Sie sind auf Seite 1von 268

Juniper.Actualtest.JN0-643.v2014-11-11.by-DD.201q

Number: JN0-643 Passing Score: 800 Time Limit: 120 min File Version: 18.5

Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: JN0-643 Exam Name: Enterprise

Exam Code: JN0-643

Exam Name: Enterprise Routing and Switching, Professional (JNCIP-ENT)

Enterprise Routing and Switching, Professional (JNCIP-ENT) Modified by DD 3-25-2014 - corrected some of the answers

Modified by DD 3-25-2014 - corrected some of the answers in the dump provided by Gaber

I changed the answers for Q 17, 19, 31, 165, 167, 168, 169, 170, 177, 179

A lot of the questions are missing exhibits or seem to have an exhibit not associated with the question.

Missing exhibits Q 107, 116, 117, 120,123,125,130,132,135, 139,140, 141, 185

www.vceplus.com - Website designed to help IT pros advance their careers.

Wrong exhibits Q 124, 178

Wrong exhibits Q 124, 178 www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

Exam A

QUESTION 1

A user complains about connectivity problems from their IP address (10.1.1.87) to a server (10.65.1.100).

Which Junos command can help verify connectivity in the network?

A. mroute

B. traceoptions

C. ping

D. clear bgp neighbor

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 2 Port authentication falls back to Captive Portal.

In which two scenarios would the port authentication move back to 802.1X? (Choose two.)

A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state

B. if Captive Portal is deactivated on the interface

C. if the user gets logged out

D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating state

Correct Answer: BD Section: (none) Explanation

Explanation/Reference:

Explanation:

Fallback of Authentication Methods You can configure multiple authentication methods on a single interface to enable fallback to another method if one method fails. If an interface is configured in multiple supplicant mode, all end devices connecting through the interface must use either captive portal

www.vceplus.com - Website designed to help IT pros advance their careers.

or a combination of 802.1X and MAC RADIUS, captive portal cannot be mixed with 802.1X or MAC RADIUS. Therefore, if there is already an end device on the interface that was authenticated through 802.1X or MAC RADIUS authentication, then additional end devices authenticating do not fall back to captive portal. If only 802.1X authentication or MAC RADIUS authentication is configured, some end devices can be authenticated using 802.1X and others can still be authenticated using MAC RADIUS. Fallback of authentication methods occurs in the following order:

802.1X authentication—If 802.1X is configured on the interface, the switch sends EAPoL requests to the end device and attempts to authenticate the end device through 802.1X authentication. If the end device does not respond to the EAP requests, the switch checks whether MAC RADIUS authentication is configured on the interface. MAC RADIUS authentication—If MAC RADIUS authentication is configured on the interface, the switch sends the MAC RADIUS address of the end device to the authentication server. If MAC RADIUS authentication is not configured, the switch checks whether captive portal is configured on the interface. Captive portal authentication—If captive portal is configured on the interface, the switch attempts to authenticate using this method after attempting any other configured authentication methods. If an end device is authenticated on the interface using captive portal, this becomes the active authentication method on the interface. When captive portal is the active authentication method, the switch falls back to 802.1X authentication if there are no sessions in the authenticated state and if the interface receives an EAP packet.

QUESTION 3

A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use a single IGP for both IPv4 and IPv6 traffic.

Which protocol meets this requirement?

A. OSPFv2

B. BGPv4

C. ES-ISv1

D. OSPFv3

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 4

A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period. You must prevent this behavior in the future.

Which protocol should you enable on the EX Series switch to address this condition in the future?

www.vceplus.com - Website designed to help IT pros advance their careers.

A. DVMRP

B. L2TPv3

C. STP

D. RSVP

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

(none) Explanation Explanation/Reference: Explanation: QUESTION 5 You have implemented 802.1X authentication in

QUESTION 5 You have implemented 802.1X authentication in your Layer 2 network and you have only a single RADIUS server. You are asked to ensure that if the RADIUS server becomes unreachable or fails, users connected to the ge-0/0/0 port are still able to reach the Internet using a predefined guest VLAN.

Which command allows this access?

A. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest

B. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name guest

C. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan guest

D. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign guest Juniper JN0-643 Exam

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

Server fail fallback allows you to specify how end devices connected to the switch are supported if the RADIUS authentication server becomes unavailable or sends a RADIUS access-reject message. Juniper Networks EX Series Ethernet Switches use authentication to implement access control in an enterprise network. If 802.1X, MAC RADIUS, or captive portal authentication are configured on the interface, end devices are evaluated at the initial connection by an authentication (RADIUS) server. If the end device is configured on the authentication server, the device is granted access to the LAN

www.vceplus.com - Website designed to help IT pros advance their careers.

and the EX Series switch opens the interface to permit access. A RADIUS server timeout occurs if no RADIUS authentication servers are reachable when an end device logs in and attempts to access the LAN. Server fail fallback allows you to specify one of four actions to be taken toward end devices awaiting authentication when the server is timed out:

Permit authentication, allowing traffic to flow from the end device through the interface as if the end device were successfully authenticated by the RADIUS server. Deny authentication, preventing traffic from flowing from the end device through the interface. This is the default. Move the end device to a specified VLAN. (The VLAN must already exist on the switch.) Sustain authenticated end devices that already have LAN access and deny unauthenticated end devices. If the RADIUS servers time out during reauthentication, previously authenticated end devices are reauthenticated and new users are denied LAN access. Server fail fallback is triggered most often during reauthentication when the already configured and in-use RADIUS server becomes inaccessible. However, server fail fallback can also be triggered by an end device’s first attempt at authentication through the RADIUS server. Server fail fallback allows you to specify that an end device be moved to a specified VLAN if the switch receives a RADIUS access- reject message. The configured VLAN name overrides any attributes sent by the server.

Configure an interface to move an end device to a specified VLAN if a RADIUS server timeout occurs (in this case, the VLAN name is

vlan1):

[edit protocols dot1x authenticator] user@switch# set interface ge-0/0/1 server-fail vlan-name vlan1

QUESTION 6 Which option is a valid IPv6 multicast address?

A. fe80::205:8640:471:3200/64

B. ::172.16.0.5/126

C. ff03:365:ba::23

D. ff01:cgfc:345:22::226:8ff:fee4:bf6f

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 7

A company is deploying a new 802.1X port-based security infrastructure to allow users to access resources through wired Ethernet ports. However they recently deployed an RSA token-based system for users to connect remotely. The network administrator wants to reuse the same security database for 802.1X port-based

security.

Which 802.1X authentication protocol is required?

A. EAP-TLS

B. LAN-PEAP

C. RSA-EAP

D. EAP-TTLS

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

With EAP-TTLS, you do not need to create a new infrastructure of user certificates. User authentication is performed against the same security database that is already in use on the corporate LAN; for example, SQL or LDAP databases, or token systems. The routing of the inner authentication request is handled either by means of standard Steel-Belted Radius Carrier authentication request routing, or by means of a directed realm. If your EAP-TTLS tunnel ends at a dedicated server, and you want all the inner authentication requests to be performed by other servers, use standard request routing so the proxy realm target can be determined in a standard fashion (that is, the decoration of the username revealed by inner authentication). If your EAP-TTLS tunnel and inner authentication are handled by the same server, you can use a directed realm to specify which authentication methods handle the inner authentication.

QUESTION 8 Which protocol reachability is advertised by OSPFv2?

A. IPv4

B. IPv5

C. IPv6

D. ISO

www.vceplus.com - Website designed to help IT pros advance their careers.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 9 You are AS 6573.

Which AS path regular expression matches only routes originated in your AS?

A. "6573.*"

B. ".*"

C. "{"

D. "^$"

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

(none) Explanation Explanation/Reference: Explanation: www.vceplus.com - Website designed to help IT pros advance
(none) Explanation Explanation/Reference: Explanation: www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 10 Voice traffic is coming in on UDP port 17689. This traffic must be

QUESTION 10 Voice traffic is coming in on UDP port 17689. This traffic must be classified into the expedited- forwarding forwarding class.

Which type of classifier is needed?

A. code point alias

B. rewrite marker

C. multifield

D. behavior aggregate

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

The Junos OS supports two general types of packet classification: behavior aggregate (BA) classification and multifield classification:

BA classification, or CoS value traffic classification, refers to a method of packet classification that uses a CoS configuration to set the forwarding class or PLP of a packet based on the CoS value in the IP packet header. The CoS value examined for BA classification purposes can be the Differentiated Services code point (DSCP) value, DSCP IPv6 value, IP precedence value, MPLS EXP bits, and

www.vceplus.com - Website designed to help IT pros advance their careers.

IEEE 802.1p value. The default classifier is based on the IP precedence value. Multifield classification refers to a method of packet classification that uses a standard stateless firewall filter to set the forwarding class or PLP for packets entering or exiting the interface based on multiple fields in the IP packet. You can configure multifield classifier that specifies match conditions based on CoS values (such as DSCP value, IP precedence value, MPLS EXP bits, or IEEE 802.1p bits), other packet values (such as IP address fields, the IP protocol type field, or the port number in the UDP or TCP pseudoheader field), or a combination. Use multifield classification instead of BA classification when you need to classify packets based on information in the packet other than the CoS values only. With multifield classification, a firewall filter term can specify the packet classification actions for matching packets though the use of the forwarding-class class-name or loss-priority (high | medium-high | medium-low | low) nonterminating actions in the term’s then clause.

QUESTION 11 Which three attributes must a BGP update contain? (Choose three.)

A. next-hop

B. MED

C. origin

D. AS-path

E. local preference

Correct Answer: ACD Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 12 You must configure your access switch with more than 3000 VLANs and you
QUESTION 12 You must configure your access switch with more than 3000 VLANs and you

QUESTION 12 You must configure your access switch with more than 3000 VLANs and you want the ability to load-balance across them.

Which spanning-tree approach has the least impact on control-plane performance?

A. Configure your access switch with a load-balancing policy and apply it under [edit protocols rstp].

www.vceplus.com - Website designed to help IT pros advance their careers.

B. Configure your access switch for Rapid-PVST+.

C. Configure your access switch for MSTP, incorporating the use of MSTIs.

D. Configure your access switch for both VSTP and RSTP.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 13 You are implementing MSTP in your network. www.vceplus.com - Website designed to help

QUESTION 13 You are implementing MSTP in your network.

www.vceplus.com - Website designed to help IT pros advance their careers.

Which three values must match on all switches within the MST region? (Choose three)

A. Context identifier

B. Region name

C. VLANs

D. Revision

E. Configuration manifest

Correct Answer: BCD Section: (none) Explanation

Explanation/Reference:

Explanation:

(none) Explanation Explanation/Reference: Explanation: Configuring MSTP Regions When enabling MSTP, you define one

Configuring MSTP Regions When enabling MSTP, you define one or more MSTP regions. An MSTP region defines a logical domain where MSTIs can be administered independently of MSTIs in other regions, setting the boundary for Bridge Protocol Data Units (BPDUs) sent by one MSTI. An MSTP region is a group of switches that is defined by three parameters:

Region name—User-defined alphanumeric name for the region. Revision level—User-defined value that identifies the region. Mapping table—Numerical digest of VLAN-to-instance mappings. An MSTP region can support up to 64 MST instances, and each MSTI can support from 1 to 4094 VLANs. When you define a region, MSTP automatically creates an internal spanning-tree instance (IST instance 0) that provides the root switch for the region and includes all currently configured VLANs that are not specifically assigned to a user-defined Multiple Spanning-Tree Instance (MSTI). An MSTI includes all static VLANs that you specifically add to it. The switch places any dynamically created VLANs in the IST instance by default, unless you explicitly map them to another MSTI. Once you assign a

QUESTION 14 You have been asked to implement a private VLAN with two community VLANs. This private VLAN will be confined to a single switch in your Layer 2 network. This private VLAN, along with other VLANs configured on the switch, will require gateway services provided through a connected router.

Which statement about this deployment is true?

A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.

www.vceplus.com - Website designed to help IT pros advance their careers.

C.

