JN0-643

Juniper JN0-643

Enterprise Routing and Switching, Professional(JNCIP-ENT)

Version: 5.0

QUESTION NO: 1

A user complains about connectivity problems from their IP address (10.1.1.87) to a server(10.65.1.100).

Which Junos command can help verify connectivity in the network?

A. mroute B. traceoptions C. ping D. clear bgp neighbor

Answer: AExplanation:

QUESTION NO: 2

Port authentication falls back to Captive Portal.

In which two scenarios would the port authentication move back to 802.1X? (Choose two.)

A. if any MAC RADIUS request packet is received on the interface and if there are no sessions inauthenticated/authenticating state B. if Captive Portal is deactivated on the interface C. if the user gets logged out D. if the EAP packet is received on the interface and if there are no sessions inauthenticated/authenticating state

Answer: B,DExplanation:

QUESTION NO: 3

A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use a singleIGP for both IPv4 and IPv6 traffic.

Which protocol meets this requirement?

A. OSPFv2

Juniper JN0-643 Exam

"Pass Any Exam. Any Time." - www.actualtests.com 2

B. BGPv4 C. ES-ISv1 D. OSPFv3

Answer: DExplanation:

QUESTION NO: 4

A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period. Youmust prevent this behavior in the future.

Which protocol should you enable on the EX Series switch to address this condition in the future?

A. DVMRP B. L2TPv3 C. STP D. RSVP


QUESTION NO: 5

You have implemented 802.1X authentication in your Layer 2 network and you have only a singleRADIUS server. You are asked to ensure that if the RADIUS server becomes unreachable or fails,users connected to the ge-0/0/0 port are still able to reach the Internet using a predefined guestVLAN.

Which command allows this access?

A. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest B. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name guest C. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan guest D. [edit] user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign guest



Answer: BExplanation:

QUESTION NO: 6

Which option is a valid IPv6 multicast address?

A. fe80::205:8640:471:3200/64 B. ::172.16.0.5/126 C. ff03:365:ba::23 D. ff01:cgfc:345::226:8ff:fee4:bf6f

Answer: CExplanation:

QUESTION NO: 7

A company is deploying a new 802.1X port-based security infrastructure to allow users to accessresources through wired Ethernet ports. However they recently deployed an RSA token-basedsystem for users to connect remotely. The network administrator wants to reuse the same securitydatabase for 802.1X port-based security.

Which 802.1X authentication protocol is required?

A. EAP-TLS B. LAN-PEAP C. RSA-EAP D. EAP-TTLS


QUESTION NO: 8

Which protocol reachability is advertised by OSPFv2?

A. IPv4



B. IPv5 C. IPv6 D. ISO


QUESTION NO: 9

You are AS 6573.

Which AS path regular expression matches only routes originated in your AS?

A. "6573.*" B. ".*" C. "{" D. "^$"


QUESTION NO: 10

Voice traffic is coming in on UDP port 17689. This traffic must be classified into the expedited-forwarding forwarding class.

Which type of classifier is needed?

A. code point alias B. rewrite marker C. multifield D. behavior aggregate


QUESTION NO: 11



Which three attributes must a BGP update contain? (Choose three.)

A. next-hop B. MED C. origin D. AS-path E. local preference

Answer: A,C,DExplanation:

QUESTION NO: 12

You must configure your access switch with more than 3000 VLANs and you want the ability toload-balance across them.

Which spanning-tree approach has the least impact on control-plane performance?

A. Configure your access switch with a load-balancing policy and apply it under [edit protocolsrstp]. B. Configure your access switch for Rapid-PVST+. C. Configure your access switch for MSTP, incorporating the use of MSTIs. D. Configure your access switch for both VSTP and RSTP.


QUESTION NO: 13

You are implementing MSTP in your network.

Which three values must match on all switches within the MST region? (Choose three)

A. Context identifier B. Region name C. VLANs D. Revision E. Configuration manifest



Answer: B,C,DExplanation:

QUESTION NO: 14

You have been asked to implement a private VLAN with two community VLANs. This privateVLAN will be confined to a single switch in your Layer 2 network. This private VLAN, along withother VLANs configured on the switch, will require gateway services provided through a connectedrouter.

Which statement about this deployment is true?

A. All isolated ports must be configured as trunk ports. B. A minimum of one promiscuous trunk port is required. C. Both community VLANs must have an assigned VLAN IDs. D. A minimum of one private VLAN trunk port is required.


QUESTION NO: 15

During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hopbased on the BGP protocol next-hop attribute.

Which two routing tables are checked during this process in a default Junos configuration?(Choose two.)

A. inet.0 B. inet.1 C. inet.2 D. inet.3

Answer: A,DExplanation:

QUESTION NO: 16



You have a requirement for a device to provide 20 W of power over Ethernet.

What meets this requirement?

A. Bond two standard PoE ports together to achieve 30.8 W of power. B. Install an external redundant power supply in the switch to increase the total power load. C. Select a switch that has PoE+ support. D. Enable LLDP-MED to transfer power from other switches.


QUESTION NO: 17

R1 has an OSPF adjacency with R2 over a point-to-point link.

Which three statements about the advertisements for this link in the Type 1 (Router) LSAgenerated by R1 are true? (Choose three.)

A. It has a value in the link ID field with R2's interface IP address. B. It has a value in the link ID field with R2's router ID. C. It has a link-type of point-to-point (Type 1). D. It has a link-type of Transit (Type 2). E. It has a link-type of stub (Type 3).

Answer: B,D,EExplanation:

QUESTION NO: 18

What is the significance of the multicast address range 224.0.0.1 through 224.0.0.254?

A. They have link-local scope. B. They have administrative region scope. C. They are reserved for future use. D. They have a scope of two or more hops from a router.




ENRIQUEResaltado

ENRIQUEResaltado

ENRIQUEResaltado

QUESTION NO: 19

You must prioritize VoIP packets on your network.

Which feature will accomplish this goal?

A. RSVP B. Multicast Routing C. VPLS D. Class of Service


QUESTION NO: 20

You notice that a number of IGMP leave group messages are passing through a BMA network andare impacting the network's performance.

What would you do to resolve this issue without affecting multicast traffic?

A. Apply an import policy to control leave group messages. B. Suppress group-specific queries. C. Suppress generic IGMP queries. D. Enable promiscuous-mode in IGMP.


QUESTION NO: 21

A network administrator is configuring CoS on a switch and assigns forwarding classes call-sigand critical to the same queue number per the configuration below:

class-of-service {



ENRIQUEResaltado

forwarding-classes {

class best-effort queue-num 0;

class bulk-data queue-num 1;

class critical queue-num 3;

class voice queue-num 6;

class call-sig queue-num 3;

}

}

Based on the configuration, which option prioritizes call-sig traffic over critical traffic?

A. Assign call-sig and critical to different schedulers. B. Assign call-sig and critical to different scheduler maps. C. Assign a loss priority of high to the packets in the critical forwarding class and configure dropprofiles in the scheduler configuration. D. Assign a loss priority of high to the packets in the critical forwarding class and set priority highin the scheduler configuration.


QUESTION NO: 22

A Layer 2 transparent firewall separates two OSPFv3 routers.

For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on thefirewall?

A. IPv4 protocol 89 B. IPv6 protocol 89 C. TCP port 89 D. UDP port 89




QUESTION NO: 23

In MSTP, which two factors determine the root bridge in each region? (Choose two.)

A. The switch with the higher priority becomes the root bridge. B. The switch with the lower priority becomes the root bridge. C. The switch with the lower MAC address becomes the root bridge when priorities are tied. D. The switch with the higher MAC address becomes the root bridge when priorities are tied.

