JUNIPER JN0-643 EXAM QUESTIONS & ANSWERS

JUNIPER JN0-643 EXAM QUESTIONS & ANSWERS Number: JN0-643 Passing Score: 800 Time Limit: 120 min File Version: 48.5 http://www.gratisexam.com/ JUNIPER JN0-643 EXAM QUESTIONS & ANSWERS Exam Name: Enterprise Routing and Switching, Professional (JNCIP-ENT)

Certkiller QUESTION 1 During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute. Which two routing tables are checked during this process in a default Junos configuration? (Choose two.) A. inet.0 B. inet.1 C. inet.2 D. inet.3 Correct Answer: AD QUESTION 2 You are adding ports to a Private VLAN on a standalone EX Series switch so that you can control access between the sales and finance departments. Which two actions should you implement for a Private VLAN? (Choose two.) A. The secondary VLANs can be untagged. B. The secondary VLANs must be tagged. C. The primary VLAN must be tagged. D. The primary VLAN can be untagged. Correct Answer: AC QUESTION 3 You have configured L2TP on VLAN blue. Which CLI command verifies that STP BPDUs are being tunneled? A. show ethernet-switching layer2-protocol-tunneling statistics B. show ethernet-switching layer2-protocol-tunneling vlan blue C. show ethernet-switching layer2-protocol-tunneling interface D. show ethernet-switching layer2-protocol-tunneling vlan blue extensive Correct Answer: A QUESTION 4

You suspect that a PoE device connected to interface ge-0/0/5 on switch-1 is periodically spiking above 15 W of power consumption. Which configuration parameter added to switch-1 would allow you to confirm this? A. set poe guard-band 15 B. set poe interface all telemetries C. set poe interface ge-0/0/5 maximum-power 15 D. set poe management class Correct Answer: B QUESTION 5 A company s security policy does not allow outside computers or smart phones into their work areas. All company-provided computers are strictly controlled using 802.1X authentication on all of their switches. All computers obtain DHCP IP addresses from centralized servers and all switches have IP spoofing enabled. However, one of the computers was able to send IP spoofed packets. http://www.gratisexam.com/ Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded? A. The IP source guard database timeout was set too low. B. The DHCP snooping feature was not enabled on any of the switches. C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic ARP Inspection feature. D. 802.1X feature was not enabled on the port that was directly connected to the infected computer. Correct Answer: B QUESTION 6 A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below: class-of-service { forwarding-classes { class best-effort queue-num 0; class bulk-data queue-num 1; class critical queue-num 3; class voice queue-num 6; class call-sig queue-num 3; }

} Based on the configuration, which option prioritizes call-sig traffic over critical traffic? A. Assign call-sig and critical to different schedulers. B. Assign call-sig and critical to different scheduler maps. C. Assign a loss priority of high to the packets in the critical forwarding class and configure drop profiles in the scheduler configuration. D. Assign a loss priority of high to the packets in the critical forwarding class and set priority high in the scheduler configuration. QUESTION 7 When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.) A. Multicast traffic received at the receiver s designated router (DR). B. PIM join received at the receiver s designated router (DR). C. PIM join received at the source designated router (DR). D. PIM registers received by the rendezvous point (RP). Correct Answer: AD QUESTION 8 You have a requirement for a device to provide 20 W of power over Ethernet. What meets this requirement? A. Bond two standard PoE ports together to achieve 30.8 W of power. B. Install an external redundant power supply in the switch to increase the total power load. C. Select a switch that has PoE+ support. D. Enable LLDP-MED to transfer power from other switches. QUESTION 9 Which configuration causes a router to ignore router-id and peer-id from the BGP route selection algorithm? A. multihop B. as-path loops

C. multipath D. next-hop self QUESTION 10 You are troubleshooting a problem on interface ge-0/0/3.which command shows statistics in real time? A. show interfaces statistics B. monitor interface statistics ge-0/0/3 C. monitor interface traffic D. monitor traffic interface ge-0/0/3 QUESTION 11 A Layer 2 transparent firewall separates two OSPFv3 routers. For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall? A. IPv4 protocol 89 B. IPv6 protocol 89 C. TCP port 89 D. UDP port 89 Correct Answer: B QUESTION 12 When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree? A. Multicast traffic received at the receiver s designated router (DR). B. An IGMPv3 report received at the receiver s designated router (DR). C. Multicast traffic received at the rendezvous point (RP). D. An IGMPv3 report received at the source s designated router (DR). Correct Answer: B

QUESTION 13 What is the significance of the multicast address range: 224.0.0.1 through 224.0.0.254? A. They have link-local scope. B. They have administrative region scope. C. They are reserved for future use. D. They have a scope of two or more hops from a router. Correct Answer: A QUESTION 14 Which option is a valid IPv6 multicast address? A. fe80::205:8640:471:3200/64 B. ::172.16.0.5/126 C. ff03:365:ba::23 D. ff01:cgfc:345::226:8ff:fee4:bf6f QUESTION 15 Which two actions can be performed when traffic is exceeding a policer rate? (Choose two.) A. Set the forwarding table. B. Set the loss priority (PLP). C. Set the forwarding class. D. Set a community. Correct Answer: BC QUESTION 16 In MSTP, which two factors determine the root bridge in each region? (Choose two.) A. The switch with the higher priority becomes the root bridge. B. The switch with the lower priority becomes the root bridge. C. The switch with the lower MAC address becomes the root bridge when priorities are tied. D. The switch with the higher MAC address becomes the root bridge when priorities are tied.

