3. Which two LSA types from the output shown in the exhibit must be reviewed? (Choose two.) A. the Router LSAs from RID B. the Extern LSAs from RID C. the InterArPfx LSAs from RID D. the Network LSAs from RID Correct Answer: BC OSPFv3 LSA Types Each LSA begins with a standard 20-byte LSA header. Each LSA describes a piece of OSPF routing domain. All LSAs are flooded throughout the OSPF routing domain. The flooding is reliable, ensuring all routers have the same collection of LSAs. This collection of LSAs is called link-state database (LSDB). From the LSDB, each router constructs the

106 shortest-path tree with itself as the root. This yields a routing table. LSA Header: This header contains enough information to uniquely identify each LSA. The LS Type, Link State ID and the Advertising Router field are used to uniquely identify an LSA. Different instances of the same LSA could be present. The most recent instance could be identified using LS Age, LS Sequence number and LS Checksum fields present in the LSA Header. LS Age: Time in seconds since the LSA was originated. LS Type: Indicates the function performed by the LSA. Link State ID: Together with LS Type and Advertising Router, uniquely identifies the LSA in the LSDB Advertising Router: The Router ID of the router that originated the LSA LS Sequence Number: detects old or duplicate LSA LS Checksum: Complete checkcum of the LSA including the LSA Header but excluding the LS Age field length: The length in bytes of the LSA including 20-bytes for LSA Header LS Type: The LS Type field indicates the function performed by the LSA. The high-order 3 bits encode generic properties of the LSA, while low-order bits indicates the LSA's specific functionality. U- indicates how a router should handle unknown LSA. 0= treat the LSA as if it had link-local flooding scope 1= Store and flood the LSA S2 and S1- indicate flooding scope of the LSA

107 S2 S1 Description 0 0 Link-local flooding 0 1 Area scope flooding 1 0 AS scope flooding 1 1 Reserved LSA Function Code- defines LSA's specific functionality. LSA Function Code LS Type Description 1 0x2001 Router LSA 2 0x2002 Network LSA 3 0x2003 Inter-Area Prefix LSA 4 0x2004 Inter-Area Router LSA 5 0x4005 AS-external LSA 6

108 0x2006 Group Membership LSA 7 0x2007 Type-7 (NSSA) LSA 8 0x0008 Link LSA 9 0x2009 Intra-Area Prefix LSA Router LSA: Each OSPF router originates Router LSAs indicating the state and cost of the router's interfaces to the area. Router LSAs are flooded throughout the single area only. A router may originate one or more Router LSAs, distinguished by their Link State IDs. The receiving router concatenates the Router LSAs if it receives more than one Router LSA from a single router. The Router LSA indicates if the router is an ASBR or an ABR or if it is one end-point of a virtual link. These LSAs have no address information. Network LSA: Network LSAs are originated by the DR for a broadcast or NBMA network in the area which supports two or more routers. The LSA describes all routers connected to the link, including the DR. The LSA's Link State ID field is set to the Interface ID that the DR has been using in Hello packets. No address information is carried in the Network LSA. Inter-Area Prefix LSA: These LSAs are IPv6 equivalent of IPv4's Type-3 Summary LSAs. These LSAs are originated by the ABR to specify IPv6 prefixes that belong to other areas. A separate LSA is originated for each address prefix. For Stub areas, the Inter-area Prefix LSA is used to describe a default route. The prefix length of the default route is set to 0. Inter-Area Router LSA:

109 These LSAs are IPv6 equivalent of IPv4's Type-4 Summary LSAs. Originated by the ABR, the Inter-Area Router LSA describes the route to the ASBR. Each LSA describes a route to a single router. AS-External LSA: These LSAs are IPv6 equivalent of IPv4's Type-5 External LSAs. These LSAs are originated by ASBRs describing the destinations external to the AS. Each LSA describe a route to a single IPv6 prefix external to the AS. AS-External LSAs can be used to describe a default route. Default routes are used when no specific route exists for a destination. Link LSA: A router originates a separate Link LSA for each link it is attached to. These LSAs have linklocal flooding scope and are never flooded beyond a link that they are associated with. These LSAs have three purposes- - notify the link-local address of the router's interface to the routers attached to the link - inform other routers attached to the link of the list of IPv6 prefixes to associate with the link - allow the router to assert the collection of Option bits to associate with the Network LSA that will be originated for the link The Link-State ID is set to the Interface ID of link of the originating router. Intra-Area Prefix LSA: A router uses Intra-Area Prefix LSA to advertise IPv6 prefixes that are associated with a) the router itself (in IPv4, this was carried in Router LSA) b) an attached stub network segment (in IPv4, this was carried in Router LSA) c) an attached transit network segment (in IPv4, this was carried in Network LSA) A router can originate multiple Intra-Area Prefix LSAs for each router or transit network; each LSA is distinguished by its Link State ID. Options field: The 24-bit Options field is included in Hello and DBD packets, and Router, Network and Inter-area Router LSAs. It enables OSPF routers to support optional capabilities, and to communicate their capabilities to other OSPF routers in the network QUESTION 117

110 ??????? ISP-A is advertising the /24 route to R1. R1 is advertising this BGP route to R2 but the route is hidden on R2. Referring to the exhibit, which statement is correct about the /24 route? A. The route is unusable because the next hop is not reachable from R2. B. The route is unusable because it has not been verified. C. The route is hidden because R1 is changing the next hop to D. The route is hidden because R2 has a more preferred route. Correct Answer: A QUESTION 118 user@router> show route protocol bgp detail inet6. 0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) 4444:4444::/32 (1 entry, 1 announced) *BGP Preference: 170/-101 Next hop type: Router, Next hop index: Address: 0x934c688 Next-hop reference count: 2 Source: Next hop: :: via ge-0/0/1.0, selected State: Local AS: 3 Peer AS: 701 Age: 3:22 Task: BGP_ Announcement bits (1): 0-KRT AS path: I Aggregator: Accepted Localpref: 100 Router ID: Referring to the exhibit, which two statements are true? (Choose two.)