Answer: B,CExplanation:

QUESTION NO: 24

Which two LSA types are only generated by an ABR router? (Choose two.)

A. ASBR summary LSA (Type 4) B. ASBR LSA (Type 5) C. Summary LSA (Type 3) D. Router LSA (Type 1)

Answer: A,CExplanation:

QUESTION NO: 25

Which two statements about MVRP on EX Series switches are true? (Choose two.)

A. MVRP can add VLANs on access interfaces. B. MVRP can add VLANs on trunk interfaces. C. MVRP adds VLANs on MVRP-enabled interfaces by default. D. MVRP is in transparent mode on MVRP-enabled interfaces by default.


QUESTION NO: 26



A company's security policy does not allow outside computers or smart phones into their workareas. All company-provided computers are strictly controlled using 802.1X authentication on all oftheir switches. All computers obtain DHCP IP addresses from centralized servers and all switcheshave IP spoofing enabled. However, one of the computers was able to send IP spoofed packets.

Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded?

A. The IP source guard database timeout was set too low. B. The DHCP snooping feature was not enabled on any of the switches. C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic ARPInspection feature. D. 802.1X feature was not enabled on the port that was directly connected to the infectedcomputer.


QUESTION NO: 27

What is a valid router ID configuration for OSPFv3 in the Junos OS?

A. set routing-options router-id 2001:1:2::1 B. set protocols ospf3 router-id fe80:223:2887:ab31::1 C. set routing-options router-id 224.1.0.1 D. set protocols ospf3 router-id 10.8.3.9


QUESTION NO: 28

You are setting up a new switch in your network that is using MSTP. You have configured allaccess ports as edge ports, and you want to make sure that the access ports can never transitionto nonedge ports.

How can you meet this requirement?

A. Configure the interfaces as shared. B. Configure the hello-time option as zero.



--

-

-

C. Configure the interfaces as a no-root-port. D. Configure bpdu-block-on-edge.


QUESTION NO: 29

When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree?(Choose two.)

A. Multicast traffic received at the receiver's designated router (DR). B. PIM join received at the receiver's designated router (DR). C. PIM join received at the source designated router (DR). D. PIM registers received by the rendezvous point (RP).


QUESTION NO: 30

A coffee shop offering free Internet service to customers wants to implement the following securitypolicies:

1. Every customer must agree to a set of terms and conditions before accessing the Internet.

2. Log out customers that are logged in for more than one hour.

3. Log out customers that are idle for more than 5 minutes.

4. Authenticate employee desktop computers with known hardware addresses in the office of thecoffee shop to access the Internet without the above restrictions.

The following configuration has been applied to the switch:

set access radius-server 172.16.14.26 port 1812 set access radius-server 172.16.14.26 secret Am@zingC00f33 set access profile dot1x authentication-order radius set access profile dot1x radius authentication-server 172.27.14.226

What would you add to implement these policies?



A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message Welcome to Our Coffee Shop set services captive-portal custom-options banner-message Terms and Conditions of Use" B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message Welcome to Our Coffee Shop set services captive-portal custom-options banner-message Terms and Conditions of Use" C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal interface ge-0/0/12.0 user-timeout 3600 set services captive-portal secure-authentication https set services captive-portal custom-options header-message Welcome to Our Coffee Shop set services captive-portal custom-options banner-message Terms and Conditions of Use" D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message Welcome to Our Coffee Shop set services captive-portal custom-options banner-message Terms and Conditions of Use"


QUESTION NO: 31

What is an IP multicast routing protocol?

A. RSVP



B. OSPF C. PIM D. CDP


QUESTION NO: 32

Which version of BGP would an enterprise use to peer with an ISP?

A. Confederation BGP B. External BGP C. Internal BGP D. Labeled-Unicast


QUESTION NO: 33

You are setting up a new switch in your network that is using MSTP. You want to make sure thatany port connected to a host starts forwarding traffic immediately.

How can you meet this requirement?

A. Configure the interfaces as point-to-point. B. Configure the interfaces as edge. C. Configure the forward-delay option as zero. D. Configure the interfaces as shared.


QUESTION NO: 34

You have been asked to implement 802.1X in your network and to ensure that all authorized userscontinue to be permitted should the RADIUS server fail.



ENRIQUEResaltado

ENRIQUEResaltado

ENRIQUEResaltado

ENRIQUEResaltado

Which solution will satisfy this requirement?

A. Implement the persistent MAC feature with the override option. B. Implement the server fail fallback feature with the use-cache option. C. Implement the persistent MAC feature with the use-cache option. D. Implement the server fail fallback feature with the override option.


QUESTION NO: 35

How does an administrator block IGMP reports for the 239.0.0.0/8 group range?

A. Create a routing policy and apply it to IGMP using the group-policy feature. B. Create a routing policy and apply it to IGMP using the report-policy feature. C. Create a routing policy and apply it to IGMP as export. D. Create a routing policy and apply it to IGMP as import.


QUESTION NO: 36

You have been asked to implement a private VLAN with two community VLANs. This privateVLAN must span multiple switches in your Layer 2 network.

Which two statements about this deployment are true? (Choose two.)

A. All isolated ports must be configured as trunk ports. B. A minimum of one promiscuous trunk port is required. C. Both community VLANs must have assigned VLAN IDs. D. A minimum of one private VLAN trunk port is required.

Answer: C,DExplanation:



ENRIQUEResaltado

ENRIQUEResaltado

QUESTION NO: 37

Which configuration parameter causes a router to ignore router ID and peer ID from the BGP routeselection algorithm?

A. multihop B. as-path loops C. multipath D. next-hop self


QUESTION NO: 38

If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would youmodify to affect outbound traffic? (Choose two.)

A. MED B. origin C. local preference D. community


QUESTION NO: 39

A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Anydevice that fails authentication must be provided limited access through a VLAN calledNONAUTH.

How do you provide this access?

A. Configure NONAUTH VLAN as the guest VLAN. B. Configure NONAUTH VLAN as the server-reject VLAN. C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN. D. Configure a separate VLAN for each type of user: 802.1X and non-802.1X.

Answer: C



Explanation:

QUESTION NO: 40

When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree?

A. Multicast traffic received at the receiver's designated router (DR). B. An IGMPv3 report received at the receiver's designated router (DR). C. Multicast traffic received at the rendezvous point (RP). D. An IGMPv3 report received at the source's designated router (DR).


QUESTION NO: 41

Which statement regarding LLDP update messages is correct?

A. Updates can be secured using the MD5 algorithm. B. Updates are advertised every 60 seconds by default. C. Updates require bidirectional communication. D. Updates can be triggered by local changes.


QUESTION NO: 42

When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, whichauthentication sequence occurs?

A. The authentication sequence is based on the order of the configuration. B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out, 802.1X willstart. C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by the RADIUSserver, then Captive Portal will start. D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the RADIUSserver, then Captive Portal will start.




QUESTION NO: 43

You are troubleshooting a problem on interface ge-0/0/3.

Which command shows statistics in real time?

A. show interfaces statistics B. monitor interface statistics ge-0/0/3 C. monitor interface traffic D. monitor traffic interface ge-0/0/3


QUESTION NO: 44

Which CoS component helps with TCP global synchronization problems?

A. WRR with rewrite rules B. WRED with drop profiles C. tail drop profiles with a behavior aggregate classifier D. exact term with a scheduler


QUESTION NO: 45

You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support varyingrequirements, interfaces ge-0/0/0 through ge-0/0/3 should each be rate-limited separately, usingthe same parameters.