Both community VLANs must have an assigned VLAN IDs.

D. A minimum of one private VLAN trunk port is required.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

A promiscuous access port carries untagged traffic and can be a member of only one primary VLAN. Traffic that ingresses on a promiscuous access port is forwarded to the ports of the secondary VLANs that are members of the primary VLAN that the promiscuous access port is a member of. This traffic carries the appropriate secondary VLAN tags when it egresses from the secondary VLAN ports if the secondary VLAN port is a trunk port.

QUESTION 15 During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute.

Which two routing tables are checked during this process in a default Junos configuration? (Choose two.)

A. inet.0

B. inet.1

C. inet.2

D. inet.3

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

The Border Gateway Protocol (BGP) uses different tables to resolve protocol next-hop for different applications. In a normal BGP application like IPv4, the prefix is learned in the default table inet.0. BGP will try to resolve its protocol next-hop in the table inet.3 first; if fails, it will resolve in the table inet.0. However, in L3VPN and L2VPN applications, BGP will resolve its protocol next-hop in the table inet.3 only.

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 16 You have a requirement for a device to provide 20 W of power over Ethernet.

What meets this requirement?

A. Bond two standard PoE ports together to achieve 30.8 W of power.

B. Install an external redundant power supply in the switch to increase the total power load.

C. Select a switch that has PoE+ support.

D. Enable LLDP-MED to transfer power from other switches.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 17 R1 has an OSPF adjacency with R2 over a point-to-point link. Which three

QUESTION 17 R1 has an OSPF adjacency with R2 over a point-to-point link.

Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.)

A. It has a value in the link ID field with R2's interface IP address.

B. It has a value in the link ID field with R2's router ID.

C. It has a link-type of point-to-point (Type 1).

D. It has a link-type of Transit (Type 2).

E. It has a link-type of stub (Type 3).

Correct Answer: BCE Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation/Reference:

Explanation:

Explanation/Reference: Explanation: Answer was B, D and E The OSPF Router LSA [LSA Type 1] In

Answer was B, D and E

The OSPF Router LSA [LSA Type 1] In the extensive ospf database output link type-field, such as (3), is followed by comments for explanation. Each point-to-point link is advertised as two links: one stub and the other point-to-point. This is because on a pt-to-pt link, an OSPF router alwasys forms an adjacency with its peer over an unnumbered connection. Hence, the link ID = the neighbor's router ID

QUESTION 18 What is the significance of the multicast address range 224.0.0.1 through 224.0.0.254?

A. They have link-local scope.

B. They have administrative region scope.

C. They are reserved for future use.

D. They have a scope of two or more hops from a router.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

There are two well-known scopes:

IPv4 local scope—This scope comprises addresses in the range 239.255.0.0/16. The local scope is the minimal enclosing scope and is not further divisible. Although the exact extent of a local scope is site-dependent, locally scoped regions must not span any other scope boundary and must be contained completely within or be equal to any larger scope. If scope regions overlap in an area, the area of overlap must be within the local scope. IPv4 organization local scope—This scope comprises 239.192.0.0/14. It is the space from which an organization allocates subranges when defining scopes for private use. The ranges 239.0.0.0/10, 239.64.0.0/10, and 239.128.0.0/10 are unassigned and available for expansion of this space. Two other scope classes already exist in IPv4 multicast space: the statically assigned link-local scope, which is 224.0.0.0/24, and the static global scope allocations, which contain various addresses.

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 19 You must prioritize VoIP packets on your network. Which feature will accomplish this goal?

A. RSVP

B. Multicast Routing

C. VPLS

D. Class of Service

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

Answer was C/D

Resource Reservation Protocol - Traffic Engineering is an extension of the resource reservation protocol (RSVP) for traffic engineering. It supports the reservation of resources across an IP network. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter, maximum burst, and so forth) of the packet streams they want to receive. RSVP runs on both IPv4 and IPv6.

QUESTION 20 You notice that a number of IGMP leave group messages are passing through a BMA network and are impacting the network's performance.

What would you do to resolve this issue without affecting multicast traffic?

A. Apply an import policy to control leave group messages.

B. Suppress group-specific queries.

C. Suppress generic IGMP queries.

D. Enable promiscuous-mode in IGMP.

Correct Answer: B Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation/Reference:

Explanation:

http://network-technologies.metaswitch.com/multicast//what-is-igmp-mld.aspx

Responding To Group Membership Queries

IGMPv1 and IGMPv2 use a Report suppression technique to avoid a 'storm' of responses to an IGMP Query message. When a host receives a Query, it starts a randomized timer for each group that it is a member of. When this timer pops, the host sends an IGMP Report message addressed to that group. Any other hosts that are members of the group also receive the message, at which point they cancel their timer for the group. This mechanism ensures that, under most circumstances, a single IGMP Report message is sent for each multicast group in response to a single Query. IGMPv3 removed the need for this, by packing multiple group memberships in a single Report message to reduce the number of packets sent.

Improving Group Membership Latency

When a host joins a new multicast group on an interface, it immediately sends an unsolicited IGMP Report message for that group. IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a group-specific IGMP Query message to the multicast group. The Leave Group message is not used with IGMPv3, as its source address filtering mechanism provides the same functionality

QUESTION 21 A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below:

class-of-service {

forwarding-classes {

class best-effort queue-num 0; class bulk-data queue-num 1;

class critical queue-num 3;

class voice queue-num 6;

class call-sig queue-num 3;

}

}

Based on the configuration, which option prioritizes call-sig traffic over critical traffic?

A. Assign call-sig and critical to different schedulers.

B. Assign call-sig and critical to different scheduler maps.

www.vceplus.com - Website designed to help IT pros advance their careers.

C.

Assign a loss priority of high to the packets in the critical forwarding class and configure drop profiles in the scheduler configuration.

D. Assign a loss priority of high to the packets in the critical forwarding class and set priority high in the scheduler configuration.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Set the packet loss priority to high, which means that means that packets are more susceptible to being dropped.

An individual device interface has multiple queues assigned to store packets temporarily before transmission. To determine the order in which to service the queues, the device uses a round-robin scheduling method based on priority and the queue's weighted round- robin (WRR) credits. Junos OS schedulers allow you to define the priority, bandwidth, delay buffer size, rate control status, and RED drop profiles to be applied to a particular queue for packet transmission. You configure schedulers to assign resources, priorities, and drop profiles to output queues. By default, only queues 0 and 3 have resources assigned.

QUESTION 22 A Layer 2 transparent firewall separates two OSPFv3 routers.

For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall?

A. IPv4 protocol 89

B. IPv6 protocol 89

C. TCP port 89

D. UDP port 89

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

OSPFv3 Messages OSPFv2 and OSPFv3 both have the same protocol number of 89, although OSPFv3,

OSPFv3 Messages OSPFv2 and OSPFv3 both have the same protocol number of 89, although OSPFv3, being an IPv6 protocol, more accurately has a Next Header value of 89. And like OSPFv2, OSPFv3 uses multicast whenever possible.

The IPv6 AllSPFRouters multicast address is FF02::5, and the AllDRouters multicast address is FF02::6. Both have link-local scope. You can easily see the similarity in the last bits with the OSPFv2 addresses of 224.0.0.5 and 224.0.0.6.

QUESTION 23 In MSTP, which two factors determine the root bridge in each region? (Choose two.)

A. The switch with the higher priority becomes the root bridge.

B. The switch with the lower priority becomes the root bridge.

C. The switch with the lower MAC address becomes the root bridge when priorities are tied.

D. The switch with the higher MAC address becomes the root bridge when priorities are tied.

Correct Answer: BC Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 24 Which two LSA types are only generated by an ABR router? (Choose two.)

A. ASBR summary LSA (Type 4)

B. ASBR LSA (Type 5)

C. Summary LSA (Type 3)

D. Router LSA (Type 1)

Correct Answer: AC Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 25 Which two statements about MVRP on EX Series switches are true? (Choose two.)

QUESTION 25 Which two statements about MVRP on EX Series switches are true? (Choose two.)

A. MVRP can add VLANs on access interfaces.

B. MVRP can add VLANs on trunk interfaces.

C. MVRP adds VLANs on MVRP-enabled interfaces by default.

D. MVRP is in transparent mode on MVRP-enabled interfaces by default.

www.vceplus.com - Website designed to help IT pros advance their careers.

Correct Answer: BC Section: (none) Explanation

Explanation/Reference:

Explanation:

How MVRP Works The VLAN registration information sent by MVRP protocol data units (PDUs) includes the current VLANs membership—that is, which routers are members of which VLANs—and which router interfaces are in which VLAN. MVRP shares all information in the PDU with all routers participating in MVRP in the switching network. MVRP stays synchronized using these PDUs. The routers in the network participating in MVRP receive these PDUs during state changes and update their MVRP states accordingly. MVRP timers dictate when PDUs can be sent and when routers receiving MVRP PDUs can update their MVRP information. VLAN information is distributed as part of the MVRP message exchange process and can be used to dynamically create VLANs, which are VLANs created on one switch and propagated to other routers as part of the MVRP message exchange process. Dynamic VLAN creation using MVRP is enabled by default but can be disabled

QUESTION 26 A company's security policy does not allow outside computers or smart phones into their work areas. All company-provided computers are strictly controlled using 802.1X authentication on all of their switches. All computers obtain DHCP IP addresses from centralized servers and all switches have IP spoofing enabled. However, one of the computers was able to send IP spoofed packets.

Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded?

A. The IP source guard database timeout was set too low.

B. The DHCP snooping feature was not enabled on any of the switches.

C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic ARP Inspection feature.

D. 802.1X feature was not enabled on the port that was directly connected to the infected computer.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

DHCP snooping enables the switch to monitor and control DHCP messages received from untrusted devices connected to the switch. When DHCP snooping is enabled, the system snoops the DHCP messages to view DHCP lease information and build and maintain a database of valid IP address to MAC address (IP-MAC) bindings called the DHCP snooping database. Only clients with valid bindings are allowed access to the network.

QUESTION 27 What is a valid router ID configuration for OSPFv3 in the Junos OS?

A. set routing-options router-id 2001:1:2::1

B. set protocols ospf3 router-id fe80:223:2887:ab31::1

C. set routing-options router-id 224.1.0.1

D. set protocols ospf3 router-id 10.8.3.9

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/configuration-statement/router-id-edit-routing-options.html

QUESTION 28 You are setting up a new switch in your network that is using MSTP. You have configured all access ports as edge ports, and you want to make sure that the access ports can never transition to nonedge ports.

How can you meet this requirement?

A. Configure the interfaces as shared.

B. Configure the hello-time option as zero.

C. Configure the interfaces as a no-root-port.

D. Configure bpdu-block-on-edge.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

Description Configure bridge protocol data unit (BPDU) protection on all edge ports of a switch. When the bpdu-block-on-edge statement is configured and the interface encounters an incompatible BPDU, the interface shuts down. If the disable-timeout statement is included in the BPDU configuration, the interface is automatically reenabled after the timer expires. Otherwise, you must use the operational mode command clear ethernet-switching bpdu-error to unblock and reenable the interface.

bpdu-block-on-edge

Syntax

bpdu-block-on-edge;

Hierarchy Level

[edit logical-systems logical-system-name protocols (mstp | rstp | vstp)],[edit logical-systems logical-system-name routing-instances routing- instance-name protocols (mstp | rstp | vstp)],[edit protocols (mstp | rstp | vstp)],[edit routing-instances routing-instance-name protocols (mstp | rstp | vstp)]

Release Information

Statement introduced in Junos OS Release 9.4. Support for logical systems added in Junos OS Release 9.6.

Description

Enable BPDU blocking on the edge ports of a virtual switch.

QUESTION 29 When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.)