111 A. The IPv6 route was learned from an IPv6 BGP neighbor. B. The IPv6 route was learned from an IPv4 BGP neighbor. C. The IPv6 destination will use IPv4 as the next hop. D. The IPv6 destination will use IPv6 as the next hop. Correct Answer: BD QUESTION 119 run show route receive-protocol bgp detail inet. 0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden) * /24 (1 entry, 1 announced) Accepted Nexthop: Localpref: 100 AS path: I

112 * /24 (1 entry, 1 announced) Accepted Nexthop: Localpref: 100 AS path: I * /24 (1 entry, 1 announced) Accepted Nexthop: Localpref: 100 AS path: I * /24 (1 entry, 1 announced) Accepted Nexthop: Localpref: 100 AS path: I Referring to the exhibit, which AS path regular expression will match only the /24 and /24 routes? A..* ( ). * B..+ ( ). * C..( ). * D..( ). * Correct Answer: C

113 QUESTION 120?????????

114 Referring to the exhibit, R2 is sending a route to R1 with a community value. Which statement is correct? A. Routes will be accepted without change in the attributes. B. All routes will be rejected. C. Routes will be accepted with the community value removed. D. Routes will be rejected with the community value removed. Correct Answer: C QUESTION 121 Which set of BGP attributes is preferred by the Junos OS? A. MED: 100 AS path: Local preference: 50 Origin: I B. MED: 50 AS path: Local preference: 1 Origin: E C. MED: 100 AS path: Local preference: 50 Origin: I D. MED: 50 AS path: Local preference: 50 Origin: E Correct Answer: A

115

116 QUESTION 122

117 R4 receives BGP prefixes for AS 50 from both R2 and R3. You want to ensure that R4 chooses R3 as the preferred path to reach /24. Referring to the information shown in the exhibit, where would you apply a policy containing the parameter local-preference 110 to accomplish this task? A. on R3, as import from R1 B. on R3, as export towards R4 C. on R2, as import from R1 D. on R2, as export towards R4 Correct Answer: D

118 QUESTION 123???????? Referring to the exhibit, you want router A to have an EBGP peering with router C. They are both connected through router B, which does not have BGP running, and has static routes configured. What must be configured in the EBGP peer groups on routers A and C to make this connection possible? A. MED B. multihop C. multipath D. next-hop Correct Answer: B

119 QUESTION 124 Referring to the exhibit, your AS is connected to ISP-A and ISP-B using BGP. R1 and R2 are advertising your AS's /16 prefix upstream to both ISPs, and both ISPs are providing a full BGP route table. You want to influence traffic flow so that traffic towards your network enters through R1. Which action would meet the requirement? A. Apply the following as an export policy towards ISP-B: [edit policy-options] user@r2# show policy-statement prefer-for-inbound { term prepend { then { as-path-prepend " "; accept;

120 B. Apply the following as an export policy towards ISP-A: [edit policy-options] show policy-statement prefer-for-inbound { term prepend { then { as-path-prepend " "; accept; C. Apply the following as an export policy towards R1 and R3: [edit policy-options] user@r2# show term local-pref { then { local-preference 110; accept; D. Apply the following as an export policy towards R2 and R3: [edit policy-options] user@r1# show policy-statement prefer-for-inbound { term local-pref { then { local-preference 110; accept; Correct Answer: A diagram AS numbers doesn;t match the AS number of 100 in answer; would be [edit policy-options] user@r2# show policy-statement prefer-for-inbound { term prepend { then { as-path-prepend " "; accept;

121 QUESTION 125???????????????? R1 is connected to both R2 and R3 and you want to load-balance outbound traffic. You have provided the configuration shown in the exhibit; however, after checking the links you notice that the traffic is not loadbalancing. Which configuration must be added? A. set protocols bgp group external multihop B. set protocols bgp group external multipath C. set protocols bgp group external advertise-external D. set policy-options policy-statement loadbal then accept Correct Answer: B The Junos OS BGP multipath feature supports the following applications: Load balancing across multiple links between two routing devices belonging to different autonomous systems (ASs) Load balancing across a common subnet or multiple subnets to different routing devices belonging to the same peer AS Load balancing across multiple links between two routing devices belonging to different external confederation peers Load balancing across a common subnet or multiple subnets to different routing devices belonging to external confederation peers In a common scenario for load balancing, a customer is multihomed to multiple routers in a point of presence (POP). The default behavior is to send all traffic across only one of the available links. Load balancing causes traffic to use two or more of the links. BGP multipath does not apply to paths that share the same MED-plus-IGP cost, yet differ in IGP cost. Multipath path selection is based on the IGP cost metric, even if two paths have the same MED-plus-IGP cost. QUESTION 126 You are asked to create a BGP routing policy that will delete all communities and reject routes with the community 64321:1234. Which policy will accomplish this task? A. user@router# show policy-options policy-statement filter-on-community { term remove-as65001 { from community AS65001-community; then { community delete AS65001-community;

122 term nothing-with-1234 { from community AS64321-community; then reject; community AS64321-community members 64321:1234; community AS65001-community members 65001:1001; B. user@router# show policy-options policy-statement filter-on-community { term remove-all-communities { then { community delete all-communities; term nothing-with-1234 { from community AS64321-community; then reject; community AS64321-community members 64321:1234; community all-communities members *:*; C. user@router#show policy-options policy-statement filter-on-community { term nothing-with-1234 { from community AS64321-community; then reject; term remove-all-communities { then { community delete all-communities; community all-communities members *:*; community AS64321-community members 64321:1234; D. user@router#show policy-options policy-statement filter-on-community { term nothing-with-1234 { from community AS64321-community; then reject; term remove-as65001 { from community AS65001-community; then { community delete AS65001-community; community AS64321-community members 64321:1234; community AS65001-community members 65001:1001; Correct Answer: C