What is the correct way to meet these requirements?



A. Configure a single policer and apply it directly on the appropriate interfaces. B. Configure four policers and apply each one directly on the appropriate interface. C. Configure a policer and reference it in a firewall filter that uses the interface-specific option;apply the filter to the appropriate interfaces. D. Configure four policers and reference them all in a firewall filter; apply the filter to theappropriate interfaces.


QUESTION NO: 46

You are configuring BGP peering with a neighboring AS. Multiple physical links exist betweenyour edge router and the neighboring edge router, and you want a configuration that supports thehighest degree of redundancy.

How can you implement this scenario?

A. Configure multiple peerings between the routers physical interfaces. B. Use the multipath feature. C. Configure multiple peerings between the routers logical interfaces. D. Use the multihop feature.


QUESTION NO: 47

An OSPF router is an ABR but not an ASBR.

Which three types of LSAs would you expect this router to generate? (Choose three.)

A. Type 1 LSA B. Type 3 LSA C. Type 4 LSA D. Type 5 LSA E. Type 6 LSA

Answer: A,B,CExplanation:



QUESTION NO: 48

-- Exhibit --

user@R1> show configuration protocols pim rp

local {

address 192.168.3.1;

}

auto-rp discovery;

static {

address 192.168.5.1;

}

user@R1> show route 192.168.0.0/16

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

192.168.2.1/32 *[Direct/0] 3w4d 04:58:14

> via lo0.0

192.168.5.1/32 *[OSPF/10] 00:52:25, metric 1

> via lt-0/0/0.0

192.168.10.1/32 *[OSPF/10] 00:48:06, metric 1

> via lt-0/0/0.2

192.168.50.1/32 *[OSPF/10] 00:48:06, metric 1

> via lt-0/0/0.4

-- Exhibit --

Click the Exhibit button.



Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of192.168.10.1 and BSR messages specifying an RP-set with an RP of 192.168.50.1.

Which address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?

A. 192.168.3.1 B. 192.168.5.1 C. 192.168.10.1 D. 192.168.50.1


QUESTION NO: 49

-- Exhibit

-- Exhibit --




In the exhibit, customers connected to Area 3 must have access to external prefixes received fromthe data center connected to the router in Area 1. These configurations are currently applied to therouters in Area 1:

{master:0}[edit]

user@Area-1-ABR# show protocols ospf

no-nssa-abr;

area 0.0.0.1 {

nssa;

interface ge-1/1/1.100;

}

{master:0}[edit]

user@Area-1-External# show protocols ospf

area 0.0.0.1 {

stub no-summaries;


}

What must you change for these configurations to work?

A. Configure the ABR router in Area 1 to support a virtual link. B. Delete no-summary-lsa from the ABR router in Area 1. C. Configure the external router in Area 1 for NSSA. D. Configure the ABR in Area 1 for a default LSA with a default-metric of 10 and no-summaries.


QUESTION NO: 50

-- Exhibit --



20.0.0.0/8 *[BGP/170] 01:10:38, localpref 100, from 10.0.0.1

AS path: 100 I

> to 15.0.0.2 via ge-0/0/0.0

[BGP/170] 00:00:59, localpref 100

AS path: 100 ?

> to 35.0.0.2 via ge-0/0/1.0

-- Exhibit --


Referring to the output in the exhibit, why does the router prefer the path toward interface ge-0/0/0.0 for the 20.0.0.0/8 route?

A. The origin is IGP. B. The origin is unknown. C. The AS path is longer. D. Multihop is enabled.


QUESTION NO: 51

-- Exhibit --

Group: 239.1.1.1

Source: 10.255.70.15

Flags: sparse,spt

Upstream interface: so-1/0/0.0

Upstream neighbor: 10.111.10.2

Upstream state: Local RP, Join to Source

Keepalive timeout: 344

Downstream neighbors:



Interface: Pseudo-GMP

fe-0/0/0.0 fe-0/0/1.0 fe-0/0/3.0

Interface: so-1/0/0.0 (pruned)

10.111.10.2 State: Prune Flags: SR Timeout: 174

Interface: mt-1/1/0.32768

10.10.47.100 State: Join Flags: S Timeout: Infinity

-- Exhibit --


Referring to the exhibit, which two statements are true? (Choose two.)

A. The router has pruned the RPT. B. The router has pruned the SPT only. C. The router has pruned the RPT only. D. The router has pruned the SPT.


QUESTION NO: 52

-- Exhibit --

user@switch# run show spanning-tree statistics interface ge-0/0/0

STP interface statistics for VLAN 10

Interface BPDUs sent BPDUs received Next BPDU

transmission

ge-0/0/0.0 170 3 0

STP interface statistics for VLAN 20

Interface BPDUs sent BPDUs received Next BPDU



transmission

ge-0/0/0.0 171 3 0

-- Exhibit --


Based on the exhibit, which spanning-tree protocol is running on ge-0/0/0?

A. VSTP B. MSTP C. RSTP D. PVST


QUESTION NO: 53

-- Exhibit

-- Exhibit --


Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.)

A. The ge-0/0/0 interface on Provider Bridge A must be configured as an access port. B. The ge-0/0/0 interface on Provider Bridge A must be configured as a trunk port.



C. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID100. D. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID200.


QUESTION NO: 54

-- Exhibit

-- Exhibit --


You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations shown inthe exhibit.

What must be changed on Switch_A to allow both Dot1q-tunneling VLANs and non-Dot1q-tunneling VLANs on the same trunk interface?

A. Change the Dot1q-tunneling Ethertype to 0x9100.



B. Change the Dot1q-tunneling Ethertype to 0x88a8. C. Change the Dot1q-tunneling Ethertype to 0x8100. D. Change the Dot1q-tunneling Ethertype to 0x98a8.


QUESTION NO: 55

-- Exhibit

-- Exhibit --


In the exhibit, Host2 is the only host currently joining group 231.1.1.1, but S1 is still flooding thetraffic to all hosts on VLAN 100.

What feature can be configured on S1 to limit the multicast flooding of traffic to only interestedhosts on VLAN 100?

A. Multicast scoping B. IGMP snooping C. Multicast VLAN registration D. IGMP immediate leave




QUESTION NO: 56

-- Exhibit --

{master:0}[edit]

user@switch# show protocols vstp

vlan 100;

{master:0}[edit]

user@switch# run show spanning-tree bridge

STP bridge parameters

Context ID : 1

Enabled protocol : RSTP

STP bridge parameters for VLAN 100

Root ID : 32868.50:c5:8d:ae:94:80

Hello time : 2 seconds

Maximum age : 20 seconds

Forward delay : 15 seconds

Message age : 0

Number of topology changes : 0

Local parameters

Bridge ID : 32868.50:c5:8d:ae:94:80

Extended system ID : 1

Internal instance ID : 0

{master:0}[edit]

user@switch# run show spanning-tree interface



{master:0}[edit]

user@switch#

-- Exhibit --


Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?

A. No interfaces are assigned to VLAN 100. B. Your MSTI is misconfigured. C. RSTP is configured in addition to VSTP. D. No native VLAN is configured.


QUESTION NO: 57

-- Exhibit

-- Exhibit --




Referring to the exhibit, what is the correct RPF path toward the multicast source from R6?