A. Multicast traffic received at the receiver's designated router (DR).

B. PIM join received at the receiver's designated router (DR).

C. PIM join received at the source designated router (DR).

D. PIM registers received by the rendezvous point (RP).

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

In order to have the multicast traffic sent down the shared tree, the RP must register with the multicast source. Please note that the receivers can join the shared

www.vceplus.com - Website designed to help IT pros advance their careers.

tree before the source register with the RP. There is no process of order operation

tree before the source register with the RP. There is no process of order operation here. But for this example we will start by registering the source with the RP as frequently the multicast source may begin sending traffic before any receivers join the group. In order for the source to register with the RP, the RP must build a SPT (source path tree) to the source but in order to do that the RP must somehow know that the source exist so PIM SM makes uses of the PIM register and PIM Register stop messages to implement a source registration process to accomplish the task. PIM register message are sent by the first-hop DR (that is the DR directly connected to the source) to the RP.

QUESTION 30 A coffee shop offering free Internet service to customers wants to implement the following security policies:

1. Every customer must agree to a set of terms and conditions before accessing the Internet.

2. Log out customers that are logged in for more than one hour.

3. Log out customers that are idle for more than 5 minutes.

4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions.

The following configuration has been applied to the switch:

- set access radius-server 172.16.14.26 port 1812

- set access radius-server 172.16.14.26 secret Am@zingC00f33

- set access profile dot1x authentication-order radius

- set access profile dot1x radius authentication-server 172.27.14.226

What would you add to implement these policies?

A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use"

B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use"

C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple

www.vceplus.com - Website designed to help IT pros advance their careers.

set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal interface ge-0/0/12.0 user-timeout 3600 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use"

D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner-message "Terms and Conditions of Use"

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 31 What is an IP multicast routing protocol?

A. RSVP

B. OSPF

C. PIM

D. CDP

Correct Answer: BC Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation:

Was C/D

CDP not routing protocol

QUESTION 32 Which version of BGP would an enterprise use to peer with an ISP?

A. Confederation BGP

B. External BGP

C. Internal BGP

D. Labeled-Unicast

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Regions are an important concept because they address many of the challenges inherent in large routed networks. By dividing the network into regions, service providers can increase the scale of their networks and improve convergence times. Regions essentially partition the network into sections or zones, which can be OSPF areas or IS-IS levels within a single autonomous system (AS), or each region can be an AS using a separate IGP.

The characteristics of a multi-region network are quite similar to a multi-area OSPF network, multilevel IS-IS network, or BGP AS, but the regions don’t exchange routing information as would a typical area or level. No IGP routing information, LDP signaling, or RSVP signaling is exchanged between regions. Rather, regions are connected by and communicate with BGP labeled unicast.

Like these other concepts, the primary advantage of regions is reducing the number of entries in the routing and forwarding tables of individual routers. This simplifies the network, enabling greater scale and faster convergence. LDP and RSVP label-switched paths are contained within a region, reducing the amount of LDP and RSVP state network-wide. Lowering the amount of resources required by each node prolongs the life span of each node as the network continues to grow. Regions also simplify network integration and troubleshooting. Network integrations and expansions do not require compatible IGPs or compatible LDP/RSVP implementations between networks. The new network or region only needs BGP labeled unicast compatibility with the existing network. Troubleshooting a multi-region network is simplified because problems are more likely to be contained within a single region rather than spread across multiple regions. In a multi-region network, BGP-LU is essential to enabling inter-region end-to-end routing, as it provides the communication and connectivity between multiple regions. Defined in RFC 31071, it enables BGP to advertise unicast routes with an MPLS label binding (a prefix and label). To accomplish this, BGP-LU leverages

www.vceplus.com - Website designed to help IT pros advance their careers.

Multiprotocol Border Gateway Protocol (MP-BGP) and subsequent address family identifier (SAFI) 4 which indicates that the network layer reachability information (NLRI) contains a label mapping. BGP-LU has long been used for inter-AS VPN services such as “carrier’s carrier” and is now being applied to intra-AS in a similar way to achieve massive scaling.

QUESTION 33 You are setting up a new switch in your network that is using MSTP. You want to make sure that any port connected to a host starts forwarding traffic immediately.

How can you meet this requirement?

A. Configure the interfaces as point-to-point.

B. Configure the interfaces as edge.

C. Configure the forward-delay option as zero.

D. Configure the interfaces as shared.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 34 You have been asked to implement 802.1X in your network and to ensure that all authorized users continue to be permitted should the RADIUS server fail.

Which solution will satisfy this requirement?

A. Implement the persistent MAC feature with the override option.

B. Implement the server fail fallback feature with the use-cache option.

C. Implement the persistent MAC feature with the use-cache option.

D. Implement the server fail fallback feature with the override option.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation:

With Juniper switches you can be rest assured that even if your radius server fails, Your network would still be up. Users would still be able login into the network using a phenomenal feature called Switch Cache . If radius server fails, switch can use cache to authenticate the dot1x clients. use-cache—If the RADIUS servers time out during reauthentication, previously authenticated supplicants are reauthenticated, but LAN access is denied for new supplicants. Configuration: set protocols dot1x authenticator authentication-profile-name auth set protocols dot1x authenticator interface ge-0/0/0.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/0.0 retries 4 set protocols dot1x authenticator interface ge-0/0/0.0 reauthentication 30 set protocols dot1x authenticator interface ge- 0/0/0.0 server-timeout 20 set protocols dot1x authenticator interface ge-0/0/0.0 server-fail use-cache set access radius-server 10.130.38.11 secret "x.x.x.x" set access profile auth auth

QUESTION 35 How does an administrator block IGMP reports for the 239.0.0.0/8 group range?

A. Create a routing policy and apply it to IGMP using the group-policy feature.

B. Create a routing policy and apply it to IGMP using the report-policy feature.

C. Create a routing policy and apply it to IGMP as export.

D. Create a routing policy and apply it to IGMP as import.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

Filtering Unwanted IGMP Reports at the IGMP Interface Level

Suppose you need to limit the subnets that can join a certain multicast group. The group-policy statement enables you to filter unwanted IGMP reports at the interface level. When this statement is enabled on a router running IGMP version 2 (IGMPv2) or version 3 (IGMPv3), after the router receives an IGMP report, the router compares the group against the specified group policy and performs the action configured in that policy (for example, rejects the report if the policy matches the defined address or network). You define the policy to match only IGMP group addresses (for IGMPv2) by using the policy's route-filter statement to match the group address. You define the policy to match IGMP (source, group) addresses (for IGMPv3) by using the policy's route-filter statement to match the group address and the policy's source- address-filter statement to match the source address. To filter unwanted IGMP reports:

Configure an IGMPv2 policy.

[edit policy-statement reject_policy_v2]user@host# set from route-filter 224.1.1.1/32 exactuser@host# set from route-filter 239.0.0.0/8 orlongeruser@host# set then reject

Configure an IGMPv3 policy.

[edit policy-statement reject_policy_v3]user@host# set from route-filter 224.1.1.1/32 exactuser@host# set from route-filter 239.0.0.0/8

www.vceplus.com - Website designed to help IT pros advance their careers.

orlonger user@host# set from source-address-filter 10.0.0.0/8 orlonger u s e r @ h o s

orlongeruser@host# set from source-address-filter 10.0.0.0/8 orlonger user@host# set from source-address-filter 127.0.0.0/8 orlongeruser@host# set then reject

Apply the policies to the IGMP interfaces on which you prefer not to receive specific group or (source, group) reports. In this example, ge-0/0/0.1 is running IGMPv2, and ge-0/1/1.0 is running IGMPv3. [edit protocols igmp]user@host# set interface ge-0/0/0.1 group-policy reject_policy_v2user@host# set interface ge-0/1/1.0 group-policy

reject_policy_v3

Verify the operation of the filter by checking the Rejected Report field in the output of the show igmp statistics command

QUESTION 36 You have been asked to implement a private VLAN with two community VLANs. This private VLAN must span multiple switches in your Layer 2 network.

Which two statements about this deployment are true? (Choose two.)

A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.

C. Both community VLANs must have assigned VLAN IDs.

D. A minimum of one private VLAN trunk port is required.

Correct Answer: CD Section: (none) Explanation

Explanation/Reference:

Explanation:

http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/private-vlans-ex-series.html

PVLAN Ethernet Switch Ports

PVLANs can have the following types of switch ports:

Promiscuous port—An upstream (trunk) port that is connected to the routers or shared resources. These ports have Layer 2 connectivity to all the other ports on the switch, including the isolated ports. Community port—An access port that belongs to a community. These ports have Layer 2 connectivity with other ports in the same community. Isolated port—An access port that is isolated from the other ports on the switch. Isolated ports have Layer 2 connectivity only with promiscuous ports and PVLAN trunk ports. An isolated port cannot communicate with another isolated port even if they are members of the same isolated VLAN (or inter-switch isolated VLAN) domain. Typically, a server (such as a mail server or a backup server) is connected on this type of port. PVLAN trunk port—A trunk port that connects two switches when a PVLAN is configured spanning those switches. The PVLAN trunk port is a member of all the VLANs within the PVLAN (that is, the primary VLAN, the community VLANs, and the inter-switch isolated VLAN). It can communicate with all ports other than the isolated ports.

www.vceplus.com - Website designed to help IT pros advance their careers.

The membership of the PVLAN trunk port in the inter-switch isolated VLAN is “egress-only”. Incoming traffic on the PVLAN trunk port will never get assigned to the inter-switch isolated VLAN. The communication between a PVLAN trunk port and an isolated port is unidirectional. An isolated port can forward packets to a PVLAN trunk port, but a PVLAN trunk port cannot forward packets to an isolated port.

QUESTION 37 Which configuration parameter causes a router to ignore router ID and peer ID from the BGP route selection algorithm?

A. multihop

B. as-path loops

C. multipath

D. next-hop self

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 38

If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.)

A. MED

B. Origin

C. Local preference

D. Community

Correct Answer: BC Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 39

A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any device that fails authentication must be provided limited access

through a VLAN called NONAUTH.

www.vceplus.com - Website designed to help IT pros advance their careers.

How do you provide this access?

A. Configure NONAUTH VLAN as the guest VLAN.

B. Configure NONAUTH VLAN as the server-reject VLAN.

C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN.

D. Configure a separate VLAN for each type of user: 802.1X and non-802.1X.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

How 802.1X Authentication Works

802.1X authentication works by using an Authenticator Port Access Entity (the switch) to block all traffic to and from a supplicant (end device) at the port until the supplicant's credentials are presented and matched on the Authentication server (a RADIUS server). When authenticated, the switch stops blocking traffic and opens the port to the supplicant.

802.1X Features Overview

802.1X features on Juniper Networks EX Series Ethernet Switches are:

Guest VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are not 802.1X enabled when MAC RADIUS authentication has not been configured on the switch interfaces to which the hosts are connected . Server-reject VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are 802.1X enabled but have sent the wrong credentials. Server-fail VLAN—Provides limited access to a LAN, typically just to the internet, for 802.1X end devices during a RADIUS server timeout. Dynamic VLAN—Enables an end device, after authentication, to be a member of a VLAN dynamically. Private VLAN—Enables configuration of 802.1X authentication on interfaces that are members of private VLANs (PVLANs). Dynamic changes to a user session—Allows the switch administrator to terminate an already authenticated session. This feature is based on support of the RADIUS Disconnect Message defined in RFC 3576. Support for VoIP—Supports IP telephones. If the phone is 802.1X-enabled, it is authenticated like any other supplicant. If the phone is not 802.1X-enabled, but has another 802.1X-compatible device connected to its data port, that device is authenticated, and then VoIP traffic can flow to and from the phone (providing that the interface is configured in single mode and not in single-secure mode).

QUESTION 40 When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree?

A. Multicast traffic received at the receiver's designated router (DR).

www.vceplus.com - Website designed to help IT pros advance their careers.

B. An IGMPv3 report received at the receiver's designated router (DR).

C. Multicast traffic received at the rendezvous point (RP).

D. An IGMPv3 report received at the source's designated router (DR).

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

PIM SSM is simpler than PIM sparse mode because only the one-to-many model is supported. Initial commercial multicast Internet applications are likely to be available to subscribers (that is, receivers that issue join messages) from only a single source (a special case of SSM covers the need for a backup source). PIM SSM therefore forms a subset of PIM sparse mode. PIM SSM builds shortest-path trees (SPTs) rooted at the source immediately because in SSM, the router closest to the interested receiver host is informed of the unicast IP address of the source for the multicast traffic. That is, PIM SSM bypasses the RP connection stage through shared distribution trees, as in PIM sparse mode, and goes directly to the source-based distribution tree.