123 QUESTION 127 You are the administrator for the network shown in the exhibit. R1 receives the /24 route from routers R2, R3, and R4. Local preference values have not been modified in this network. You are asked to ensure that R1 prefers the path through AS 3149 for traffic destined to /24. Which two methods will accomplish this task? (Choose two.) A. Configure a lower local preference on R3. B. Configure as-path-prepend on R2 and R4. C. Configure local-as on R3. D. Configure always-compare-med on R1. Correct Answer: BD

124 With bgp always-compare-med enabled, BGP will compare MED values even if they come from different ASes, although to reach this step the AS_PATHs must have the same length. You should use this command throughout the AS or you risk creating routing loops. QUESTION 128 Referring to the exhibit, the RPT from R3 towards R2 is established. What happens if the multicast source connected to R1 starts sending multicast traffic towards R1? A. R1 encapsulates the multicast packets into a PIM register multicast packet. B. R1 encapsulates the multicast packets into PIM join unicast messages. C. R1 forwards the multicast packets on the (S, G) tree towards the RP. D. R1 tunnels the multicast packets in PIM register messages towards the RP.

125 Correct Answer: D On Juniper Networks routers, data packets are encapsulated and de-encapsulated into tunnels by means of hardware and not the software running on the router processor. The hardware used to create tunnel interfaces on M Series and T Series routers is a Tunnel Services PIC. If Juniper Networks M Series Multiservice Edge Routers and Juniper Networks T Series Core Routers are configured as rendezvous points or IP version 4 (IPv4) PIM sparse-mode DRs connected to a source, a Tunnel Services PIC is required. Juniper Networks MX Series Ethernet Services Routers do not require Tunnel Services PICs. However, on MX Series routers, you must enable tunnel services with the tunnel-services statement on one or more online FPC and PIC combinations at the [edit chassis fpc number pic number] hierarchy level. In PIM sparse mode, the source DR takes the initial multicast packets and encapsulates them in PIM register messages. The source DR then unicasts the packets to the PIM sparse-mode RP router, where the PIM register message is de-encapsulated. When a router is configured as a PIM sparse-mode RP router (by specifying an address using the address statement at the [edit protocols pim rp local] hierarchy level) and a Tunnel PIC is present on the router, a PIM register de-encapsulation interface, or pd interface, is automatically created. The pd interface receives PIM register messages and deencapsulates them by means of the hardware. QUESTION 129 Which two statements are true about MSDP mesh groups? (Choose two.) A. The MSDP mesh group was originally designed to limit SA flooding. B. SA messages received from a mesh group member flood these messages to all peers that are not members of this mesh group. C. SA messages received from a peer not in any mesh group do not flood to all peers. D. SA messages received from a peer not in any mesh group perform a peer-rpf check and, if successful, flood to all peers (except the advertising router). Correct Answer: AB MSDP mesh groups are groups of peers configured in a full-mesh topology that limits the flooding of source-active messages to neighboring peers. Every mesh group member must have a peer connection with every other mesh group member. When a source-active message is received from a mesh group member, the source-active message is always accepted but is not flooded to other members of the same

126 mesh group. However, the source-active message is flooded to non-mesh group peers or members of other mesh groups. By default, standard flooding rules apply if mesh-group is not specified. QUESTION 130 ***Exhibit is Missing*** Referring to the exhibit, the RPs are set up for anycast. Multicast traffic is currently flowing from the source to the receivers. Which statement is true when RP2 goes down? A. Multicast traffic is interrupted for receiver 2 until RP2 recovers. B. Receiver 2 needs to rejoin RP1. C. Multicast traffic flows uninterrupted. D. RP1 starts sending multicast traffic to receiver 2. Correct Answer: C QUESTION 131 Which multicast group is used for all PIM routers? A B C D Correct Answer: B QUESTION 132 ***Exhibit is Missing*** Your company has PIM running on some critical routers in your network, but another engineer has requested that you configure a PIM policy to prevent R2 from becoming a PIM neighbor of R1 by dropping the hello packets. Referring to the exhibit, which three commands are necessary for preventing R2 from becoming a PIM neighbor of R1? (Choose three.)

127 A. set protocols pim interface ge-0/0/1.0 neighbor-policy block-pim B. set policy-options policy-statement block-pim term 1 from route-filter /32 exact C. set policy-options policy-statement block-pim term 1 from route-filter /32 exact D. set policy-options policy-statement block-pim term 1 then reject E. set policy-options policy-statement block-pim term 1 from route-filter /32 exact Correct Answer: ACD The following example filters PIM join and prune messages for group addresses and In configuration mode, create the policy. user@host# set policy-options policy-statement block-groups term t1 from route-filter /32 exactuser@host# set policy-options policy-statement block-groups term t1 from route-filter /32 exactuser@host# set policy-options policy-statement block-groups term t1 then rejectuser@host# set policy-options policy-statement block-groups term last then accept Verify the policy configuration by running the show policy-options command. user@host# show policy-options policy-statement block-groups {term t1 {from {route-filter /32 exact;route-filter /32 exact;then reject;term last {then accept; QUESTION 133 Your company asks you to configure multicast routing on a Junos device. They tell you that the router at IP address is the root of the shared multicast delivery tree. Which command allows you to configure the Junos device as a non-rp router for PIM? A. set protocols pim rp local family inet disable B. set protocols pim rp local address C. set protocols pim rp static address D. set protocols pim rp auto-rp announce Correct Answer: C Because the PIM mode you choose determines the PIM configuration properties, you first must decide whether PIM operates in bidirectional, sparse, dense, or sparse-dense mode in your network. Each mode has distinct operating advantages in different network environments. In sparse mode, routers must join and leave multicast groups explicitly. Upstream routers do