A. R6-R5 B. R6-R7-R4-R5 C. R6-R4-R5 D. R6-R4-R3-R2-R5


QUESTION NO: 58

-- Exhibit --

{master:0}[edit]

user@switch# show ethernet-switching-options voip

interface ge-0/0/16.0 {

vlan phones;

}

{master:0}[edit]

user@switch# show interfaces ge-0/0/16

unit 0 {

family ethernet-switching {

port-mode access;

vlan {

members internet;

}

}

}



{master:0}[edit]

user@switch# show vlans

hr {

vlan-id 513;

}

internet {

vlan-id 15;

}

phones {

vlan-id 25;

}

servers {

vlan-id 30;

}

{master:0}[edit]

user@switch# show interfaces ge-0/0/23

description uplink;

unit 0 {

family ethernet-switching {

port-mode trunk;

vlan {

members [ hr internet ];

}

}

}

-- Exhibit --




You have recently implemented a Layer 2 network designed to support VoIP. Users have reportedthat they cannot use their IP phones to make calls.

Based on the switch configuration shown in the exhibit, which command will resolve this issue?

A. set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members phones B. set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode trunk C. set ethernet-switching-options voip interface ge-0/0/23 vlan phones D. set vlans phones vlan-id 513


QUESTION NO: 59

-- Exhibit

-- Exhibit --


Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?

A. R2-R3 B. R2-R5-R4



C. R3 D. R2-R4


QUESTION NO: 60

-- Exhibit --

Mar 16 18:39:15.800390 BGP RECV 172.14.10.2+57785 -> 172.14.10.1+179

Mar 16 18:39:15.800932 BGP RECV message type 1 (Open) length 59

Mar 16 18:39:15.800995 BGP RECV version 4 as 2 holdtime 90 id 192.168.5.1 parmlen 30

Mar 16 18:39:15.801064 BGP RECV MP capability AFI=2, SAFI=1

Mar 16 18:39:15.801112 BGP RECV Refresh capability, code=128


Mar 16 18:39:15.801224 BGP RECV Restart capability, code=64, time=120, flags=

Mar 16 18:39:15.801289 BGP RECV 4 Byte AS-Path capability (65), as_num 2

Mar 16 18:39:15.801705 advertising receiving-speaker only capabilty to neighbor 172.14.10.2(External AS 2)

Mar 16 18:39:15.801787 bgp_send. sending 59 bytes to 172.14.10.2 (External AS 2)

Mar 16 18:39:15.801845

Mar 16 18:39:15.801845 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785

Mar 16 18:39:15.801933 BGP SEND message type 1 (Open) length 59

Mar 16 18:39:15.801991 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30

Mar 16 18:39:15.802054 BGP SEND MP capability AFI=1, SAFI=1

Mar 16 18:39:15.802115 BGP SEND Refresh capability, code=128


Mar 16 18:39:15.802227 BGP SEND Restart capability, code=64, time=120, flags=

Mar 16 18:39:15.802292 BGP SEND 4 Byte AS-Path capability (65), as_num 1



Mar 16 18:39:15.802615 bgp_process_caps: mismatch NLRI with 172.14.10.2 (External AS 2):peer: (16) us: (1)

Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2 (ExternalAS 2): code 2 (Open Message Error) subcode 7 (unsupported capability) value 1

Mar 16 18:39:15.802913 bgp_sens: sending 23 bytes to 172.14.10.2 (External AS 2)

Mar 16 18:39:15.802969

Mar 16 18:39:15.802969 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785

Mar 16 18:39:15.803057 BGP SEND message type 3 (Notification) length 23

Mar 16 18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7(unsupported capability)

Mar 16 18:39:15.803179 BGP SEND Data (2 bytes): 00 01

-- Exhibit --


Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in Establishedstate?

A. BGP refresh is not supported. B. There is a router ID mismatch. C. IPv6 is not supported on the local peer. D. The peer AS number is misconfigured.


QUESTION NO: 61

-- Exhibit



-- Exhibit --


In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?

A. The router has connectivity to all areas. B. The router has connectivity to Area 8 only. C. The router has connectivity to Area 2 only. D. The router has connectivity to all routers in Area 8 and Area 2.


QUESTION NO: 62

-- Exhibit --

user@router> show class-of-service scheduler-map two

Scheduler map: two, Index: 56974



Scheduler: sch-best-effort, Forwarding class: best-effort, Index: 26057

Transmit rate: 1 percent, Rate Limit: exact, Buffer size: remainder,

Buffer Limit: exact, Priority: low

Excess Priority: unspecified

Drop profiles:

Loss priority Protocol Index Name

Low any 1

Medium low any 1

Medium high any 1

High any 1

Scheduler: sch-expedited-forwarding, Forwarding class:

expedited-forwarding, Index: 10026

Transmit rate: 1 percent, Rate Limit: none, Buffer size: 1 percent,

Buffer Limit: none, Priority: high

Excess Priority: unspecified

Drop profiles:

Loss priority Protocol Index Name

Low any 1

Medium low any 1

Medium high any 1

High any 1

user@router> show interfaces ge-0/0/1 extensive | find "CoS Information"

CoS information:



Direction : Output

CoS transmit queue Bandwidth Buffer

Priority Limit

% bps % usec

0 best-effort 1 10000000 r 0

low exact

1 expedited-forwarding 1 10000000 1 0

high none

Logical interface ge-0/0/1.823 (Index 74) (SNMP ifIndex 506) (Generation

139)

Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.823 ] Encapsulation: ENET2

Traffic statistics:

Input bytes : 1820224529

Output bytes : 6505980

Input packets: 1436371

Output packets: 75905

(... output truncated ...)

user@router> show interfaces ge-0/0/1 extensive | find "Queue Counters"

Queue counters: Queued packets Transmitted packets Dropped packets

0 best-effort 1343970 1343970 7105

1 expedited-fo 53987 53987

0

2 assured-forw 0 0

0

3 network-cont 0 0

0



Queue number: Mapped forwarding classes

0 best-effort

1 expedited-forwarding

2 assured-forwarding

3 network-control

Active alarms : None

Active defects : None

(... output truncated ...)

-- Exhibit --


Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on theSRX Series platform?

A. The drop-profile fill level is set too low. B. Packets are dropped by a firewall policy. C. The best-effort queue is being shaped. D. The scheduler is not being applied correctly.


QUESTION NO: 63

-- Exhibit --

[edit protocols bgp]

user@router# show

group ext-peer2 {

type external;

peer-as 1;



neighbor 192.168.2.1;

}


user@router# run show route 192.168.2.1


+ = Active Route, - = Last Active, * = Both

192.168.2.1/32 *[Static/5] 00:01:56

> to 172.14.10.1 via ge-0/0/1.0


user@router# run show bgp summary

Groups: 1 Peers: 1 Down peers: 1

Table Tot Paths Act Paths Suppressed History Damp State Pending

inet.0 0 0 0 0 0 0

inet6.0 0 0 0 0 0 0

Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...

192.168.2.1 1 0 0 0 0 14 Idle

-- Exhibit --


Looking at the output in the exhibit, why is the BGP neighbor not in Established state?

A. BGP Refresh is not supported. B. Multihop is not configured. C. The peer address is not reachable. D. Authentication is configured.




QUESTION NO: 64

-- Exhibit --

user@SwitchA# show protocols dot1x

authenticator {

authentication-profile-name dot1x;

interface {

ge-0/0/0.0 {

supplicant single;

}

ge-0/0/1.0 {

supplicant single-secure;

}

ge-0/0/2.0 {

supplicant multiple;

}

}

}

{master:0}[edit]

user@SwitchA# show access

radius-server {

172.27.14.226 {

port 1812;

secret "$9$vqs8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA

}

}



ENRIQUEResaltado

profile dot1x {

authentication-order radius;

radius {

authentication-server 172.27.14.226;

accounting-server 172.27.14.226;

}

accounting {

order radius;

immediate-update;

}

}

{master:0}[edit]

user@SwitchA#

-- Exhibit --


Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choosethree.)