Correct Answer: BC QUESTION 17 A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period. You must prevent this behavior in the future. Which protocol should you enable on the EX Series switch to address this condition in the future? (Choose two.) A. DVMRP B. L2TPv3 C. STP D. RSVP D QUESTION 18 What is a valid router ID configuration for OSPFv3 in the Junos OS? A. set routing-options router-id 2001:1:2::1 B. set protocols ospf3 router-id fe80:223:2887:ab31::1 C. set routing-options router-id 224.1.0.1 D. set protocols ospf3 router-id 10.8.3.9 QUESTION 19 A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use a single IGP for both IPv4 and IPv6 traffic. Which protocol meets this requirement? A. OSPFv2 B. BGPv4 C. ES-ISv1 D. OSPFv3 Correct Answer: D

QUESTION 20 What are two IP multicast routing protocols? (Choose two.) A. RSVP B. OSPF C. PIM D. CDP D QUESTION 21 You must configure your access switch with more than 3000 VLANs and you want the ability to load-balance across them. Which spanning-tree approach has the least impact on control-plane performance? A. Configure your access switch with a load-balancing policy and apply it to protocols RSTP. B. Configure your access switch for Rapid-PVST+. C. Configure your access switch for MSTP incorporating the use of MSTIs. D. Configure your access switch for both VSTP and RSTP. QUESTION 22 Voice traffic is coming in on UDP port 17689. This traffic must be classified into the expedited- forwarding forwarding-class. Which type of classifier is needed? A. code point alias B. rewrite marker C. multifield D. behavior aggregate

QUESTION 23 Which protocol reachability is advertised by OSPFv2? (Choose two.) A. IPv4 B. IPv5 C. IPv6 D. ISO Correct Answer: AD QUESTION 24 A coffee shop offering free Internet service to customers wants to implement the following security policies: 1. Every customer must agree to a set of terms and conditions before accessing the Internet. 2. Log out customers that are logged in for more than one hour. 3. Log out customers that are idle for more than 5 minutes. 4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions. The following configuration has been applied to the switch: set access radius-server 172.16.14.26 port 1812 set access radius-server 172.16.14.26 secret Am@zingC00f33 set access profile dot1x authentication-order radius set access profile dot1x radius authentication-server 172.27.14.226 What would you add to implement these policies? A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use" B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use" C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal interface ge-0/0/12.0 user-timeout 3600 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop"

set services captive-portal custom-options banner-message "Terms and Conditions of Use" D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use" Correct Answer: A QUESTION 25 Which AS path regular expression will only match a route originating in AS 500 with the last traversing AS of 100? A. "$100.* ^500" B. "500.*" C. "^100.* 500$" D. "^100.*" QUESTION 26 How does an administrator block IGMP reports for the 239.0.0.0/8 group range? A. Create a routing policy and apply it to IGMP using the group-policy feature. B. Create a routing policy and apply it to IGMP using the report-policy feature. C. Create a routing policy and apply it to IGMP as export. D. Create a routing policy and apply it to IGMP as import. Correct Answer: A QUESTION 27 R1 has an OSPF adjacency with R2 over a point-to-point link. Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.)

A. It has a value in the link ID field with R2 s interface IP address. B. It has a value in the link ID field with R2 s router ID. C. It has a link-type of point-to-point (Type 1). D. It has a link-type of Transit (Type 2). E. It has a link-type of stub (Type 3). Correct Answer: BDE QUESTION 28 Which command prevents Layer 2 loops if the switch stops receiving spanning-tree keepalives on port ge- 1/0/1? A. [edit protocols rstp] user@switch# show interface ge-1/0/1 { bpdu-block; } B. [edit protocols layer2-control] user@switch# show interface ge-1/0/1 { bpdu-time-out-action { block; alarm; } } C. [edit protocols layer2-control] user@switch# show bpdu-block { interface ge-1/0/1; } D. [edit protocols rstp] interface ge-1/0/1 { no-root-port; } Correct Answer: D QUESTION 29 Port authentication falls back to Captive Portal. In which two scenarios would the port authentication move back to 802.1X? (Choose two.) A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state B. if Captive Portal is deactivated on the interface

C. if the user gets logged out D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating state Correct Answer: BD QUESTION 30 What is the default LLDP timeout? A. 60 seconds B. 90 seconds C. 120 seconds D. infinite http://www.gratisexam.com/