128 not forward multicast traffic to a downstream router unless the downstream router has sent an explicit request (by means of a join message) to the rendezvous point (RP) router to receive this traffic. The RP serves as the root of the shared multicast delivery tree and is responsible for forwarding multicast data from different sources to the receivers. QUESTION 134 When enabling MVRP for dynamic VLAN registration, which three timers would be configured on an interface? (Choose three.) A. hello-interval B. join-timer C. leave-timer D. max-age E. leaveall-timer Correct Answer: BCE Configuring Timer Values The timers in MVRP define the amount of time an interface waits to join or leave MVRP or to send or process the MVRP information for the router or switch after receiving an MVRP PDU: The join timer controls the amount of time the router waits to accept a registration request. The leave timer controls the period of time that the router waits in the Leave state before changing to the unregistered state. The leaveall timer controls the frequency with which the LeaveAll messages are communicated. The default MVRP timer values are 200 ms for the join timer, 1000 ms for the leave timer, and ms for the leaveall timer. QUESTION 135 ***Exhibit is Missing*** Referring to the exhibit, a customer noticed that the Q-tunneled packets received on SwitchB are being dropped. What is causing this problem? A. There is an ether-type mismatch on SwitchA and SwitchB. B. Customer VLANs are not configured on SwitchB. C. The SwitchB interface connecting to SwitchA is not a trunk port. D. Customer VLANs are mismatched on both switches. Correct Answer: A

129 QUESTION 136 You are a service provider and have multiple customers in a building. You are installing a new switch that can host all of your customers. However, you would like to ensure that one customer cannot see or broadcast to another customer. You would also like to have them use a common gateway IP address from the building. What should be used to provide this access? A. VLAN B. private VLAN C. filter-based VLAN D. Layer 2 tunneling Correct Answer: B QUESTION 137 What are three types of PVLAN broadcast domains? (Choose three.) A. primary VLAN B. dynamic VLAN C. isolated VLAN D. community VLAN E. S-VLAN Correct Answer: ACD QUESTION 138 {master:0[edit] user@switch# show vlans v1 { vlan-id 1; interface { ge-0/0/1.0;

130 v2 { vlan-id 2; interface { ge-0/0/2. 0; v3 { vlan-id 3; interface { ge-0/0/1.0 { {master:0[edit] user@switch# show interfaces ge-0/0/3 unit 0 { family ethernet-switching { port-mode trunk; {master:0[edit] user@switch# run show vlans Name Tag Interfaces default None v1 1 ge-0/0/10*, ge-0/0/3.0* v2 2 ge-0/0/2.0*, ge-0/0/3.0* v3 3 ge-0/0/1.0*, ge-0/0/3.0*

131 Referring to the exhibit, what would explain interface ge-0/0/3.0 being active in VLANs v1, v2, and v3? A. You have enabled RSTP for interface ge-0/0/3.0. B. You have enabled MVRP for interface ge-0/0/3. 0. C. You have enabled MSTP for interface ge-0/0/3. 0. D. You have enabled L2PT for interface ge-0/0/3. 0. Correct Answer: B QUESTION 139 ***Exhibit is Missing*** Referring to the exhibit, you are asked to ensure that CE1 can communicate with CE2 using VLAN 150. Which configuration meets this requirement on S1? A. {master:0[edit vlans] user@s1# show customer-a { vlan-id 200; dot1q-tunneling { customer-vlans 150; B. {master:0[edit vlans] user@s1# show customer-a { vlan-id 150; interface { ge-0/0/0. 0; ge-0/0/1.0; dot1q-tunneling { customer-vlans 200; C. {master:0[edit vlans] user@s1# show customer-a { vlan-id 200; interface { ge-0/0/0. 0; ge-0/0/1.0; dot1q-tunneling { customer-vlans 150; D. {master:0[edit vlans] user@s1# show customer-a {

132 vlan-id 150; interface { ge-0/0/0. 0; v200 { vlan-id 200; interface { ge-0/0/1.0; Correct Answer: C QUESTION 140 ***Exhibit is Missing*** You are asked to separate the human resources group from the finance group on the company network even though they share the same VLAN. You consider using PVLANs, and you delegate the task to a junior engineer who submits the configuration shown in the exhibit to accomplish this task. After review, you realize that the PVLAN implementation will not work correctly. Referring to the exhibit, which three commands must be included to resolve the problem? (Choose three.) A. set vlans pvlan no-local-switching B. set vlans hr-group no-local-switching C. set vlans finance-group no-local-switching D. set vlans hr-group primary-vlan pvlan E. set vlans finance-group primary-vlan pvlan Correct Answer: ADE no-local-switching [edit vlans vlan-name] Specify that access ports in this VLAN domain do not forward packets to each other. You use this statement with primary VLANs and isolated secondary VLANs.

133 A PVLAN is designated the primary VLAN, and other VLANs are nested inside that VLAN as secondary VLANs. The types of PVLAN broadcast domains are: Primary VLAN VLAN used to forward frames downstream to isolated and community VLANs. Isolated VLAN (When a PVLAN is configured on only one switch) A secondary VLAN that receives packets only from the primary VLAN and forwards frames upstream to the primary VLAN. Inter-switch isolated VLAN (When a PVLAN is configured to span multiple switches) A secondary (internal) VLAN that is used to forward isolated VLAN traffic from one switch to another through pvlan-trunk ports. Community VLAN A secondary VLAN that transports frames among community interfaces within the same community and forwards frames upstream to the primary VLAN. QUESTION 141 ***Exhibit is Missing*** You have implemented a firewall-based VLAN filter to map traffic from subnet /24 to a VLAN named vlan_40. However, you have not been successful in getting the traffic mapped correctly. In addition, all traffic must be passed to the Layer 2 network. Referring to the exhibit, which three commands are required to accomplish this behavior? (Choose three.) A. set interfaces ge-0/0/19.0 family ethernet-switching filter output assign_vlan B. set interfaces ge-0/0/19.0 family ethernet-switching filter input assign_vlan C. set vlans vlan_40 interface ge-0/0/19.0 mapping policy D. set vlans vlan_30 interface ge-0/0/19.0 mapping policy E. set interfaces ge-0/0/20 unit 0 family ethernet-switching port-mode trunk vlan members all Correct Answer: BCE QUESTION 142