A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with theircorrect user credentials. B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with theircorrect user credentials. C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with itscorrect credentials only after the first user logs out. D. Switch A allows complete access to all users connected to port ge-0/0/0 without authenticationafter the first user has logged in with its correct user credentials. E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log inusing HTTPS with their correct user credentials.

Answer: A,C,DExplanation:



ENRIQUEResaltado

ENRIQUEResaltado

ENRIQUEResaltado

QUESTION NO: 65

-- Exhibit --

Mar 16 17:48:06.145257 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.1)

Mar 16 17:48:12.404986 ospf_trigger_build_telink_lsas : No peer found


Mar 16 17:48:13.013555 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 stateQUIET->GEN_PENDING

Mar 16 17:48:13.013661 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.1 lsa-id192.168.2.1

Mar 16 17:48:13.017494 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 stateGEN_PENDING->QUIET

Mar 16 17:48:13.017636 OSPF built router LSA, area 0.0.0.1, link count 2

Mar 16 17:48:13.017954 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area0.0.0.1)

Mar 16 17:48:13.018023 Version 2, length 44, ID 192.168.2.1, area 0.0.0.1

Mar 16 17:48:13.018111 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:48:13.018162 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0

Mar 16 17:48:13.018613 OSPF DR is 192.168.2.1, BDR is 0.0.0.0






Mar 16 17:48:13.432025 OSPF packet ignoreD. area mismatch (0.0.0.0) from 172.14.10.2 on intfge-0/0/1.0 area 0.0.0.1

Mar 16 17:48:13.432135 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area0.0.0.1)




Mar 16 17:48:13.432274 checksum 0x8065, authtype 0


Mar 16 17:48:13.432398 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0 commit complete

-- Exhibit --


Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?

A. There is an MTU mismatch. B. There is a network mask mismatch. C. The routers are in different areas. D. No BDR has been elected.


QUESTION NO: 66

-- Exhibit --

-- Exhibit --


A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in theexhibit, two links are being used for this configuration. The goal of this configuration is to load-balance traffic across both EBGP links.

Which configuration accomplishes this goal?

A. {master:0}[edit] user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532;



neighbor 10.10.2.2; neighbor 10.20.2.2; } {master:0}[edit] user@router# show routing-options static { route 192.168.5.1/32 next-hop 192.168.2.1; } autonomous-system 65432; B. {master:0}[edit] user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532; neighbor 192.168.5.1; } {master:0}[edit] user@router# show routing-options static { route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; } autonomous-system 65432; forwarding-table { export load-balance; } {master:0}[edit] user@router# show policy-options policy-statement load-balance term balance { then { load-balance per-packet; accept; } } C. {master:0}[edit] user@router# show protocols bgp group External { multi-path; local-address 192.168.2.1; peer-as 65532; neighbor 192.168.5.1; } {master:0}[edit] user@router# show routing-options static { route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; }



autonomous-system 65432; D. {master:0}[edit] user@router# show protocols bgp group External { multipath; local-address 192.168.2.1; peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2; } {master:0}[edit] user@router# show routing-options static { route 192.168.5.1/32 next-hop 192.168.2.1; } autonomous-system 65432;


QUESTION NO: 67

-- Exhibit

-- Exhibit --


In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into



Area 1 using an export policy. You do not want any of the RIP routes to be in the routing table ofR1.

Which two solutions meet this requirement? (Choose two.)

A. On R1, configure an export policy to reject the routes. B. On R1, configure an import policy to reject the routes. C. On R1, configure each address as a martian route. D. On R1, configure the no-nssa-abr option.


QUESTION NO: 68

-- Exhibit

-- Exhibit --


In the exhibit, a customer wants to configure an EBGP connection to two different routers in aneighboring autonomous system. The goal of this configuration is to use per-prefix load balancingacross both EBGP links.

Which configuration accomplishes this goal?



A. {master:0}[edit] user@router# show protocols bgp group External { multihop; peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2; } B. {master:0}[edit] user@router# show protocols bgp group External { multipath; peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2; } C. {master:0}[edit] user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2; } user@router# show routing-options static { route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ]; } autonomous-system 65432; D. {master:0}[edit] user@router# show protocols bgp group External { multihop; local-address 192.168.2.1; peer-as 65532; multipath; neighbor 10.10.2.2; neighbor 10.20.2.2; } user@router# show routing-options static { route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ]; } autonomous-system 65432;

Answer: B



Explanation:

QUESTION NO: 69

-- Exhibit

-- Exhibit --


Referring to the exhibit, R4 in AS 100 is sending routes 20.0.0.0/8 and 10.0.0.0/8. R3 sees theroutes but R5 does not.

What must be configured on the R3 router for the R5 router to install the routes?

A. a next-hop self policy B. as-override toward the R5 router C. as-loops 2 D. local-as 100


QUESTION NO: 70 -- Exhibit



-- Exhibit --


You are asked to configure an OSPF virtual link that connects remote Area 4 to the backbone.

Referring to the exhibit, what are two requirements for an OSPF virtual link to operate correctly?(Choose two.)

A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit area 1. B. The interface of the transit area must be of type vt. C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface address ofthe neighbor on the far end. D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID (RID) ofthe neighbor on the far end.




ENRIQUEResaltado

ENRIQUEResaltado

QUESTION NO: 71

-- Exhibit

-- Exhibit --


In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them intoArea 1 using an export policy. You want to summarize the RIP routes into Area 0 with the mostspecific prefix.

Which configuration will accomplish goal?

A. [edit protocols] user@R1# show ospf { area 0.0.0.0 { area-range 200.1.1.0/29; interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; } area 0.0.0.1 { nssa { default-lsa type-7; } interface ge-0/0/3.0; } }



B. [edit protocols] user@R1# show ospf { area 0.0.0.0 { interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; } area 0.0.0.1 { nssa { default-lsa type-7; area-range 200.1.1.0/28; } interface ge-0/0/3.0; } } C. [edit protocols] user@R1# show ospf { area 0.0.0.0 { interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; } area 0.0.0.1 { nssa { default-lsa type-7; area-range 200.1.1.0/29; } interface ge-0/0/3.0; } } D. [edit protocols] user@R1# show ospf { area 0.0.0.0 { area-range 200.1.1.0/28; interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0; } area 0.0.0.1 { nssa { default-lsa type-7; } interface ge-0/0/3.0; }



}


QUESTION NO: 72

-- Exhibit --

user@router> show bgp summary

Groups: 3 Peers: 3 Down peers: 0

Table Tot Paths Act Paths Suppressed History Damp State Pending

inet.0 10 8 0 0 0 0

inet6.0 4 3 0 0 0 0

Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...

10.0.3.5 65550 41 52 0 2 17:45 5/5/5/0 0/0/0/0

172.16.0.6 65010 52 42 0 2 31 Establ

inet.0: 3/5/5/0

inet6.0: 3/4/4/0

2001:ffff::3:5 65550 43 44 0 4 17:53 Establ

inet6.0: 0/0/0/0

user@router>

-- Exhibit --


Examine the output of the show bgp summary command shown in the exhibit.

From which BGP peer is the router receiving IPv6 routes?