QUESTION 41 Which statement regarding LLDP update messages is correct?

A. Updates can be secured using the MD5 algorithm.

B. Updates are advertised every 60 seconds by default.

C. Updates require bidirectional communication.

D. Updates can be triggered by local changes.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 42 When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs?

A. The authentication sequence is based on the order of the configuration.

B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out, 802.1X will start.

C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by the RADIUS server, then Captive Portal will start.

D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the RADIUS server, then Captive Portal will start.

www.vceplus.com - Website designed to help IT pros advance their careers.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

(none) Explanation Explanation/Reference: Explanation: How 802.1X Authentication Works 802.1X authentication works

How 802.1X Authentication Works

802.1X authentication works by using an Authenticator Port Access Entity (the switch) to block all traffic to and from a supplicant (end device) at the port until the supplicant's credentials are presented and matched on the Authentication server (a RADIUS server). When authenticated, the switch stops blocking traffic and opens the port to the supplicant.

802.1X Features Overview

802.1X features on Juniper Networks EX Series Ethernet Switches are:

Guest VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are not 802.1X enabled when MAC RADIUS authentication has not been configured on the switch interfaces to which the hosts are connected . Server-reject VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are 802.1X enabled but have sent the wrong credentials. Server-fail VLAN—Provides limited access to a LAN, typically just to the internet, for 802.1X end devices during a RADIUS server timeout. Dynamic VLAN—Enables an end device, after authentication, to be a member of a VLAN dynamically. Private VLAN—Enables configuration of 802.1X authentication on interfaces that are members of private VLANs (PVLANs). Dynamic changes to a user session—Allows the switch administrator to terminate an already authenticated session. This feature is based on support of the RADIUS Disconnect Message defined in RFC 3576. Support for VoIP—Supports IP telephones. If the phone is 802.1X-enabled, it is authenticated like any other supplicant. If the phone is not 802.1X-enabled, but has another 802.1X-compatible device connected to its data port, that device is authenticated, and then VoIP traffic can flow to and from the phone (providing that the interface is configured in single mode and not in single-secure mode).

QUESTION 43 You are troubleshooting a problem on interface ge-0/0/3.

Which command shows statistics in real time?

A. show interfaces statistics

B. monitor interface statistics ge-0/0/3

C. monitor interface traffic

D. monitor traffic interface ge-0/0/3

Correct Answer: C Section: (none)

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation

Explanation/Reference:

Explanation:

monitor traffic interface

Note: Because the Packet Forwarding Engine removes Layer 2 header information before sending packets to the Routing Engine:

The monitor traffic command cannot apply match conditions to inbound traffic. The monitor traffic interface command also cannot apply match conditions for Layer 3 and Layer 4 packet data, resulting in the match pipe option (| match) for this command for Layer 3 and Layer 4 packets not working either. Therefore, ensure that you specify match conditions as described in this command summary.

The 802.1Q VLAN tag information included in the Layer 2 header is removed from all inbound traffic packets. Because the monitor traffic interface ae[x] command for aggregated Ethernet interfaces (such as ae0) only shows inbound traffic data, the command does not show VLAN tag information in the output.

QUESTION 44 Which CoS component helps with TCP global synchronization problems?

A. WRR with rewrite rules

B. WRED with drop profiles

C. tail drop profiles with a behavior aggregate classifier

D. exact term with a scheduler

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 45 www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 45

www.vceplus.com - Website designed to help IT pros advance their careers.

You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support varying requirements, interfaces ge-0/0/0 through ge-0/0/3 should each be rate-limited separately, using the same parameters.

What is the correct way to meet these requirements?

A. Configure a single policer and apply it directly on the appropriate interfaces.

B. Configure four policers and apply each one directly on the appropriate interface.

C. Configure a policer and reference it in a firewall filter that uses the interface-specific option; apply the filter to the appropriate interfaces.

D. Configure four policers and reference them all in a firewall filter; apply the filter to the appropriate interfaces.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 46 You are configuring BGP peering with a neighboring AS. Multiple physical links exist between your edge router and the neighboring edge router, and you want a configuration that supports the highest degree of redundancy.

How can you implement this scenario?

A. Configure multiple peerings between the routers' physical interfaces.

B. Use the multipath feature.

C. Configure multiple peerings between the routers' logical interfaces.

D. Use the multihop feature.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 47 An OSPF router is an ABR but not an ASBR.

Which three types of LSAs would you expect this router to generate? (Choose three.)

www.vceplus.com - Website designed to help IT pros advance their careers.

A. Type 1 LSA

B. Type 3 LSA

C. Type 4 LSA

D. Type 5 LSA

E. Type 6 LSA

Correct Answer: ABC Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 48 -- Exhibit --

user@R1> show configuration protocols pim rp

local {

address 192.168.3.1;

}

auto-rp discovery;

static {

address 192.168.5.1;

}

user@R1> show route 192.168.0.0/16

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

192.168.2.1/32 *[Direct/0] 3w4d 04:58:14

Active, * = Both 192.168.2.1/32 *[Direct/0] 3w4d 04:58:14 www.vceplus.com - Website designed to help IT pros

www.vceplus.com - Website designed to help IT pros advance their careers.

> via lo0.0

192.168.5.1/32 *[OSPF/10] 00:52:25, metric 1

> via lt-0/0/0.0

192.168.10.1/32 *[OSPF/10] 00:48:06, metric 1

> via lt-0/0/0.2

192.168.50.1/32 *[OSPF/10] 00:48:06, metric 1

> via lt-0/0/0.4

-- Exhibit --

Click the Exhibit button.

Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of 192.168.10.1 and BSR messages specifying an RP-set with an RP of

192.168.50.1.

Which address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?

A. 192.168.3.1

B. 192.168.5.1

C. 192.168.10.1

D. 192.168.50.1

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 49

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. In the exhibit, customers connected to Area 3

-- Exhibit --

Click the Exhibit button.

In the exhibit, customers connected to Area 3 must have access to external prefixes received from

the data center connected to the router in Area 1. These configurations are currently applied to the routers in Area 1:

{master:0}[edit]

user@Area-1-ABR# show protocols ospf

no-nssa-abr;

area 0.0.0.1 {

www.vceplus.com - Website designed to help IT pros advance their careers.

nssa;

interface ge-1/1/1.100;

}

{master:0}[edit]

user@Area-1-External# show protocols ospf

area 0.0.0.1 {

stub no-summaries;

interface ge-1/1/1.100;

}

What must you change for these configurations to work?

A. Configure the ABR router in Area 1 to support a virtual link.

B. Delete no-summary-lsa from the ABR router in Area 1.

C. Configure the external router in Area 1 for NSSA.

D. Configure the ABR in Area 1 for a default LSA with a default-metric of 10 and no-summaries.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 50 -- Exhibit --

20.0.0.0/8 *[BGP/170] 01:10:38, localpref 100, from 10.0.0.1 AS path: 100 I

> to 15.0.0.2 via ge-0/0/0.0

www.vceplus.com - Website designed to help IT pros advance their careers.

[BGP/170] 00:00:59, localpref 100

AS path: 100 ?

> to 35.0.0.2 via ge-0/0/1.0

-- Exhibit --

Click the Exhibit button.

via ge-0/0/1.0 -- Exhibit -- Click the Exhibit button. Referring to the output in the exhibit,

Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the 20.0.0.0/8 route?

A. The origin is IGP.

B. The origin is unknown.

C. The AS path is longer.

D. Multihop is enabled.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 51 -- Exhibit --

Group: 239.1.1.1

Source: 10.255.70.15

Flags: sparse,spt

Upstream interface: so-1/0/0.0

Upstream neighbor: 10.111.10.2

Upstream state: Local RP, Join to Source

Keepalive timeout: 344

www.vceplus.com - Website designed to help IT pros advance their careers.

Downstream neighbors:

Interface: Pseudo-GMP fe-0/0/0.0 fe-0/0/1.0 fe-0/0/3.0

Interface: so-1/0/0.0 (pruned)

10.111.10.2 State: Prune Flags: SR Timeout: 174

Interface: mt-1/1/0.32768

10.10.47.100 State: Join Flags: S Timeout: Infinity

-- Exhibit --

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

A. The router has pruned the RPT.

B. The router has pruned the SPT only.

C. The router has pruned the RPT only.

D. The router has pruned the SPT.

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 52 -- Exhibit --

user@switch# run show spanning-tree statistics interface ge-0/0/0

STP interface statistics for VLAN 10

Interface BPDUs sent BPDUs received Next BPDU

transmission

www.vceplus.com - Website designed to help IT pros advance their careers.

ge-0/0/0.0 170 3 0

STP interface statistics for VLAN 20

Interface BPDUs sent BPDUs received Next BPDU

transmission

ge-0/0/0.0 171 3 0

-- Exhibit --

Click the Exhibit button.

Based on the exhibit, which spanning-tree protocol is running on ge-0/0/0?

A. VSTP

B. MSTP

C. RSTP

D. PVST

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 53

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. Given the topology in the exhibit, which two

-- Exhibit --

Click the Exhibit button.

-- Exhibit -- Click the Exhibit button. Given the topology in the exhibit, which two statements

Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.)

A. The ge-0/0/0 interface on Provider Bridge A must be configured as an access port.

B. The ge-0/0/0 interface on Provider Bridge A must be configured as a trunk port.

C. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 100.

D. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 200.

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 54

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. You are implementing Q-in-Q tunneling to connect R1

-- Exhibit --

Click the Exhibit button.

You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations shown in the exhibit.

What must be changed on Switch_A to allow both Dot1q-tunneling VLANs and non-Dot1q- tunneling VLANs on the same trunk interface?

A. Change the Dot1q-tunneling Ethertype to 0x9100.

B. Change the Dot1q-tunneling Ethertype to 0x88a8.

C. Change the Dot1q-tunneling Ethertype to 0x8100.

D. Change the Dot1q-tunneling Ethertype to 0x98a8.

Correct Answer: C Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation/Reference:

Explanation:

http://packetcorner.wordpress.com/category/switching/q-in-q/

QUESTION 55

-- Exhibit

QUESTION 55 -- Exhibit -- Exhibit -- Click the Exhibit button. In the exhibit,

-- Exhibit --

Click the Exhibit button.

In the exhibit, Host2 is the only host currently joining group 231.1.1.1, but S1 is still flooding the traffic to all hosts on VLAN 100.

What feature can be configured on S1 to limit the multicast flooding of traffic to only interested hosts on VLAN 100?

A. Multicast scoping

B. IGMP snooping

C. Multicast VLAN registration

D. IGMP immediate leave

Correct Answer: B Section: (none)

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation

Explanation/Reference:

Explanation:

Explanation Explanation/Reference: Explanation: Internet Group Management Protocol (IGMP) snooping constrains the flooding

Internet Group Management Protocol (IGMP) snooping constrains the flooding of IPv4 multicast traffic on VLANs on a switch. When IGMP snooping is enabled on

a VLAN, a Juniper Networks EX Series Ethernet Switch examines IGMP messages between hosts and multicast routers and learns which hosts are interested in

receiving traffic for a multicast group. Based on what it learns, the switch then forwards multicast traffic only to those interfaces in the VLAN that are connected to interested receivers instead of flooding the traffic to all interfaces.

QUESTION 56

-- Exhibit --

{master:0}[edit]

user@switch# show protocols vstp

vlan 100;

{master:0}[edit]

user@switch# run show spanning-tree bridge

STP bridge parameters

Context ID : 1

Enabled protocol : RSTP

STP bridge parameters for VLAN 100

Root ID : 32868.50:c5:8d:ae:94:80

Hello time : 2 seconds

Maximum age : 20 seconds

Forward delay : 15 seconds

Message age : 0

www.vceplus.com - Website designed to help IT pros advance their careers.