134 Referring to the exhibit, which two statements are true regarding the MSTP port role and port state of ge-0/0/0 and ge-0/0/1 on SW1? A. Port ge-0/0/0 is a root port and ge-0/0/1 is an alternate port. B. Both ports are designated ports. C. Both ports are in a forwarding state. D. Port ge-0/0/0 is a root port and ge-0/0/1 is in a forwarding state. Correct Answer: BC QUESTION 143 You are asked to implement MSTP on all devices in your Layer 2 network. Which three parameters must match on all devices within the same region? (Choose three.) A. region name B. hello timer C. maximum age D. revision level E. VLAN mapping table Correct Answer: ADE

135 QUESTION 144 You are asked to implement VSTP on all devices in your Layer 2 network. Which three statements are correct? (Choose three.) A. VSTP supports up to 256 different spanning-tree topologies. B. A BPDU is sent for each spanning-tree instance. C. Each VLAN will be assigned to a unique spanning-tree instance. D. MSTP can be used in addition to VSTP to account for VLANs outside of the supported range. E. VSTP can be used to load-balance Layer 2 traffic using VLANs. Correct Answer: BCE

136 QUESTION 145 MSTP information \ Context identifier : 0 Region name : Juniper Revision : 1 Configuration digest : 0xfdbe318c0ae799ae6dfdae4c882c67ee MSTI Member VLANs 0 0, A network engineer has configured MSTP on several switches for loop protection. You must verify the work and

137 ensure that the appropriate parameters match on all switches. Which operational command provides the required output shown in the exhibit? A. show spanning-tree interface B. show spanning-tree mstp configuration C. show spanning-tree bridge D. show ethernet-switching interfaces Correct Answer: B QUESTION 146 user@switcha# show protocols mstp configuration-name region1; bridge-priority 16k; msti 1 { bridge-priority 16k; vlan [10 20]; msti 2 { bridge-priority 8k; vlan [30 40]; user@switchb# show protocols mstp configuration-name region1; bridge-priority 8k; msti 1 { bridge-priority 16k; vlan [10 20]; msti 2 { bridge-priority 8k;

138 vlan [ ]; Referring to the exhibit, a customer observes that the MSTP instance between SwitchA and SwitchB is not converging correctly. What is causing the problem? A. The bridge priority values of MSTI 2 are the same. B. There is a VLAN mismatch between the two switches for MSTI 2. C. There is a bridge priority mismatch. D. MSTI 1 and MSTI 2 are part of the same the MSTP region. Correct Answer: B QUESTION 147 Your company makes extensive use of VSTP in your network for loop protection. The network is at the VSTP VLAN limit and must protect additional VLANs. Which command allows you to protect additional VLANs? A. set protocols mstp interface all B. set protocols vstp vlan all C. set protocols vstp vlan-group D. set protocols rstp Correct Answer: D QUESTION 148 You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You have a device that does not support 802.1X supplicants and you must ensure this device is authenticated. You must also ensure that no unnecessary delay occurs when authenticating this device. Which statement is correct? A. You should enable MAC RADIUS on the interface and use 802.1X multiple mode. B. You should enable MAC RADIUS on the interface and statically add the MAC address to the 802.1x configuration. C. You should enable MAC RADIUS on the interface and include the restrict parameter. D. You should enable MAC RADIUS on the interface and include the disable parameter. Correct Answer: C

139 QUESTION 149 Your company recently implemented Layer 2 authentication and access control to secure users accessing the corporate network. You implemented 802.1X, MAC RADIUS, and a captive portal to support a variety of hosts on the network. Senior management is concerned that valid users might be authenticated incorrectly on the network and they ask you questions about how these different access technologies are used simultaneously. Which three statements are correct? (Choose three.) A. MAC addresses that are part of a MAC address whitelist or a static MAC list are authenticated before any other authentication protocol is invoked. B. Captive portal is a supported fallback option for 802.1X. C. If the authentication server fails to respond to access requests and both a server-fail and guest VLAN are configured correctly, the server-fail VLAN takes precedence over the guest VLAN. D. Captive portal can only be configured on Layer 3 interfaces. E. If a port is configured with 802.1X and the host does not respond to EAP requests, no other authentication protocol can authenticate the host. Correct Answer: ABC QUESTION 150 In your 802.1X-enabled network, a RADIUS server fails to respond or authenticate a device. On an EX Series switch, what are three supported actions? (Choose three.) A. Traffic can be allowed. B. Traffic can be denied. C. Traffic can be redirected to another subnet. D. Traffic can be redirected to another VLAN. E. Traffic can be redirected to another port. Correct Answer: ABD QUESTION 151

140 A contractor needs to connect a laptop to your company network, but your company has no wireless access and each office has only a single network port for an employee laptop. You have an IP phone with a data port available and you have access to the switch connected to it. You can also add the contractor's MAC address to the RADIUS server database. Referring to the exhibit, which three commands will allow access? (Choose three.) A. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 macradius B. set interfaces ge-0/0/16. 0 family ethernet-switching port-mode trunk C. set interfaces ge-0/0/16. 0 family ethernet-switching vlan members contractor D. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 supplicant multiple E. set interfaces ge-0/0/16. 0 family ethernet-switching vlan members all Correct Answer: ACD QUESTION 152 {master:0u ser@switch> show dot1x interface ge-0/0/15 detail ge-0/0/15. 0 Role: Authenticator Administrative state: Auto Supplicant mode: Multiple Number of retries: 3 Quiet period: 60 seconds Transmit period: 30 seconds