A. 10.0.3.5



ENRIQUEResaltado

B. 172.16.0.6 C. 2001:ffff::3:5 D. 2001:ffff:3:5


QUESTION NO: 73

-- Exhibit --

user@SwitchA> show dot1x interface detail ge-0/0/2.0

ge-0/0/2.0

Role: Authenticator

Administrative state: Auto

Supplicant mode: Multiple

Number of retries: 3

Quiet period. 60 seconds

Transmit period. 30 seconds

Mac Radius: Enabled

Mac Radius Restrict: Enabled

Reauthentication: Enabled

Configured Reauthentication interval: 3600 seconds

Supplicant timeout: 30 seconds

Server timeout: 30 seconds

Maximum EAPOL requests: 2

Guest VLAN member:

Number of connected supplicants: 2

user@SwitchA>

-- Exhibit --




Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 donot support 802.1X. They can authenticate and connect to the Internet. Host 3 was added and itsupports 802.1X; however, it is unable to authenticate.

Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintainsecure access?

A. Enable fallback authentication for 802.1X. B. Disable MAC RADIUS Restrict option on ge-0/0/2. C. Disable MAC RADIUS option on ge-0/0/2. D. Enable Administrative mode for 802.1X.


QUESTION NO: 74

-- Exhibit --

user@RP> show pim join extensive

Instance: PIM.master Family: INET

R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.1.1.1

Source: *

RP: 192.168.1.1

Flags: sparse,rptree,wildcard

Upstream interface: Local

Upstream neighbor: Local

Upstream state: Local RP


Interface: so-0/0/0.0



10.0.1.2 State: Join Flags: SRW Timeout: 176

Group: 224.1.1.1

Source: 10.0.5.2

Flags: sparse,spt

Upstream interface: unknown (no nexthop)

Upstream neighbor: unknown

Upstream state: Local RP

Keepalive timeout: 106


Interface: so-0/0/0.0

10.0.1.2 State: Join Flags: S Timeout: 176

Instance: PIM.master Family: INET6

R = Rendezvous Point Tree, S = Sparse, W = Wildcard

-- Exhibit --


The CLI output shown in the exhibit was taken from the RP in a PIM-SM network.

Which statement explains the output shown in the exhibit?

A. No tunnel PIC is installed on the RP router. B. 192.168.1.1 is not a local IP address on the RP router. C. Multicast traffic is arriving on the so-0/0/0.0 interface. D. The router does not have a unicast route to 10.0.5.2.


QUESTION NO: 75



ENRIQUEResaltado

-- Exhibit --

OSPF database, Area 0.0.0.0

Type ID Adv Rtr Seq Age Opt Cksum Len

Router *10.0.3.4 10.0.3.4 0x8000000d 30 0x22 0x8d11 132

bits 0x0, link count 9

id 10.1.1.0, data 255.255.255.0, Type Stub (3)

Topology count: 0, Default metric. 1

id 10.0.4.8, data 255.255.255.252, Type Stub (3)


id 10.0.2.10, data 10.0.2.10, Type Transit (2)


id 172.16.0.6, data 172.16.0.5, Type Transit (2)


id 10.0.3.4, data 255.255.255.255, Type Stub (3)


id 10.0.9.7, data 10.0.2.18, Type PointToPoint (1)


id 10.0.2.16, data 255.255.255.252, Type Stub (3)


id 10.0.3.3, data 10.0.2.6, Type PointToPoint (1)


id 10.0.2.4, data 255.255.255.252, Type Stub (3)


Topology default (ID 0)

Type: PointToPoint, Node ID. 10.0.3.3

MetriC. 2, Bidirectional



Type: PointToPoint, Node ID. 10.0.9.7


Type: Transit, Node ID. 172.16.0.6


Type: Transit, Node ID. 10.0.2.10


-- Exhibit --


The exhibit shows the output of an OSPF router LSA.

Which interface ID represents the router's loopback address?

A. ID 10.1.1.0 B. ID 10.0.3.4 C. ID 10.0.3.3 D. ID 10.0.2.4


QUESTION NO: 76

-- Exhibit --

{master:0}[edit]

user@router# show class-of-service

classifiers {

inet-precedence normal-traffic {

forwarding-class best-effort {

loss-priority low code-points [ my1 my2 ];

}



ENRIQUEResaltado

}

}

code-point-aliases {

inet-precedence {

my1 000;

my2 001;

cs1 010;

cs2 011;

cs3 100;

cs4 101;

cs5 111;

cs6 111;

}

}

-- Exhibit --


In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bitsshould be mapped to a forwarding class named best-effort. A classifier named normal-traffic isdefined.

What must you add to complete this configuration?

A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new codepoints. B. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza. C. Configure a rewrite marker on the ingress Gigabit Ethernet interface. D. Add code point values for the expedited-forwarding forwarding class as well as the best-effortforwarding class.




QUESTION NO: 77

-- Exhibit --

user@router> show configuration routing-options autonomous-system

65550;

user@router> show configuration protocols bgp

group ibgp {

type internal;

neighbor 10.0.3.5;

}

group ibgpv6 {

type internal;

local-address 2001:ffff::3:4;

neighbor 2001:ffff::3:5;

}

group as65010 {

family inet {

unicast;

}

family inet6 {

unicast;

}

export as65010-out;

peer-as 65010;

neighbor 172.16.0.6;

}



user@router> show configuration policy-options

policy-statement as65010-out {

term locally-originated {

from as-path local-only;

then {

metric 7000;

}

}

term from-as65222 {

from as-path as65222-orig;

then as-path-prepend "65550 65550 65550 65550";

}

term transit-as701 {

from as-path transit-as701;

then {

metric 6;

}

}

then accept;

}

as-path local-only "(.*)";

as-path as65222-orig ".* 65222";

as-path transit-as701 ".* 701 .*";

user@router> show route advertising-protocol bgp 172.16.0.6


Prefix Nexthop MED Lclpref AS path



* 10.0.2.0/30 Self 7000 I

* 10.0.2.4/30 Self 7000 I

* 10.0.2.8/30 Self 7000 I

* 10.0.2.16/30 Self 7000 I

* 10.0.3.3/32 Self 7000 I

* 10.0.3.4/32 Self 7000 I

* 10.0.3.5/32 Self 7000 I

* 10.0.4.8/30 Self 7000 I

* 10.0.8.8/30 Self 7000 I

* 10.0.9.9/32 Self 7000 I

* 10.255.255.1/32 Self 7000 I

* 64.142.88.0/24 Self 7000 I

* 130.130.0.0/16 Self 6 65222 46375 701 14203 I

* 131.131.131.0/24 Self 6 65222 46375 701 14203 I

* 132.132.0.0/25 Self 6 65222 46375 701 32934 I

* 133.133.0.0/25 Self 6 65222 46375 701 32934 I

* 134.134.0.0/25 Self 65222 46375 14203 I

* 135.135.0.0/25 Self 65222 46375 14203 14203 I

* 172.16.0.4/30 Self 7000 I

* 172.16.0.12/30 Self 7000 I

* 172.16.200.0/30 172.16.0.6 7000 I

* 192.0.2.0/24 172.16.0.6 7000 I

* 192.168.50.0/24 Self 7000 I

* 192.168.253.0/24 Self 7000 I

* 200.200.0.0/16 172.16.0.6 7000 I

* 200.200.0.1/32 172.16.0.6 7000 I

* 200.200.1.1/32 172.16.0.6 7000 I



* 200.200.200.200/32 172.16.0.6 7000 I

inet6.0: 23 destinations, 28 routes (23 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path

* ::172.16.0.4/126 Self 7000 I

* 2001:1:1::/64 Self 7000 I

* 2001:1:2::/64 Self 7000 I

* 2001:ffff::3:3/128 Self 7000 I

* 2001:ffff::3:4/128 Self 7000 I

* 2001:ffff::3:5/128 Self 7000 I

* 2001:ffff::9:7/128 Self 7000 I

user@router>

-- Exhibit --


You are configuring an EBGP peer in a transit environment. You must advertise routes learnedfrom other EBGP peers in your AS. Any routes originated from within your AS should have a MEDof 7000 set. Any routes that originate in AS65222 should be prepended four times. Any routes thattransit AS701 should have a MED set to 6. This scenario results in the unintended advertisementof internal 10.0.0.0/8 networks to your peer.