Number of topology changes : 0

Local parameters

Bridge ID : 32868.50:c5:8d:ae:94:80

Extended system ID : 1

Internal instance ID : 0

{master:0}[edit]

user@switch# run show spanning-tree interface

{master:0}[edit]

user@switch#

-- Exhibit --

Click the Exhibit button.

Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?

A. No interfaces are assigned to VLAN 100.

B. Your MSTI is misconfigured.

C. RSTP is configured in addition to VSTP.

D. No native VLAN is configured.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 57

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. Referring to the exhibit, what is the correct

-- Exhibit --

Click the Exhibit button. Referring to the exhibit, what is the correct RPF path toward the multicast source from R6?

A. R6-R5

B. R6-R7-R4-R5

C. R6-R4-R5

D. R6-R4-R3-R2-R5

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 58 -- Exhibit --

{master:0}[edit]

user@switch# show ethernet-switching-options voip

interface ge-0/0/16.0 {

vlan phones;

}

{master:0}[edit]

user@switch# show interfaces ge-0/0/16

unit 0 {

family ethernet-switching {

port-mode access;

vlan {

members internet;

}

}

}

{master:0}[edit]

user@switch# show vlans

hr {

vlan-id 513;

}

www.vceplus.com - Website designed to help IT pros advance their careers.

internet {

vlan-id 15;

}

phones {

vlan-id 25;

}

servers {

vlan-id 30;

}

{master:0}[edit]

user@switch# show interfaces ge-0/0/23

description uplink;

unit 0 {

family ethernet-switching {

port-mode trunk;

vlan {

members [ hr internet ];

}

}

}

-- Exhibit --

www.vceplus.com - Website designed to help IT pros advance their careers.

Click the Exhibit button.

Click the Exhibit button. You have recently implemented a Layer 2 network designed to support VoIP.

You have recently implemented a Layer 2 network designed to support VoIP. Users have reported that they cannot use their IP phones to make calls.

Based on the switch configuration shown in the exhibit, which command will resolve this issue?

A. set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members phones

B. set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode trunk

C. set ethernet-switching-options voip interface ge-0/0/23 vlan phones

D. set vlans phones vlan-id 513

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 59

-- Exhibit

Explanation/Reference: Explanation: QUESTION 59 -- Exhibit www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit --

Click the Exhibit button.

Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?

A. R2-R3

B. R2-R5-R4

C. R3

D. R2-R4

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 60 -- Exhibit --

Mar 16 18:39:15.800390 BGP RECV 172.14.10.2+57785 -> 172.14.10.1+179

Mar 16 18:39:15.800932 BGP RECV message type 1 (Open) length 59

Mar 16 18:39:15.800995 BGP RECV version 4 as 2 holdtime 90 id 192.168.5.1 parmlen 30

Mar 16 18:39:15.801064 BGP RECV MP capability AFI=2, SAFI=1

Mar 16 18:39:15.801112 BGP RECV Refresh capability, code=128

Mar 16 18:39:15.801172 BGP RECV Refresh capability, code=2

Mar 16 18:39:15.801224 BGP RECV Restart capability, code=64, time=120, flags=

Mar 16 18:39:15.801289 BGP RECV 4 Byte AS-Path capability (65), as_num 2

Mar 16 18:39:15.801705 advertising receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)

Mar 16 18:39:15.801787 bgp_send. sending 59 bytes to 172.14.10.2 (External AS 2)

www.vceplus.com - Website designed to help IT pros advance their careers.

Mar 16 18:39:15.801845

Mar 16 18:39:15.801845 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785

Mar 16 18:39:15.801933 BGP SEND message type 1 (Open) length 59

Mar 16 18:39:15.801991 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30

Mar 16 18:39:15.802054 BGP SEND MP capability AFI=1, SAFI=1

Mar 16 18:39:15.802115 BGP SEND Refresh capability, code=128

Mar 16 18:39:15.802176 BGP SEND Refresh capability, code=2

Mar 16 18:39:15.802227 BGP SEND Restart capability, code=64, time=120, flags=

Mar 16 18:39:15.802292 BGP SEND 4 Byte AS-Path capability (65), as_num 1

Mar 16 18:39:15.802615 bgp_process_caps: mismatch NLRI with 172.14.10.2 (External AS 2):

peer: <inet6-unicast>(16) us: <inet-unicast>(1)

Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2 (External AS 2): code 2 (Open Message Error) subcode 7 (unsupported capability) value 1

Mar 16 18:39:15.802913 bgp_sens: sending 23 bytes to 172.14.10.2 (External AS 2)

Mar 16 18:39:15.802969

Mar 16 18:39:15.802969 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785

Mar 16 18:39:15.803057 BGP SEND message type 3 (Notification) length 23

Mar 16 18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7 (unsupported capability)

Mar 16 18:39:15.803179 BGP SEND Data (2 bytes): 00 01

-- Exhibit --

Click the Exhibit button.

www.vceplus.com - Website designed to help IT pros advance their careers.

Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in Established state?

A. BGP refresh is not supported.

B. There is a router ID mismatch.

C. IPv6 is not supported on the local peer.

D. The peer AS number is misconfigured.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 61

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. In the exhibit, which statement about the ABR

-- Exhibit --

Click the Exhibit button.

In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?

A. The router has connectivity to all areas.

B. The router has connectivity to Area 8 only.

C. The router has connectivity to Area 2 only.

D. The router has connectivity to all routers in Area 8 and Area 2.

Correct Answer: D Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation/Reference:

Explanation:

QUESTION 62 -- Exhibit --

user@router> show class-of-service scheduler-map two

Scheduler map: two, Index: 56974 Scheduler: sch-best-effort, Forwarding class: best-effort, Index: 26057

Transmit rate: 1 percent, Rate Limit: exact, Buffer size: remainder,

Buffer Limit: exact, Priority: low

Excess Priority: unspecified

Drop profiles:

Loss priority Protocol Index Name

Low any 1 <default-drop-profile>

Medium low any 1 <default-drop-profile>

Medium high any 1 <default-drop-profile>

High any 1 <default-drop-profile>

Scheduler: sch-expedited-forwarding, Forwarding class:

expedited-forwarding, Index: 10026

Transmit rate: 1 percent, Rate Limit: none, Buffer size: 1 percent,

Buffer Limit: none, Priority: high

Excess Priority: unspecified

Drop profiles:

Priority: high Excess Priority: unspecified Drop profiles: www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers.

Loss priority Protocol Index Name

Low any 1 <default-drop-profile>

Medium low any 1 <default-drop-profile>

Medium high any 1 <default-drop-profile>

High any 1 <default-drop-profile>

user@router> show interfaces ge-0/0/1 extensive | find "CoS Information"

CoS information:

Direction : Output

CoS transmit queue Bandwidth Buffer

Priority Limit

% bps % usec

0 best-effort 1 10000000 r 0

low exact

1 expedited-forwarding 1 10000000 1 0

high none

Logical interface ge-0/0/1.823 (Index 74) (SNMP ifIndex 506) (Generation

139)

Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.823 ] Encapsulation: ENET2

Traffic statistics:

Input bytes : 1820224529

Output bytes : 6505980

www.vceplus.com - Website designed to help IT pros advance their careers.

Input packets: 1436371

Output packets: 75905

( output truncated

)

user@router> show interfaces ge-0/0/1 extensive | find "Queue Counters"

Queue counters: Queued packets Transmitted packets Dropped packets

0 best-effort 1343970 1343970 7105

1 expedited-fo 53987 53987

2 assured-forw 0 0

3 network-cont 0 0

Queue number: Mapped forwarding classes

0 best-effort

1 expedited-forwarding

2 assured-forwarding

3 network-control

Active alarms : None

Active defects : None

( output truncated

-- Exhibit --

)

Click the Exhibit button.

Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?

A. The drop-profile fill level is set too low.

B. Packets are dropped by a firewall policy.

C. The best-effort queue is being shaped.

www.vceplus.com - Website designed to help IT pros advance their careers.

D.

The scheduler is not being applied correctly.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 63 -- Exhibit --

[edit protocols bgp]

user@router# show

group ext-peer2 {

type external;

peer-as 1; neighbor 192.168.2.1;

}

[edit protocols bgp]

user@router# run show route 192.168.2.1

inet.0: 9 destinations, 10 routes (7 active, 0 holddown, 2 hidden)

+ = Active Route, - = Last Active, * = Both

192.168.2.1/32 *[Static/5] 00:01:56

> to 172.14.10.1 via ge-0/0/1.0

[edit protocols bgp]

user@router# run show bgp summary

Groups: 1 Peers: 1 Down peers: 1

www.vceplus.com - Website designed to help IT pros advance their careers.

Table Tot Paths Act Paths Suppressed History Damp State Pending

inet.0 0 0 0 0 0 0

inet6.0 0 0 0 0 0 0

Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped

192.168.2.1 1 0 0 0 0 14 Idle

-- Exhibit --

Click the Exhibit button.

Looking at the output in the exhibit, why is the BGP neighbor not in Established state?

A. BGP Refresh is not supported.

B. Multihop is not configured.

C. The peer address is not reachable.

D. Authentication is configured.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 64 -- Exhibit --

user@SwitchA# show protocols dot1x

authenticator {

authentication-profile-name dot1x;

interface {

www.vceplus.com - Website designed to help IT pros advance their careers.

ge-0/0/0.0 {

supplicant single;

}

ge-0/0/1.0 {

supplicant single-secure;

}

ge-0/0/2.0 {

supplicant multiple;

}

}

}

{master:0}[edit]

user@SwitchA# show access

radius-server {

172.27.14.226 {

port 1812;

secret "$9$vqs8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA

}

}

profile dot1x {

authentication-order radius;

SECRET-DATA } } profile dot1x { authentication-order radius; www.vceplus.com - Website designed to help IT pros

www.vceplus.com - Website designed to help IT pros advance their careers.

radius {

authentication-server 172.27.14.226;

accounting-server 172.27.14.226;

}

accounting {

order radius;

immediate-update;

}

}

{master:0}[edit]

user@SwitchA#

-- Exhibit --

Click the Exhibit button.

Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choose three.)

A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with their correct user credentials.

B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with their correct user credentials.

C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with its correct credentials only after the first user logs out.

D. Switch A allows complete access to all users connected to port ge-0/0/0 without authentication after the first user has logged in with its correct user credentials.

E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log in using HTTPS with their correct user credentials.

Correct Answer: ACD Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers.

QUESTION 65 -- Exhibit --

Mar 16 17:48:06.145257 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.1)

Mar 16 17:48:12.404986 ospf_trigger_build_telink_lsas : No peer found

Mar 16 17:48:13.013420 ospf_trigger_build_telink_lsas : No peer found

Mar 16 17:48:13.013555 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING

Mar 16 17:48:13.013661 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.1 lsa-id 192.168.2.1

Mar 16 17:48:13.017494 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET

Mar 16 17:48:13.017636 OSPF built router LSA, area 0.0.0.1, link count 2

Mar 16 17:48:13.017954 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)

Mar 16 17:48:13.018023 Version 2, length 44, ID 192.168.2.1, area 0.0.0.1

Mar 16 17:48:13.018111 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:48:13.018162 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0

Mar 16 17:48:13.018613 OSPF DR is 192.168.2.1, BDR is 0.0.0.0

Mar 16 17:48:13.018900 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)

Mar 16 17:48:13.018968 Version 2, length 44, ID 192.168.2.1, area 0.0.0.1

Mar 16 17:48:13.019032 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:48:13.019118 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0

Mar 16 17:48:13.028426 OSPF DR is 192.168.2.1, BDR is 0.0.0.0

Mar 16 17:48:13.432025 OSPF packet ignoreD. area mismatch (0.0.0.0) from 172.14.10.2 on intf ge-0/0/1.0 area 0.0.0.1

Mar 16 17:48:13.432135 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)

www.vceplus.com - Website designed to help IT pros advance their careers.