141 Mac Radius: Enabled Mac Radius Restrict: Enabled Reauthentication: Enabled Configured Reauthentication interval: 120 seconds Supplicant timeout: 30 seconds Server timeout: 30 seconds Maximum EAPOL requests: 2 Guest VLAN member: guest Number of connected supplicants: X authentication was recently configured on your ge-0/0/15 port. You issue the command shown in the exhibit. Which two statements are correct? (Choose two.) A. The reauthentication interval is using the default value. B. Every user that attempts to connect using this port must be authenticated. C. Only the first user that connects using this port will be authenticated. D. Users will only be able to authenticate using MAC RADIUS. Correct Answer: BD QUESTION 153 {master:0[edit protocols dot1x] user@switch# show authenticator { authentication-profile-name my-profile; static { 00:21:cc:ba:c7:00/40 { interface ge-0/0/12. 0; interface {

142 ge-0/0/12. 0 { supplicant multiple; server-fail deny; ge-1/0/14. 0 { reauthentication 120; server-fail vlan-name local-only; ge-1/0/15. 0 { supplicant multiple; mac-radius { restrict; reauthentication 120; server-fail vlan-name guest; You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access ports on this device are members of VLAN v20. The RADIUS server is currently not reachable. Referring to the configuration shown in the exhibit, what happens to traffic sent from this device? A. The traffic is denied. B. The traffic is accepted and uses the guest VLAN. C. The traffic is accepted and uses the local-only VLAN. D. The traffic is accepted and uses the v20 VLAN. Correct Answer: D QUESTION 154 Which two statements about the voice VLAN feature are correct? (Choose two.) A. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on an access

143 port. B. It can be used to assign VoIP traffic into a CoS forwarding class. C. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on a trunk port. D. It can be used to apply a policer to VoIP traffic. Correct Answer: AB The Voice VLAN feature in EX-series switches enables access ports to accept both data (untagged) and voice (tagged) traffic and separate that traffic into different VLANs. Before configuring Voice VLAN, there are several things to consider: To assign differentiated priority to Voice traffic, it is recommended that class of service (CoS) is configured prior to enabling the voice VLAN feature. Typically, voice traffic is treated with a higher priority than common user traffic. Without differentiated treatment through CoS, all traffic, regardless of the type, is subject to the same delay during times of congestion. The voice VLAN should only be enabled on access ports on which IP phones are actually connected. Utilize Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) to provide the voice VLAN ID and 802.1p values to the attached IP phones. This dynamic method associates each IP phone with the appropriate voice VLAN and assigns the necessary 802.1p values, which are used by CoS, to differentiate service for voice traffic within a network. QUESTION 155 NetBIOS snooping information is stored in which database on EX Series switches? A. RADIUS database B. LLDP neighbor database C. MAC table database D. routing table database Correct Answer: B The NetBIOS snooping-enabled switch extracts the host details from the NetBIOS name registration packet and stores the details in the LLDP neighbor database. QUESTION 156 Which three PoE power allocation methods are supported on EX Series switches? (Choose three.) A. dynamic PoE management mode

144 B. static PoE management mode C. enhanced power negotiation D. LLDP power negotiation E. class PoE management mode Correct Answer: BDE QUESTION 157 A security camera is connected to an EX Series switch. You are asked to ensure power to the PoE port is maintained if the power budget is exceeded. Which two actions will accomplish this task? (Choose two.) A. Set the PoE management mode to static. B. Set the PoE management mode to class. C. Set the PoE interface priority to high. D. Ensure the camera is connected to port ge-0/0/0. Correct Answer: CD By default, PoE ports on EX Series switches are set to low power priority. You can configure a PoE port to have a high power priority setting. If a situation arises where there is not sufficient power for all the PoE ports, the available power is directed to the higher priority ports, while power to the lower priority ports is shut down as needed. Among PoE interfaces that have the same assigned priority, power priority is determined by the port number, with lower-numbered ports having higher priority. QUESTION 158

145 You are troubleshooting an LLDP neighbor and cannot see the IP address of the neighboring EX Series switch. What is causing the problem? A. A VLAN interface must be configured under the [edit vlans] hierarchy. B. IP addresses are not sent in any LLDP TLVs. C. A management address must be configured under the [edit protocols lldp] hierarchy. D. You must enable LLDP-MED. Correct Answer: C user@switch>show lldp neighbors interface ge-0/0/0.0 LLDP Neighbor Information: Local Information: Index: 20 Time to live: 120 Time mark: Thu Apr 15 22:26: Age: 16 secs Local Interface : ge-0/0/0.0 Parent Interface : - Local Port ID : 517 Ageout Count : 0 Neighbour Information: Chassis type : Network address Chassis ID : Port type : Mac address Port ID : 00:04:0d:fc:55:48 System name : AVAFC5548 System capabilities Supported : Bridge Telephone Enabled : Bridge Management Info Type : IPv4 Address : Port ID : 1 Subtype : 1 Interface Subtype : ifindex(2) OID : Media endpoint class: Class III Device MED Hardware revision : 4610D01A MED Firmware revision : b10d01b2_9.bin MED Software revision : a10d01b2_9.bin MED Serial number : 07N MED Manufacturer name : Avaya MED Model name : 4610 Organization Info OUI : Subtype : 1 Index : 1 Info : 036CA00010 Organization Info OUI :