What caused the accidental advertisement of internal networks to your EBGP peer?

A. Your AS number of 65550 is a private AS number. B. The BGP group as65010 is configured for both family inet unicast and family inet6 unicastprotocol families. C. The export policy as65010-out is misconfigured. D. The as-path local-only includes a misconfigured regular expression.




QUESTION NO: 78

-- Exhibit --

[edit]

user@router# run show ospf database external lsa-id 71.23.48.0 extensive

OSPF AS SCOPE link state database

Type ID Adv Rtr Seq Age Opt Cksum Len

Extern 71.23.48.0 67.176.255.5 0x80000001 114 0x22 0x171b 36

mask 255.255.248.0


Type: 2, MetriC. 0, Fwd addr: 0.0.0.0, Tag: 0.0.0.0

Aging timer 00:58:06

Installed 00:01:53 ago, expires in 00:58:06, sent 00:01:53 ago

Last changed 00:01:53 ago, Change count: 1

Extern 71.23.48.0 67.176.255.7 0x8000005a 487 0x22 0x587e 36

mask 255.255.248.0





Last changed 2d 19:33:58 ago, Change count: 1

Extern 71.23.48.0 67.176.255.8 0x8000005c 540 0x22 0xf73e 36

mask 255.255.248.0







Last changed 00:08:59 ago, Change count: 3

-- Exhibit --


As shown in the exhibit, a router is receiving three external LSAs for the prefix 71.23.48.0.

Which path is preferred?

A. The path through 67.176.255.5 is preferred. B. The path through 67.176.255.7 is preferred. C. The path through 67.176.255.8 is preferred. D. The paths through 67.176.255.7 and 67.176.255.8 become active to allow load-balancing.


QUESTION NO: 79

-- Exhibit



-- Exhibit --


In the exhibit, the 10.100/16 prefix is introduced at autonomous system 1 (AS1) and propagatedthrough to AS3. Router A in AS3 receives two different paths to these prefixes, one through AS2and the other through AS4. No BGP attributes have been altered.

Which path would router A prefer for the 10.100/16 prefix?

A. The route with the lowest interface address for the EBGP peering session B. The route with the lowest local preference C. The route to the EBGP peer that has the lowest RID D. The route from the EBGP peer that arrived first




QUESTION NO: 80

-- Exhibit --

[edit]

user@R1# show routing-options router-id

router-id 1.1.1.1;

[edit]

user@R1# show protocols ospf

area 0.0.0.0 {


}

[edit]


router-id 2.2.2.2;

[edit]


area 0.0.0.0 {


priority 200;

}

}

[edit]


router-id 222.255.255.255;



[edit]


area 0.0.0.0 {


}

[edit]


router-id 239.255.255.255;

[edit]


area 0.0.0.0 {


priority 0;

}

}

-- Exhibit --


All four routers in the exhibit are in the same broadcast domain. The routers were powered on atthe same time.

Based on the configurations, which devices are the DR and the BDR?

A. R4 is the DR and R2 is the BDR. B. R2 is the DR and R3 is the BDR. C. R2 is the DR and R1 is the BDR. D. R3 is the DR and R2 is the BDR.




QUESTION NO: 81

-- Exhibit --

user@router> show interfaces ge-0/0/0 extensive | find "Queue counters"

Queue counters: Queued packets Transmitted packets Dropped packets

0 best-effort 35244 35244 0

1 expedited-fo 258963 59852 199111

2 assured-forw 0 0 0

3 network-cont 1625847 1625847 0

-- Exhibit --


You recently deployed an SRX Series Gateway in your network. It uses the default class ofservice configuration.

Based on the output in the exhibit, what reason explains the packet drops in Queue 1?

A. Interface ge-0/0/0 should be used only for management network operations. B. Queue 0 has higher priority than Queue 1. C. A policer is reclassifying all traffic into Queue 1. D. No bandwidth reservation exists on Queue 1.


QUESTION NO: 82

-- Exhibit --

Mar 16 19:12:58.291474 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179



Mar 16 19:12:58.291624 BGP RECV message type 1 (Open) length 59

Mar 16 19:12:58.291688 BGP RECV version 4 as 2 holdtime 90 id 192.168.2.1 parmlen 30

Mar 16 19:12:58.291752 BGP RECV MP capability AFI=1, SAFI=1



Mar 16 19:12:58.291915 BGP RECV Restart capability, code=64, time=120, flags=

Mar 16 19:12:58.291969 BGP RECV 4 Byte AS-Path capability (65), as_num 2

Mar 16 19:12:58.292385 advertising receiving-speaker only capabilty to neighbor 172.14.10.2(External AS 2)


Mar 16 19:12:58.292522

Mar 16 19:12:58.292522 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:12:58.292601 BGP SEND message type 1 (Open) length 59

Mar 16 19:12:58.293053 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30

Mar 16 19:12:58.293124 BGP SEND MP capability AFI=1, SAFI=1



Mar 16 19:12:58.293284 BGP SEND Restart capability, code=64, time=120, flags=

Mar 16 19:12:58.293336 BGP SEND 4 Byte AS-Path capability (65), as_num 1


Mar 16 19:12:58.293573

Mar 16 19:12:58.293573 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:12:58.293665 BGP SEND message type 4 (KeepAlive) length 19

Mar 16 19:12:58.296781

Mar 16 19:12:58.296781 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:12:58.296897 BGP RECV message type 4 (KeepAlive) length 19




Mar 16 19:12:58.297528

Mar 16 19:12:58.297528 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230



Mar 16 19:12:58.298185

Mar 16 19:12:58.298185 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230

Mar 16 19:12:58.298273 BGP SEND message type 2 (Update) length 23

Mar 16 19:12:58.298322 BGP SEND End of RIB. AFI 1 SAFI 1

Mar 16 19:12:58.301834

Mar 16 19:12:58.301834 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179


Mar 16 19:12:58.302034 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received19 octets 0 updates 0 routes

Mar 16 19:12:58.304594

Mar 16 19:12:58.304594 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179

Mar 16 19:12:58.304702 BGP RECV message type 2 (Update) length 23

Mar 16 19:12:58.304765 BGP RECV End of RIB. AFI 1 SAFI 1

Mar 16 19:12:58.304848 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received23 octets 1 update 0 routes


Mar 16 19:13:22.968586

Mar 16 19:13:22.968586 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230


Mar 16 19:13:26.901339

Mar 16 19:13:26.901339 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179






Mar 16 19:13:51.348180

Mar 16 19:13:51.348180 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230


Mar 16 19:13:53.844160

Mar 16 19:13:53.844160 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179



-- Exhibit --


Looking at the traceoptions output, what is the current keepalive timer set for in BGP?

A. 1 second B. 10 seconds C. 30 seconds D. 90 seconds


QUESTION NO: 83

-- Exhibit



-- Exhibit --


As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not supportLLDP-MED, but does allow configuration using DHCP. Existing network CoS policies dictate thatVoIP traffic must use VLAN 10.