Mar 16 17:48:13.432189 Version 2, length 44, ID 192.168.5.1, area 0.0.0.0

Mar 16 17:48:13.432274 checksum 0x8065, authtype 0

Mar 16 17:48:13.432346 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:48:13.432398 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0 commit complete

-- Exhibit --

Click the Exhibit button.

Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?

A. There is an MTU mismatch.

B. There is a network mask mismatch.

C. The routers are in different areas.

D. No BDR has been elected.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 66 Click the Exhibit button.

A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in the exhibit, two links are being used for this configuration. The goal of this

configuration is to load- balance traffic across both EBGP links.

Which configuration accomplishes this goal?

A. {master:0}[edit]

user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532;

www.vceplus.com - Website designed to help IT pros advance their careers.

neighbor 10.10.2.neighbor 10.20.2.2;

}

{master:0}[edit]

user@router# show routing-options static {

route 192.168.5.1/32 next-hop 192.168.2.1;

}

autonomous-system 65432;

B. {master:0}[edit]

user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532; neighbor 192.168.5.1;

}

{master:0}[edit]

user@router# show routing-options static { route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; } autonomous-system 65432; forwarding-table { export load-balance;

}

{master:0}[edit]

user@router# show policy-options policy-statement load-balance term balance { then { load-balance per-packet; accept;

}

}

C. {master:0}[edit]

user@router# show protocols bgp group External { multi-path; local-address 192.168.2.1; peer-as 65532; neighbor 192.168.5.1;

}

{master:0}[edit]

user@router# show routing-options

} {master:0}[edit] user@router# show routing-options www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers.

static { route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; } autonomous-system 65432; D. {master:0}[edit] user@router# show protocols bgp group External { multipath; local-address 192.168.2.1; peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2;

}

{master:0}[edit]

user@router# show routing-options

static {

route 192.168.5.1/32 next-hop 192.168.2.1;

}

autonomous-system 65432;

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 67

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. In the exhibit, R5 is receiving five 200.1.1.x

-- Exhibit --

Click the Exhibit button.

In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into

Area 1 using an export policy. You do not want any of the RIP routes to be in the routing table of R Which two solutions meet this requirement? (Choose two.)

A. On R1, configure an export policy to reject the routes.

B. On R1, configure an import policy to reject the routes.

C. On R1, configure each address as a martian route.

D. On R1, configure the no-nssa-abr option.

Correct Answer: BC Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 68

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. In the exhibit, a customer wants to configure

-- Exhibit --

Click the Exhibit button.

In the exhibit, a customer wants to configure an EBGP connection to two different routers in a neighboring autonomous system. The goal of this configuration is to use per-prefix load balancing across both EBGP links.

Which configuration accomplishes this goal?

A. {master:0}[edit]

user@router# show protocols bgp group External { multihop; peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2;

}

B. {master:0}[edit]

user@router# show protocols bgp group External { multipath; peer-as 65532;

www.vceplus.com - Website designed to help IT pros advance their careers.

neighbor 10.10.2.2; neighbor 10.20.2.2;

}

C. {master:0}[edit]

user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2;

}

user@router# show routing-options static {

route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];

}

autonomous-system 65432;

D. {master:0}[edit]

user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532; multipath; neighbor 10.10.2.2; neighbor 10.20.2.2;

}

user@router# show routing-options static {

route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];

}

autonomous-system 65432;

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 69

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit

-- Exhibit -- Exhibit -- Click the Exhibit button. Referring to the exhibit, R4 in AS

-- Exhibit --

Click the Exhibit button.

-- Exhibit -- Exhibit -- Click the Exhibit button. Referring to the exhibit, R4 in AS

Referring to the exhibit, R4 in AS 100 is sending routes 20.0.0.0/8 and 10.0.0.0/8. R3 sees the routes but R5 does not.

What must be configured on the R3 router for the R5 router to install the routes?

A. Anext-hop self policy

B. As-override toward the R5 router

C. As-loops 2

D. Local-as 100

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 70

-- Exhibit

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit -- Click the Exhibit button. You are asked to configure an OSPF virtual

-- Exhibit --

Click the Exhibit button.

You are asked to configure an OSPF virtual link that connects remote Area 4 to the backbone.

Referring to the exhibit, what are two requirements for an OSPF virtual link to operate correctly? (Choose two.)

A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit area 1.

B. The interface of the transit area must be of type vt.

C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface address of the neighbor on the far end.

D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID (RID) of the neighbor on the far end.

Correct Answer: AD

www.vceplus.com - Website designed to help IT pros advance their careers.

Section: (none)

Explanation

Explanation/Reference:

Explanation:

QUESTION 71

-- Exhibit

Explanation/Reference: Explanation: QUESTION 71 -- Exhibit -- Exhibit -- Click the Exhibit button. In the exhibit,

-- Exhibit --

Click the Exhibit button.

In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into Area 1 using an export policy. You want to summarize the RIP routes into Area 0 with the most specific prefix.

Which configuration will accomplish goal?

A. [edit protocols] user@R1# show ospf { area 0.0.0.0 { area-range 200.1.1.0/29; interface ge-0/0/1.0; interface ge-0/0/2.0;

www.vceplus.com - Website designed to help IT pros advance their careers.

interface lo0.0;

}

area 0.0.0.1 { nssa {

default-lsa type-7;

}

interface ge-0/0/3.0;

}

}

B. [edit protocols] user@R1# show ospf { area 0.0.0.0 { interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0;

}

area 0.0.0.1 {

nssa { default-lsa type-7; area-range 200.1.1.0/28;

}

interface ge-0/0/3.0;

}

}

C. [edit protocols] user@R1# show ospf { area 0.0.0.0 {

interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0;

}

area 0.0.0.1 { nssa { default-lsa type-7;

area-range 200.1.1.0/29;

}

interface ge-0/0/3.0;

}

}

www.vceplus.com - Website designed to help IT pros advance their careers.

D. [edit protocols] user@R1# show ospf { area 0.0.0.0 {

area-range 200.1.1.0/28; interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0;

}

area 0.0.0.1 { nssa {

default-lsa type-7;

}

interface ge-0/0/3.0;

}

}

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 72 -- Exhibit --

user@router> show bgp summary

Groups: 3 Peers: 3 Down peers: 0

Table Tot Paths Act Paths Suppressed History Damp State Pending

inet.0 10 8 0 0 0 0

inet6.0 4 3 0 0 0 0

Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped

10.0.3.5 65550 41 52 0 2 17:45 5/5/5/0 0/0/0/0

172.16.0.6 65010 52 42 0 2 31 Establ

www.vceplus.com - Website designed to help IT pros advance their careers.

inet.0: 3/5/5/0

inet6.0: 3/4/4/0

2001:ffff::3:5 65550 43 44 0 4 17:53 Establ

inet6.0: 0/0/0/0

user@router>

-- Exhibit --

Click the Exhibit button.

Examine the output of the show bgp summary command shown in the exhibit.

From which BGP peer is the router receiving IPv6 routes?

A. 10.0.3.5

B. 172.16.0.6

C. 2001:ffff::3:5

D. 2001:ffff:3:5

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 73 -- Exhibit --

user@SwitchA> show dot1x interface detail ge-0/0/2.0

ge-0/0/2.0

Role: Authenticator

Administrative state: Auto

ge-0/0/2.0 Role: Authenticator Administrative state: Auto www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers.

Supplicant mode: Multiple

Number of retries: 3

Quiet period. 60 seconds

Transmit period. 30 seconds

Mac Radius: Enabled

Mac Radius Restrict: Enabled

Reauthentication: Enabled

Configured Reauthentication interval: 3600 seconds

Supplicant timeout: 30 seconds

Server timeout: 30 seconds

Maximum EAPOL requests: 2

Guest VLAN member: <not configured>

Number of connected supplicants: 2

user@SwitchA>

-- Exhibit --

Click the Exhibit button.

Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 do not support 802.1X. They can authenticate and connect to the Internet. Host 3 was added and it supports 802.1X; however, it is unable to authenticate.

Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintain secure access?

A. Enable fallback authentication for 802.1X.

B. Disable MAC RADIUS Restrict option on ge-0/0/2.

C. Disable MAC RADIUS option on ge-0/0/2.

www.vceplus.com - Website designed to help IT pros advance their careers.

D.

Enable Administrative mode for 802.1X.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 74

-- Exhibit --

user@RP> show pim join extensive

Instance: PIM.master Family: INET

R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.1.1.1

Source: *

RP: 192.168.1.1

Flags: sparse,rptree,wildcard

Upstream interface: Local

Upstream neighbor: Local

Upstream state: Local RP

Downstream neighbors:

Interface: so-0/0/0.0 10.0.1.2 State: Join Flags: SRW Timeout: 176

Group: 224.1.1.1

Source: 10.0.5.2

Flags: sparse,spt

www.vceplus.com - Website designed to help IT pros advance their careers.

Upstream interface: unknown (no nexthop)

Upstream neighbor: unknown

Upstream state: Local RP

Keepalive timeout: 106

Downstream neighbors:

Interface: so-0/0/0.0

10.0.1.2 State: Join Flags: S Timeout: 176

Instance: PIM.master Family: INET6

R

= Rendezvous Point Tree, S = Sparse, W = Wildcard

--

Exhibit --

Click the Exhibit button.

The CLI output shown in the exhibit was taken from the RP in a PIM-SM network.

Which statement explains the output shown in the exhibit?

A. No tunnel PIC is installed on the RP router.

B. 192.168.1.1 is not a local IP address on the RP router.

C. Multicast traffic is arriving on the so-0/0/0.0 interface.

D. The router does not have a unicast route to 10.0.5.2.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 75

www.vceplus.com - Website designed to help IT pros advance their careers.

--

OSPF database, Area 0.0.0.0

Type ID Adv Rtr Seq Age Opt Cksum Len

Router *10.0.3.4 10.0.3.4 0x8000000d 30 0x22 0x8d11 132

bits 0x0, link count 9

id 10.1.1.0, data 255.255.255.0, Type Stub (3)

Topology count: 0, Default metric. 1

id 10.0.4.8, data 255.255.255.252, Type Stub (3)

Topology count: 0, Default metric. 1

id 10.0.2.10, data 10.0.2.10, Type Transit (2)

Topology count: 0, Default metric. 1

id 172.16.0.6, data 172.16.0.5, Type Transit (2)

Topology count: 0, Default metric. 1

id 10.0.3.4, data 255.255.255.255, Type Stub (3)

Topology count: 0, Default metric. 0

id 10.0.9.7, data 10.0.2.18, Type PointToPoint (1)

Topology count: 0, Default metric. 65

id 10.0.2.16, data 255.255.255.252, Type Stub (3)

Topology count: 0, Default metric. 65

id 10.0.3.3, data 10.0.2.6, Type PointToPoint (1)

Topology count: 0, Default metric. 2

www.vceplus.com - Website designed to help IT pros advance their careers.

id 10.0.2.4, data 255.255.255.252, Type Stub (3)

Topology count: 0, Default metric. 2

Topology default (ID 0)

Type: PointToPoint, Node ID. 10.0.3.3

MetriC. 2, Bidirectional

Type: PointToPoint, Node ID. 10.0.9.7

MetriC. 65, Bidirectional

Type: Transit, Node ID. 172.16.0.6

MetriC. 1, Bidirectional

Type: Transit, Node ID. 10.0.2.10

MetriC. 1, Bidirectional

-- Exhibit --

Click the Exhibit button.

The exhibit shows the output of an OSPF router LSA.

Which interface ID represents the router's loopback address?

A. ID 10.1.1.0

B. ID 10.0.3.4

C. ID 10.0.3.3

D. ID 10.0.2.4

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation:

QUESTION 76 -- Exhibit --

{master:0}[edit]

user@router# show class-of-service

classifiers {

inet-precedence normal-traffic {

forwarding-class best-effort {

loss-priority low code-points [ my1 my2 ];

}

}

}

code-point-aliases {

inet-precedence {

my1 000;

my2 001;

cs1 010;

cs2 011;

cs3 100;

cs4 101;

cs5 111;

cs6 111;

001; cs1 010; cs2 011; cs3 100; cs4 101; cs5 111; cs6 111; www.vceplus.com - Website

www.vceplus.com - Website designed to help IT pros advance their careers.