146 Subtype : 1 Index : 2 Info : Organization Info OUI : Subtype : 2 Index : 3 Info : AE Organization Info OUI : Subtype : 5 Index : 4 Info : Organization Info OUI : Subtype : 6 Index : 5 Info : F392E62696E Organization Info OUI : Subtype : 7 Index : 6 Info : F392E62696E Organization Info OUI : Subtype : 8 Index : 7 Info : 30374E Organization Info OUI : Subtype : 9 Index : 8 Info : Organization Info OUI : Subtype : 10 Index : 9 Info : Organization Info OUI : Subtype : 1 Index : 10 Info : C Organization Info OUI : Subtype : 3 Index : 11 Info : Organization Info OUI : Subtype : 4 Index : 12 Info :

147 Organization Info OUI : Subtype : 5 Index : 13 Info : Organization Info OUI : Subtype : 6 Index : 14 Info : Organization Info OUI : Subtype : 7 Index : 15 Info : 01 QUESTION 159 On SRX Series devices, in which order does CoS process ingress packets? A. multifield classifier, policer, forwarding policy, behavior aggregate classifier B. multifield classifier, forwarding policy, policer, behavior aggregate classifier C. behavior aggregate classifier, policer, multifield classifier, forwarding policy D. behavior aggregate classifier, multifield classifier, policer, forwarding policy Correct Answer: D

148 QUESTION 160 You notice that an interface receiving traffic from multiple devices with no user-configured CoS parameters has been assigned the ieee802.1p-default classifier. What is the port type assigned to this interface? A. access port B. tagged access port C. trunk port D. designated port Correct Answer: C

149 QUESTION 161 You are asked to implement CoS on an EX Series switch. You attempt to configure the priority for the voice and data queue schedulers to medium-high and medium-low priority, respectively. However, you notice that the only parameters available for the priority is strict high and low. Why are strict high and low the only available parameters for configuration? A. The loss priority for the queues must first be set to medium-low and medium-high, respectively. B. The switch only supports the strict high and low queue priorities. C. The shared buffer feature must be configured prior to configuring scheduler priority. D. The scheduler must be applied to an interface prior to configuring scheduler priority. Correct Answer: B Priority scheduling is accomplished through a procedure in which the scheduler examines the priority of the queue. Juniper Networks Junos operating system (Junos OS) supports two levels of transmission priority: Low The scheduler determines whether the individual queue is within its defined bandwidth profile or not. This binary decision, which is re-evaluated on a regular time cycle, involves comparing the amount of data transmitted by the queue against the bandwidth allocated to it by the scheduler. If the transmitted amount is less than the allocated amount, the queue is considered to be in profile. A queue is out of profile when the amount of traffic that it transmits is larger than the queue s allocated limit. An out-of-profile queue is transmitted only if bandwidth is available. Otherwise, it is buffered. On EX Series switches other than EX4300 switches, a queue from a set of queues is selected based on the shaped deficit weighted round robin (SDWRR) algorithm, which operates within the set. On EX4300 switches, the weighted deficit round-robin (WDRR) algorithm is used to select a queue from a set of queues. Strict-high A strict-high priority queue receives preferential treatment over a low-priority queue. Unlimited bandwidth is assigned to a strict-high priority queue. On EX Series switches other than EX4300 switches, queues are scheduled according to the queue number, starting with the highest queue, 7, with decreasing priority down through queue 0. Traffic in higher-numbered queues is always scheduled prior to traffic in lower-numbered queues. In other words, if there are two high-priority queues, the queue with the higher queue number is processed first. On EX4300 switches, you can configure multiple stricthigh priority queues on an interface and an EX4300 switch processes these queues in a round-robin method. Packets in low-priority queues are transmitted only when strict-high priority queues are empty.. QUESTION 162 You are asked to configure a CoS weighted tail drop profile on your EX Series switch that causes all traffic in the best effort queue to drop when the queue is 90 percent full.

150 Which configuration will accomplish this request? A. [edit class-of-service] drop-profiles { be_dropp { fill-level 90; drop-probability 100; B. [edit class-of-service] drop-profiles { be_dropp { interpolate { fill-level 90; drop-probability 100; C. [edit class-of-service] drop-profiles { be_dropp { fill-level 90; D. [edit class-of-service] drop-profiles { be_dropp { fill-level 90; drop-probability 90; Correct Answer: C Field Name Field Description Drop profile Name of a drop profile. Type Type of drop profile: discrete (default) interpolated (EX8200 switches only) Index Internal index of this drop profile. Fill Level Percentage fullness of a queue. Drop probability Drop probability at this fill level.

151 QUESTION 163 You are asked to reconfigure a CoS scheduler to limit the assured forwarding queue to a maximum of 75 percent of the available bandwidth. The assured forwarding queue uses a strict high priority queue. Which configuration parameter accomplishes this task? A. transmit-rate percent 75 B. buffer-size percent 75 C. shaping-rate percent 75 D. shared-buffer percent 75 Correct Answer: C QUESTION 164 You are asked to configure an interface policer. You must ensure when the bandwidth limit and burst size are exceeded, that the packet receives a CoS parameter which increases the probability that the packet will be dropped if the queues are congested. Which policer action will accomplish this requirement? A. dscp 0 B. loss-priority high C. ip-precedence 0

152 D. loss-priority low Correct Answer: B QUESTION 165 Which connection method do OSPF routers use to communicate with each other? A. IP protocol number 89 B. TCP port 179

153 C. UDP port 179 D. IP protocol number 6 Correct Answer: A Was C but should be A QUESTION 166 Which statement is true about default BGP route redistribution behavior? A. IBGP-learned routes are advertised only to other IBGP peers. B. EBGP-learned routes are redistributed into any IGPs. C. EBGP-learned routes are advertised only to other EBGP peers. D. EBGP-learned routes are advertised to other IBGP and EBGP peers. Correct Answer: B Redistributing Routes from BGP If you have redistributed routes from BGP into an IGP, by default only EBGP routes are redistributed. You can issue the bgp redistribute-internal command followed by clearing all BGP sessions to permit the redistribution of IBGP routes in addition to EBGP routes. QUESTION 167 In a PIM-SM network, which type of node helps to build a tree towards an unknown multicast source? A. DIS B. RP C. DR D. BSR Correct Answer: C Answer was A Network applications that can function with unicast but are better suited for multicast