Which two actions put VoIP traffic onto VLAN 10? (Choose two.)

A. Configure protocols cdp on Switch-1. B. Manually configure the voice VLAN on the IP phone. C. Configure vlan 1 under forwarding-options bootp. D. Configure interface ge-0/0/5 under forwarding-options bootp.

Answer: B,DExplanation:

QUESTION NO: 84

-- Exhibit



-- Exhibit --


Which statement about the non-ABR router in Area 2 in the exhibit is true?

A. The router has connectivity to all areas. B. The router has connectivity to Area 2 only. C. The router has connectivity to Area 2 and Area 0. D. The router has connectivity to Area 2 and Area 8.


QUESTION NO: 85

-- Exhibit

-- Exhibit --


Referring to the exhibit, you want to configure Switch-1 to allow a user on interface ge-0/0/10 toaccommodate both voice and data traffic. Your phones and your switches are LLDP-MEDcapable.

What is the minimal configuration that allows LLDP-MED to autoconfigure your phone's voiceVLAN?

A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan



set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0 B. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp interface ge-0/0/10.0 C. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 forwarding-class assured-forwarding set protocols lldp-med interface ge-0/0/10.0 D. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0


QUESTION NO: 86

-- Exhibit

-- Exhibit --



ENRIQUEResaltado


Site A is sending voice traffic marked with DSCP code EF. SRX A has the default CoS classifier.

Into which forwarding class is SRX A classifying traffic?

A. best-effort B. expedited-forwarding C. network-control D. assured-forwarding


QUESTION NO: 87

-- Exhibit

-- Exhibit --


In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 showsthat R1 is the RPF next hop for the source, and R3 is the RPF next hop for the RP. Host1 iscurrently receiving multicast traffic for group 231.1.1.1. Host2 has come online and is attempting tojoin group 232.1.1.1. R2 has just received an IGMP message with the source and groupaddresses.

Which step happens next so that Host2 can join the multicast group?



A. R2 sends a PIM join upstream towards R3 to join the shared tree. B. R2 sends a PIM join upstream towards R3 to join the source tree. C. R2 sends a PIM join upstream towards R1 to join the shared tree. D. R2 sends a PIM join upstream towards R1 to join the source tree.


QUESTION NO: 88

-- Exhibit

-- Exhibit --


In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic overVLAN 200.

What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A?

A. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode access; } } } ge-0/0/10 { unit 0 { family ethernet-switching {



port-mode trunk; vlan { members test; } } } } } vlans { test { vlan-id 200; interface { ge-0/0/0.0; } dot1q-tunneling { customer-vlans 100; } } } B. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test; } } } } ge-0/0/10 { unit 0 { family ethernet-switching { port-mode access; } } } } vlans { test { vlan-id 200; interface { ge-0/0/0.0; } dot1q-tunneling { customer-vlans 100; }



} } C. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test; } } } } ge-0/0/10 { unit 0 { family ethernet-switching { port-mode access; } } } } vlans { test { vlan-id 200; interface { ge-0/0/10.0; } dot1q-tunneling { customer-vlans 100; } } } D. interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { port-mode access; } } } ge-0/0/10 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members test; }



} } } } vlans { test { vlan-id 100; interface { ge-0/0/0.0; } dot1q-tunneling { customer-vlans 200; } } }


QUESTION NO: 89

-- Exhibit

-- Exhibit --




In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to influencethe path that AS4 takes to reach prefixes originated by AS1? (Choose two.)

A. Local Preference B. AS Path C. Origin D. MED


QUESTION NO: 90

-- Exhibit

-- Exhibit --


Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule onR1 to mark HTTP traffic with a specific DSCP value.

What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoSdomain?

A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1and R2.



ENRIQUEResaltado

ENRIQUEResaltado

B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3. C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3. D. Use the default settings already in place on the device.


QUESTION NO: 91

-- Exhibit

-- Exhibit --


In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged traffic fromdifferent ports. The administrator wants to mirror all tagged and untagged traffic entering VLAN10to analyzer port ge-0/0/10. All VLAN tags must be preserved for traffic that is mirrored to theanalyzer port.

Which configuration will achieve this?

A. set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 B. set ethernet-switching-options analyzer vlan10_analyzer input interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0



C. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set vlans default interface ge-0/0/10.0 D. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set vlans VLAN10 interface ge-0/0/10.0


QUESTION NO: 92

-- Exhibit --


Mar 16 17:18:28.751729 ospf_set_lsdb_state: Network LSA 172.14.10.1 adv-rtr 192.168.2.1 stateQUIET->GEN_PENDING

Mar 16 17:18:28.751801 OSPF trigger network LSA build for interface ge-0/0/1.0 area 0.0.0.0


Mar 16 17:18:28.751931 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id192.168.2.1






Mar 16 17:18:28.763796 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area0.0.0.0)


Mar 16 17:18:28.763946 checksum 0x0, authtype 0


-- Exhibit --



ENRIQUEResaltado


Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?

A. There is an MTU mismatch. B. There is a network mask mismatch. C. The routers are in different areas. D. No BDR has been elected.


QUESTION NO: 93

-- Exhibit

-- Exhibit --


As shown in the exhibit, the 10.10/16 prefix is redistributed into OSPF through R2 and R5. R2 isadvertising the prefix with a Type 1 metric of 100 and R5 is advertising the prefix with a Type 2metric of 10.

What is the preferred path to reach 10.10/16 from R6?



A. R6-R5 B. R6-R4-R5 C. R6-R4-R5-R2 D. R6-R4-R3-R2


QUESTION NO: 94

-- Exhibit

-- Exhibit --


Based on the exhibit, which statement about the Layer 2 topology is true?



A. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic. B. A total of 64 MST instances for MST region A and region B can be configured. C. MSTI BPDUs are exchanged between MST regions and the CST root bridge. D. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and 7.


QUESTION NO: 95

-- Exhibit --

{master:0}[edit]

user@router# run show ospf interface vl-10.20.10.2 extensive

Interface State Area DR ID BDR ID Nbrs

vl-10.20.10.2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0

Type: Virtual, Address: 0.0.0.0, Mask: 0.0.0.0, MTU: 0, Cost: 1

Transit AreA. 0.0.0.1

Adj count: 0

Hello: 10, Dead. 40, ReXmit: 5, Not Stub

Auth type: None

Protection type: None, No eligible backup

Topology default (ID 0) -> Down, Cost: 0

-- Exhibit --


Your company is integrating another OSPF area into your existing OSPF infrastructure. Youcreated a virtual link that spans Area 2 and connects Area 3 to the backbone area.

Based on the exhibit, what is preventing the adjacency?

A. The interface configured for the virtual link is incorrect. It should be a vt and not a vl interface. B. No designated router (DR) has been elected.



C. The backup route to Area 2 has not been configured. D. The wrong transit area is configured.


QUESTION NO: 96

-- Exhibit

-- Exhibit --


In the exhibit, an EBGP session is currently established between R1 and R2. R2 changes itsimport policy to accept 10 of the routes it previously denied from R1.

Which BGP capability must be negotiated on the BGP session for R2 to install the routes acceptedby the new policy?

A. route refresh B. AddPath C. outbound route filtering (ORF) D. multiprotocol BGP (MBGP)

Answe

JN0-643

Documents

edit user

ospfv3 answer

rsvp answer

bf6f answer

iso answer

port authentication

eapttls answer

authentication protocol