}

}

-- Exhibit --

Click the Exhibit button.

In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bits should be mapped to a forwarding class named best-effort. A classifier named normal-traffic is defined.

What must you add to complete this configuration?

A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new code points.

B. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza.

C. Configure a rewrite marker on the ingress Gigabit Ethernet interface.

D. Add code point values for the expedited-forwarding forwarding class as well as the best-effort forwarding class.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 77 -- Exhibit --

user@router> show configuration routing-options autonomous-system

65550;

user@router> show configuration protocols bgp

group ibgp {

type internal;

neighbor 10.0.3.5;

www.vceplus.com - Website designed to help IT pros advance their careers.

}

group ibgpv6 {

type internal;

local-address 2001:ffff::3:4;

neighbor 2001:ffff::3:5;

}

group as65010 {

family inet {

unicast;

}

family inet6 {

unicast;

}

export as65010-out;

peer-as 65010;

neighbor 172.16.0.6;

}

user@router> show configuration policy-options

policy-statement as65010-out {

term locally-originated {

from as-path local-only;

www.vceplus.com - Website designed to help IT pros advance their careers.

then {

metric 7000;

}

}

term from-as65222 {

from as-path as65222-orig;

then as-path-prepend "65550 65550 65550 65550";

}

term transit-as701 {

from as-path transit-as701;

then {

metric 6;

}

}

then accept;

}

as-path local-only "(.*)";

as-path as65222-orig ".* 65222";

as-path transit-as701 ".* 701 .*";

user@router> show route advertising-protocol bgp 172.16.0.6

inet.0: 43 destinations, 47 routes (43 active, 0 holddown, 0 hidden)

www.vceplus.com - Website designed to help IT pros advance their careers.

Prefix Nexthop MED Lclpref AS path

* 10.0.2.0/30 Self 7000 I

* 10.0.2.4/30 Self 7000 I

* 10.0.2.8/30 Self 7000 I

* 10.0.2.16/30 Self 7000 I

* 10.0.3.3/32 Self 7000 I

* 10.0.3.4/32 Self 7000 I

* 10.0.3.5/32 Self 7000 I

* 10.0.4.8/30 Self 7000 I

* 10.0.8.8/30 Self 7000 I

* 10.0.9.9/32 Self 7000 I

* 10.255.255.1/32 Self 7000 I

* 64.142.88.0/24 Self 7000 I

* 130.130.0.0/16 Self 6 65222 46375 701 14203 I

* 131.131.131.0/24 Self 6 65222 46375 701 14203 I

* 132.132.0.0/25 Self 6 65222 46375 701 32934 I

* 133.133.0.0/25 Self 6 65222 46375 701 32934 I

* 134.134.0.0/25 Self 65222 46375 14203 I

* 135.135.0.0/25 Self 65222 46375 14203 14203 I

* 172.16.0.4/30 Self 7000 I

Self 65222 46375 14203 14203 I * 172.16.0.4/30 Self 7000 I www.vceplus.com - Website designed to

www.vceplus.com - Website designed to help IT pros advance their careers.

*

172.16.0.12/30 Self 7000 I

* 172.16.200.0/30 172.16.0.6 7000 I

* 192.0.2.0/24 172.16.0.6 7000 I

* 192.168.50.0/24 Self 7000 I

* 192.168.253.0/24 Self 7000 I

* 200.200.0.0/16 172.16.0.6 7000 I

* 200.200.0.1/32 172.16.0.6 7000 I

* 200.200.1.1/32 172.16.0.6 7000 I

* 200.200.200.200/32 172.16.0.6 7000 I

inet6.0: 23 destinations, 28 routes (23 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path

* ::172.16.0.4/126 Self 7000 I

* 2001:1:1::/64 Self 7000 I

* 2001:1:2::/64 Self 7000 I

* 2001:ffff::3:3/128 Self 7000 I

* 2001:ffff::3:4/128 Self 7000 I

* 2001:ffff::3:5/128 Self 7000 I

* 2001:ffff::9:7/128 Self 7000 I

user@router>

-- Exhibit --

Click the Exhibit button.

www.vceplus.com - Website designed to help IT pros advance their careers.

You are configuring an EBGP peer in a transit environment. You must advertise routes learned from other EBGP peers in your AS. Any routes originated from within your AS should have a MED of 7000 set. Any routes that originate in AS65222 should be prepended four times. Any routes that transit AS701 should have a MED set to 6. This scenario results in the unintended advertisement of internal 10.0.0.0/8 networks to your peer.

What caused the accidental advertisement of internal networks to your EBGP peer?

A. Your AS number of 65550 is a private AS number.

B. The BGP group as65010 is configured for both family inet unicast and family inet6 unicast protocol families.

C. The export policy as65010-out is misconfigured.

D. The as-path local-only includes a misconfigured regular expression.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 78 -- Exhibit --

[edit]

user@router# run show ospf database external lsa-id 71.23.48.0 extensive

OSPF AS SCOPE link state database

Type ID Adv Rtr Seq Age Opt Cksum Len

Extern 71.23.48.0 67.176.255.5 0x80000001 114 0x22 0x171b 36

mask 255.255.248.0

Topology default (ID 0)

Type: 2, MetriC. 0, Fwd addr: 0.0.0.0, Tag: 0.0.0.0

Aging timer 00:58:06

Installed 00:01:53 ago, expires in 00:58:06, sent 00:01:53 ago

www.vceplus.com - Website designed to help IT pros advance their careers.

Last changed 00:01:53 ago, Change count: 1

Extern 71.23.48.0 67.176.255.7 0x8000005a 487 0x22 0x587e 36

mask 255.255.248.0

Topology default (ID 0)

Type: 2, MetriC. 0, Fwd addr: 0.0.0.0, Tag: 0.0.0.0

Aging timer 00:51:52

Installed 00:08:01 ago, expires in 00:51:53, sent 00:07:59 ago

Last changed 2d 19:33:58 ago, Change count: 1

Extern 71.23.48.0 67.176.255.8 0x8000005c 540 0x22 0xf73e 36

mask 255.255.248.0

Topology default (ID 0)

Type: 1, MetriC. 30, Fwd addr: 0.0.0.0, Tag: 0.0.0.0

Aging timer 00:51:00

Installed 00:08:59 ago, expires in 00:51:00, sent 00:08:59 ago

Last changed 00:08:59 ago, Change count: 3

-- Exhibit --

Click the Exhibit button.

As shown in the exhibit, a router is receiving three external LSAs for the prefix 71.23.48.0.

Which path is preferred?

A. The path through 67.176.255.5 is preferred.

B. The path through 67.176.255.7 is preferred.

C. The path through 67.176.255.8 is preferred.

www.vceplus.com - Website designed to help IT pros advance their careers.

D. The paths through 67.176.255.7 and 67.176.255.8 become active to allow load-balancing. Correct Answer: C

D. The paths through 67.176.255.7 and 67.176.255.8 become active to allow load-balancing.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 79

-- Exhibit

Explanation/Reference: Explanation: QUESTION 79 -- Exhibit www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit --

Click the Exhibit button.

In the exhibit, the 10.100/16 prefix is introduced at autonomous system 1 (AS1) and propagated through to AS3. Router A in AS3 receives two different paths to these prefixes, one through AS2 and the other through AS4. No BGP attributes have been altered.

Which path would router A prefer for the 10.100/16 prefix?

A. The route with the lowest interface address for the EBGP peering session

B. The route with the lowest local preference

C. The route to the EBGP peer that has the lowest RID

D. The route from the EBGP peer that arrived first

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 80 -- Exhibit --

[edit]

user@R1# show routing-options router-id

router-id 1.1.1.1;

[edit]

user@R1# show protocols ospf

area 0.0.0.0 {

interface ge-0/0/7.0;

}

www.vceplus.com - Website designed to help IT pros advance their careers.

[edit]

user@R2# show routing-options router-id

router-id 2.2.2.2;

[edit]

user@R2# show protocols ospf

area 0.0.0.0 {

interface ge-0/0/8.0 {

priority 200;

}

}

[edit]

user@R3# show routing-options router-id

router-id 222.255.255.255;

[edit]

user@R3# show protocols ospf

area 0.0.0.0 {

interface ge-0/0/8.0;

}

[edit]

user@R4# show routing-options router-id

www.vceplus.com - Website designed to help IT pros advance their careers.

router-id 239.255.255.255;

[edit]

user@R4# show protocols ospf

area 0.0.0.0 {

interface ge-0/0/6.0 {

priority 0;

}

}

-- Exhibit --

Click the Exhibit button.

All four routers in the exhibit are in the same broadcast domain. The routers were powered on at the same time.

Based on the configurations, which devices are the DR and the BDR?

A. R4 is the DR and R2 is the BDR.

B. R2 is the DR and R3 is the BDR.

C. R2 is the DR and R1 is the BDR.

D. R3 is the DR and R2 is the BDR.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 81 -- Exhibit --

www.vceplus.com - Website designed to help IT pros advance their careers.

user@router> show interfaces ge-0/0/0 extensive | find "Queue counters"

Queue counters: Queued packets Transmitted packets Dropped packets

0 best-effort 35244 35244 0

1 expedited-fo 258963 59852 199111

2 assured-forw 0 0 0

3 network-cont 1625847 1625847 0

-- Exhibit --

Click the Exhibit button.

1625847 1625847 0 -- Exhibit -- Click the Exhibit button. You recently deployed an SRX Series

You recently deployed an SRX Series Gateway in your network. It uses the default class of service configuration.

Based on the output in the exhibit, what reason explains the packet drops in Queue 1?

A. Interface ge-0/0/0 should be used only for management network operations.

B. Queue 0 has higher priority than Queue 1.

C. A policer is reclassifying all traffic into Queue 1.

D. No bandwidth reservation exists on Queue 1.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 82 -- Exhibit --

Mar 16 19:12:58.291474 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:12:58.291624 BGP RECV message type 1 (Open) length 59

www.vceplus.com - Website designed to help IT pros advance their careers.

Mar 16 19:12:58.291688 BGP RECV version 4 as 2 holdtime 90 id 192.168.2.1 parmlen 30

Mar 16 19:12:58.291752 BGP RECV MP capability AFI=1, SAFI=1

Mar 16 19:12:58.291802 BGP RECV Refresh capability, code=128

Mar 16 19:12:58.291850 BGP RECV Refresh capability, code=2

Mar 16 19:12:58.291915 BGP RECV Restart capability, code=64, time=120, flags=

Mar 16 19:12:58.291969 BGP RECV 4 Byte AS-Path capability (65), as_num 2

Mar 16 19:12:58.292385 advertising receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)

Mar 16 19:12:58.292452 bgp_send. sending 59 bytes to 172.14.10.2 (External AS 2)

Mar 16 19:12:58.292522

Mar 16 19:12:58.292522 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:12:58.292601 BGP SEND message type 1 (Open) length 59

Mar 16 19:12:58.293053 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30

Mar 16 19:12:58.293124 BGP SEND MP capability AFI=1, SAFI=1

Mar 16 19:12:58.293173 BGP SEND Refresh capability, code=128

Mar 16 19:12:58.293221 BGP SEND Refresh capability, code=2

Mar 16 19:12:58.293284 BGP SEND Restart capability, code=64, time=120, flags=

Mar 16 19:12:58.293336 BGP SEND 4 Byte AS-Path capability (65), as_num 1

Mar 16 19:12:58.293517 bgp_send. sending 19 bytes to 172.14.10.2 (External AS 2)

Mar 16 19:12:58.293573

Mar 16 19:12:58.293573 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:12:58.293665 BGP SEND message type 4 (KeepAlive) length 19

www.vceplus.com - Website designed to help IT pros advance their careers.