154 include collaborative groupware, teleconferencing, periodic or push data delivery (stock quotes, sports scores, magazines, newspapers, and advertisements), server or website replication, and distributed interactive simulation (DIS) such as war simulations or virtual reality. Any IP network concerned with reducing network resource overhead for one-to-many or many-to-many data or multimedia applications with multiple receivers benefits from multicast Should be D In actual application, many receivers with multiple SPTs are involved in a multicast traffic flow. To illustrate the process, we track the multicast traffic from the RP router to one receiver. In such a case, the RP router begins sending multicast packets down the RPT toward the receiver s DR for delivery to the interested receivers. When the receiver s DR receives the first packet from the RPT, the DR sends a PIM join message toward the source DR to start building an SPT back to the source. When the source DR receives the PIM join message from the receiver s DR, it starts sending traffic down all SPTs. When the first multicast packet is received by the receiver s DR, the receiver s DR sends a PIM prune message to the RP router to stop duplicate packets from being sent through the RPT. In turn, the RP router stops sending multicast packets to the receiver s DR, and sends a PIM prune message for this source over the RPT toward the source DR to halt multicast packet delivery to the RP router from that particular source. QUESTION 168 Which statement is true about MVRP? A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains. B. It dynamically manages VLAN registration in a LAN. C. It maps multiple independent spanning-tree instances onto one physical topology. D. It is a Layer 2 protocol that facilitates network and neighbor discovery. Correct Answer: B Was A should be B Multiple VLAN Registration Protocol (MVRP) is used to manage dynamic VLAN registration in Carrier Ethernet network. You can use MVRP on MX Series routers or on EX Series switches. MVRP is disabled by default on MX Series routers and EX Series switches. QUESTION 169 Which statement is true about LLDP? A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains. B. It dynamically manages VLAN registration in a LAN. C. It maintains a separate spanning-tree instance for each VLAN.

155 D. It is a Layer 2 protocol that facilitates network and neighbor discovery. Correct Answer: D Was C but should be D LLDP (Link Layer Discovery Protocol) is defined in IEEE 802.1AB as a layer 2 protocol which facilitates network and neighbor discovery. Neighbor discovery is made possible through advertisements sent by each network device participating in LLDP. Advertisements are sent by LLDP-enabled devices to identify themselves and to announce their capabilities to neighboring devices. LLDP is somewhat comparable in purpose to Cisco s CDP. LLDP will operate on both Layer 2 and Layer 3 interfaces. Also for operability of the protocol, it doesn't matter whether the port is a trunk port or an access port as the LLDP frames are untagged. This behavior helps the protocol build the network topology regardless of specific configuration parameters assigned to the port QUESTION 170 Which CoS feature avoids congestion in a device by limiting traffic on ingress interfaces? A. rewrite rule B. scheduler C. drop profile D. policer Correct Answer: D Answer was A Rewrite Rules Rewrite rules change the marking of packets based on the forwarding class and loss priority combination as they egress the router.by default, J-series routers will not change the DSCP/precedence fields of forwarded packets. Depending on the protocol, the DSCP, IP Precedence, MPLS EXP, 802.1p, DSCP for IPv6 traffic, and Frame Relay discard eligible (DE) bits can be modified.it is also possible to apply more than one classifier to the same egress queue/drop priority combination whenever the egress packet stacks more than one protocol.for example, packets exiting a VLAN tagged interface can have both their DSCP and 802.1p bits changed simultaneously.not every packet encapsulation allows all possible rewrites.for example, the 802.1p bits can be changed only when the egress packet is a VLAN tagged packet, and the Frame Relay DE bit can only be set (or unset) for Frame Relay packets. Configuration consists of defining the bit values to be written (or alias name if an alias has been defined) for each particular forwarding class and drop priority combination. But should be D Policing Policing refers to the ability of a router to measure data rates and, based on this measurement, to either drop or

156 reclassify the traffic. J-series routers support single-rate policers that can be applied to traffic matching a particular ingress/egress filter.after MF classification is performed, it is possible to instruct a J-series router to measure the rate of the traffic matching the classifier, and either drop or change the forwarding class, or drop the priority of the packet if the measured rate exceeds a configurable threshold. In simple terms, policers allow the establishment of a data rate, which, if exceeded, results in traffic being either reclassified or dropped.in order to measure traffic rates, it is important to determine a measurement interval (or burst limits, as we shall see shortly).traffic always egresses an interface at line rate.to send traffic at a lower speed, bursts have to be followed by idle periods, resulting in an average transmit rate lower than the line rate. QUESTION 171 R1 and R2 are ASBRs in the same area, each with an equal cost external path to the same external network prefix. R1 advertises an external route into OSPF with a Type 1 metric. R2 advertises an external route into OSPF with a Type 2 metric. Which route would be preferred? A. R1's route is preferred because Type 1 metrics take into account the external cost only. B. R1's route is preferred because Type 1 metrics take into account the internal and external cost. C. R2's route is preferred because Type 2 metrics take into account the internal and external cost. D. R2's route is preferred because Type 2 metrics take into account the external cost only. Correct Answer: D The configured metric determines the method used to compute the cost to a destination: The Type 1 external metric is equivalent to the link-state metric. The path cost uses the advertised external path cost and the path cost to the AS boundary router (the route is equal to the sum of all internal costs and the external cost). The Type 2 external metric uses the cost assigned by the AS boundary router (the route is equal to the external cost alone). By default, OSPF uses the Type 2 external metric. QUESTION 172 Referring to the exhibit, which LSA type will Router R2 inject into Area 1?