Mar 16 19:12:58.296781

Mar 16 19:12:58.296781 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:12:58.296897 BGP RECV message type 4 (KeepAlive) length 19

Mar 16 19:12:58.297451 bgp_send. sending 19 bytes to 172.14.10.2 (External AS 2)

Mar 16 19:12:58.297528

Mar 16 19:12:58.297528 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:12:58.297600 BGP SEND message type 4 (KeepAlive) length 19

Mar 16 19:12:58.298102 bgp_send. sending 23 bytes to 172.14.10.2 (External AS 2)

Mar 16 19:12:58.298185

Mar 16 19:12:58.298185 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:12:58.298273 BGP SEND message type 2 (Update) length 23

Mar 16 19:12:58.298322 BGP SEND End of RIB. AFI 1 SAFI 1

Mar 16 19:12:58.301834

Mar 16 19:12:58.301834 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:12:58.301957 BGP RECV message type 4 (KeepAlive) length 19

Mar 16 19:12:58.302034 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes

Mar 16 19:12:58.304594

Mar 16 19:12:58.304594 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:12:58.304702 BGP RECV message type 2 (Update) length 23

Mar 16 19:12:58.304765 BGP RECV End of RIB. AFI 1 SAFI 1

Mar 16 19:12:58.304848 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 23 octets 1 update 0 routes

www.vceplus.com - Website designed to help IT pros advance their careers.

Mar 16 19:13:22.968415 bgp_send. sending 19 bytes to 172.14.10.2 (External AS 2)

Mar 16 19:13:22.968586

Mar 16 19:13:22.968586 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:13:22.968675 BGP SEND message type 4 (KeepAlive) length 19

Mar 16 19:13:26.901339

Mar 16 19:13:26.901339 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:13:26.901464 BGP RECV message type 4 (KeepAlive) length 19

Mar 16 19:13:26.901543 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes

Mar 16 19:13:51.335927 bgp_send. sending 19 bytes to 172.14.10.2 (External AS 2)

Mar 16 19:13:51.348180

Mar 16 19:13:51.348180 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:13:51.348296 BGP SEND message type 4 (KeepAlive) length 19

Mar 16 19:13:53.844160

Mar 16 19:13:53.844160 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:13:53.844329 BGP RECV message type 4 (KeepAlive) length 19

Mar 16 19:13:53.844392 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes

-- Exhibit --

Click the Exhibit button.

Looking at the traceoptions output, what is the current keepalive timer set for in BGP?

A. 1 second

B. 10 seconds

C. 30 seconds

www.vceplus.com - Website designed to help IT pros advance their careers.

D.

90 seconds

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 83

-- Exhibit

Explanation/Reference: Explanation: QUESTION 83 -- Exhibit -- Exhibit -- Click the Exhibit button. As shown in

-- Exhibit --

Click the Exhibit button.

As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not support LLDP-MED, but does allow configuration using DHCP. Existing network CoS policies dictate that VoIP traffic must use VLAN 10.

Which two actions put VoIP traffic onto VLAN 10? (Choose two.)

A. Configure protocols cdp on Switch-1.

B. Manually configure the voice VLAN on the IP phone.

C. Configure vlan 1 under forwarding-options bootp.

D. Configure interface ge-0/0/5 under forwarding-options bootp.

Correct Answer: BD

www.vceplus.com - Website designed to help IT pros advance their careers.

Section: (none)

Explanation

Explanation/Reference:

Explanation:

QUESTION 84

-- Exhibit

Explanation/Reference: Explanation: QUESTION 84 -- Exhibit -- Exhibit Click the Exhibit button. Which statement about

-- Exhibit Click the Exhibit button.

Which statement about the non-ABR router in Area 2 in the exhibit is true?

about the non-ABR router in Area 2 in the exhibit is true? www.vceplus.com - Website designed

www.vceplus.com - Website designed to help IT pros advance their careers.

A. The router has connectivity to all areas.

B. The router has connectivity to Area 2 only.

C. The router has connectivity to Area 2 and Area 0.

D. The router has connectivity to Area 2 and Area 8.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 85

-- Exhibit

Explanation/Reference: Explanation: QUESTION 85 -- Exhibit -- Exhibit -- Click the Exhibit button. Referring to the

-- Exhibit --

Click the Exhibit button.

Referring to the exhibit, you want to configure Switch-1 to allow a user on interface ge-0/0/10 to accommodate both voice and data traffic. Your phones and your switches are LLDP-MED capable.

What is the minimal configuration that allows LLDP-MED to autoconfigure your phone's voice VLAN?

A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan Exam. Any

set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0

www.vceplus.com - Website designed to help IT pros advance their careers.

B. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp interface ge-0/0/10.0

C. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 forwarding-class assured-forwarding set protocols lldp-med interface ge-0/0/10.0

D. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 86

-- Exhibit

Explanation/Reference: Explanation: QUESTION 86 -- Exhibit -- Exhibit -- Click the Exhibit button Site A is

-- Exhibit --

Click the Exhibit button Site A is sending voice traffic marked with DSCP code EF. SRX A has the default CoS classifier.

www.vceplus.com - Website designed to help IT pros advance their careers.

Into which forwarding class is SRX A classifying traffic?

A. best-effort

B. expedited-forwarding

C. network-control

D. assured-forwarding

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 87

-- Exhibit

Explanation/Reference: Explanation: QUESTION 87 -- Exhibit -- Exhibit -- Click the Exhibit button. In the exhibit,

-- Exhibit --

Click the Exhibit button.

In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF next hop for the RP. Host1 is currently receiving multicast traffic for group 231.1.1.1. Host2 has come online and is attempting to join group 232.1.1.1. R2 has just received an IGMP message with the source and group addresses.

Which step happens next so that Host2 can join the multicast group?

www.vceplus.com - Website designed to help IT pros advance their careers.

A. R2 sends a PIM join upstream towards R3 to join the shared tree.

B. R2 sends a PIM join upstream towards R3 to join the source tree.

C. R2 sends a PIM join upstream towards R1 to join the shared tree.

D. R2 sends a PIM join upstream towards R1 to join the source tree.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

http://network-technologies.metaswitch.com/multicast//what-is-pim.aspx

PIM Sparse Mode (PIM-SM) is a multicast routing protocol

PIM Sparse Mode (PIM-SM) is a multicast routing protocol designed on the assumption that recipients for any particular multicast group will be sparsely distributed throughout the network. In other words, it is assumed that most subnets in the network will not want any given multicast packet. In order to receive multicast data, routers must explicitly tell their upstream neighbors about their interest in particular groups and sources. Routers use PIM Join and Prune messages to join and leave multicast distribution trees.

QUESTION 88

-- Exhibit

leave multicast distribution trees. QUESTION 88 -- Exhibit -- Exhibit -- Click the Exhibit button. www.vceplus.com

-- Exhibit --

Click the Exhibit button.

www.vceplus.com - Website designed to help IT pros advance their careers.

In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic over VLAN 200.

What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A?

A. interfaces { ge-0/0/0 { unit 0 {

family ethernet-switching { port-mode access;

}

}

}

ge-0/0/10 { unit 0 {

family ethernet-switching { port-mode trunk; vlan { members test;

}

}

}

}

}

vlans {

test {

vlan-id 200;

interface {

ge-0/0/0.0;

}

dot1q-tunneling { customer-vlans 100;

}

}

}

B. interfaces {

ge-0/0/0 {

unit 0 { family ethernet-switching { port-mode trunk; vlan { members test;

}

www.vceplus.com - Website designed to help IT pros advance their careers.

}

}

}

ge-0/0/10 {

unit 0 { family ethernet-switching { port-mode access;

}

}

}

}

vlans {

test {

vlan-id 200;

interface {

ge-0/0/0.0;

}

dot1q-tunneling {

customer-vlans 100;

 

}

}

}

C.

interfaces {

ge-0/0/0 {

unit 0 { family ethernet-switching { port-mode trunk; vlan { members test;

}

}

}

}

ge-0/0/10 {

unit 0 { family ethernet-switching { port-mode access;

}

}

}

}

vlans {

www.vceplus.com - Website designed to help IT pros advance their careers.

test {

vlan-id 200;

interface {

ge-0/0/10.0;

}

dot1q-tunneling {

customer-vlans 100;

}

}

}

D. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode access;

}

}

}

ge-0/0/10 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test;

}

}

}

}

}

vlans {

test {

vlan-id 100;

interface {

ge-0/0/0.0;

}

dot1q-tunneling {

customer-vlans 200;

}

}

}

Correct Answer: A

www.vceplus.com - Website designed to help IT pros advance their careers.

Section: (none)

Explanation

Explanation/Reference:

Explanation:

QUESTION 89

-- Exhibit

Explanation/Reference: Explanation: QUESTION 89 -- Exhibit -- Exhibit -- Click the Exhibit button. In the topology

-- Exhibit --

Click the Exhibit button.

In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to influence the path that AS4 takes to reach prefixes originated by AS1? (Choose two.)

A. Local Preference

B. AS Path

C. Origin

D. MED

Correct Answer: BC Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation/Reference:

Explanation:

QUESTION 90

-- Exhibit

Explanation/Reference: Explanation: QUESTION 90 -- Exhibit -- Exhibit -- Click the Exhibit button. Traffic flows through

-- Exhibit --

Click the Exhibit button.

Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule on R1 to mark HTTP traffic with a specific DSCP value.

What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain?

A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1 and R2.

B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3.

C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3.

D. Use the default settings already in place on the device.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers.

Explanation:

QUESTION 91

-- Exhibit

Explanation: QUESTION 91 -- Exhibit -- Exhibit -- Click the Exhibit button. In the exhibit, Switch

-- Exhibit --

Click the Exhibit button.

91 -- Exhibit -- Exhibit -- Click the Exhibit button. In the exhibit, Switch A is

In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged traffic from different ports. The administrator wants to mirror all tagged and untagged traffic entering VLAN10 to analyzer port ge-0/0/10. All VLAN tags must be preserved for traffic that is mirrored to the analyzer port.

Which configuration will achieve this?

A. set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0

B. set ethernet-switching-options analyzer vlan10_analyzer input interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0

C. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set vlans default interface ge-0/0/10.0

D. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10

www.vceplus.com - Website designed to help IT pros advance their careers.

set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set vlans VLAN10 interface ge-0/0/10.0

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 92 -- Exhibit --

Mar 16 17:18:28.751306 ospf_trigger_build_telink_lsas : No peer found

Mar 16 17:18:28.751729 ospf_set_lsdb_state: Network LSA 172.14.10.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING

Mar 16 17:18:28.751801 OSPF trigger network LSA build for interface ge-0/0/1.0 area 0.0.0.0

Mar 16 17:18:28.751874 OSPF DR is 192.168.2.1, BDR is 0.0.0.0

Mar 16 17:18:28.751931 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id 192.168.2.1

Mar 16 17:18:28.752044 ospf_trigger_build_telink_lsas : No peer found

Mar 16 17:18:28.752190 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)

Mar 16 17:18:28.752258 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0

Mar 16 17:18:28.752315 mask 255.255.255.224, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:18:28.752380 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0

Mar 16 17:18:28.763796 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)

Mar 16 17:18:28.763897 Version 2, length 44, ID 192.168.5.1, area 0.0.0.0

Mar 16 17:18:28.763946 checksum 0x0, authtype 0

Mar 16 17:18:28.764140 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

-- Exhibit --

www.vceplus.com - Website designed to help IT pros advance their careers.

Click the Exhibit button.

Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?

A. There is an MTU mismatch.

B. There is a network mask mismatch.

C. The routers are in different areas.

D. No BDR has been elected.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

QUESTION 93

-- Exhibit

Explanation/Reference: Explanation: QUESTION 93 -- Exhibit www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers.

-- Exhibit --

Click the Exhibit button.

As shown in the exhibit, the 10.10/16 prefix is redistributed into OSPF through R2 and R5. R2 is advertising the prefix with a Type 1 metric of 100 and R5 is advertising the prefix with a Type 2 metric of 10.

What is the preferred path to reach 10.10/16 from R6?

A. R6-R5

B. R6-R4-R5

C. R6-R4-R5-R2

D. R6-R4-R3-R2