JN0 348

IT Certification Exams Provider!
Weofferfreeupdateserviceforoneyear!
hƩps://www.certqueen.com
The safer , easier way to help you pass any IT exams.
Exam : JN0-348
Title : Enterprise Routing and

Switching, Specialist
Version : V8.02
1 / 76
1.Which two statements describe aggregate routes? (Choose two.)

A. Invalid routing prefixes are not advertised to external peers.
B. Internal routing instabilities can be hidden from external peers
C. Groups of routes are combined into a single route entry.
D. The route receives the next hop of the primary contributing route.
Answer: BD
2.You are configuring a new BGP service to your service provider. You want to ensure that BGP is fully
established and has all the routes in the route table before allowing traffic to transit the router.
Which feature achieves this requirement?
A. BGP route reflector
B. IS-IS mesh group
C. BGP local preference
D. IS-IS overload bit
Answer: D
3.Which LSA type describes the router ID of ASBR routers located in remote areas?
A. Type 4
B. Type 5
C. Type 3
D. Type 7
Answer: A
4.Which two statements are true about Virtual Chassis? (Choose two.)
A. It is possible to automatically update the Junos OS on newly added members to participate in the
Virtual Chassis
B. A software version mismatch on a newly added member must be placed in linecard mode.
C. Virtual Chassis members use VCCP to create a loop-free topology.
D. The member ID is not preserved through reboots.
Answer: AC
5.Click the Exhibit button.
2 / 76
You are monitoring your IS-IS router and issue the command shown in the exhibit.
Which two statements are true in this scenario? (Choose two.)
A. The loopback address of the local router is 5.0.0.100.
B. The loopback address of the local router is 10.100.0.1.
C. The name of the remote device is r1.
D. The name of the local device is r1.
Answer: BC
3 / 76
4 / 76
You created a policy to reject all incoming routes from peer 2.2.2.2. You notice that despite applying the
policy, you are still receiving routes from this peer.
Referring to the exhibit, why are you still receiving the routes?
A. The policy should have a form statement.
B. You can only block active prefixes.
C. The policy should be an import policy.
D. You cannot block incoming IBGP routes.
Answer: C
7.A customer discovered that a significant outage was caused by an unauthorized Ethernet switching
device attached to the network.
In this scenario, which two actions would solve this problem? (Choose two.)
A. Enable 802.1x.
B. Enable persistent MAC learning.
C. Enable dynamic ARP inspection.
D. Enable storm control.
Answer: AB
A routing table contains multiple BGP routes to the same destination prefix. The route preference is the
same for each route.
Referring to the exhibit, which route would be selected?
A. route B
B. route D
C. route A
D. route C
Answer: B
9.Which statement is true about GRE tunnels?

A. GRE tunnels can be used for only IP packets.
B. GRE tunnels ensure that a packet does not live forever.
C. Packets are encapsulated unchanged before entering the tunnel.
D. GRE tunnels support point-to-multipoint.
Answer: C
10.Which device is used to separate collision domains?

A. switch
B. router
C. hub
5 / 76
D. firewall
Answer: A
Referring to the exhibit, which path will traffic from R6 take to reach R1?
A. R6 > R4 > R2 > R1
B. R6 > R4 > R2 > R3 > R1
C. R6 > R5 > R3 > R1
D. R6 > R5 > R3 > R2 > R1
Answer: A
Referring to the exhibit, a packet tagged with vlan-id 34 arrives on interface xe-0/2/3.0 with a source MAC
that does not match an entry in the DHCP snooping database.
In this scenario, which statement is correct?
A. The source MAC is added to the DHCP snooping database.
B. An error message is logged and the packet is forwarded.
6 / 76
C. The destination MAC added to the DHCP snooping database.

D. The packet is forwarded and no error message is logged.
Answer: A
13.Which three statements are true regarding not-so-stubby areas (NSSAs)? (Choose three.)
A. You cannot configure an area as both an NSSA and a stub area.
B. An NSSA exports an external route to the backbone area as a Type 5 LSA.
C. An NSSA exports an external route as a Type 3 LSA.
D. An NSSA does not require an ABR.
E. An NSSA imports an external route as a Type 7 LSA.
Answer: ABE
Referring to the exhibit, which effect does the configuration on R2 have on OSPF routing in the network?
A. R2 will block traffic destined to the 192.168.10.0/24 network.
B. A summary route for the 192.168.10.0/24 network will be advertised to Area 0.
C. The 192.168.10.0/24 route will not be advertised to Area 1.
D. Area 2 will use a default route to reach Area 0 and Area 1.
Answer: C
15.What are two terminating actions of a Layer 2 firewall filter? (Choose two.)
A. reject
B. accept
C. log
D. discard
Answer: BD
16.Which area is reserved for the OSPF backbone?

A. Area 0.0.0.0
7 / 76
B. Area 1.1.1.1
C. Area 2.2.2.2
D. Area 3.3.3.3
Answer: A
8 / 76
You are performing network tests and notice that the Layer 3 interface in the Finance VLAN on an EX
Series switch is not responding to pings. You review the device status from the console.
9 / 76
What is causing the problem, as shown in the exhibit?

A. There are no active physical ports in the Finance VLAN.
B. There is no route in the routing table for the Finance VLAN Layer 3 interface.
C. The Layer 3 interface in the Finance VLAN is administratively disabled.
D. There are no interfaces configured in the Finance VLAN.
Answer: B
18.You are adding a new EX4300 member switch to your existing EX4300 Virtual Chassis.
However, the new member is not running the same Junos version as the other members.
By default, what is the expected behavior?
A. The new switch is not recognized by the Virtual Chassis.
B. The Virtual Chassis will transition into a split brain situation between the existing master Routing
Engine and the switch running the different version.
C. The new switch will be assigned a member ID and then placed in an inactive state.
D. The new switch will automatically pull the correct version from the master Routing Engine and perform
the necessary upgrade.
Answer: D
Referring to the exhibit, which two statements are true regarding IS-IS adjacencies? (Choose two.)
A. Level 1 adjacencies can be formed between Router 3 and Router 4.
B. Level 2 adjacencies can be formed between all routers.
C. Level 2 adjacencies can only be established between Router 1 and Router 2.
D. No IS-IS adjacencies can be formed.
Answer: AB
10 / 76
The IS-IS adjacency between routers R1 and R2 will not establish.

Referring to exhibit, what is the problem?
A. The ISO address is not configured on interface ge-0/0/1.
B. The level is not configured under protocols isis.
C. The IP address is not configured on interface lo0.
D. The link MTU is too small on interface ge-0/0/1.
Answer: A
Referring to the outputs shown in the exhibit, which statement is correct?

A. The switch is the only switch in the RSTP topology.
11 / 76
B. The switch’s bridge priority is 4k.

C. The switch’s bridge priority is 16k.
D. The switch is not the root bridge.
Answer: D
22.Which two statements are true about the IRB interface? (Choose two.)
A. An IRB interface is a Layer 3 VLAN interface.
B. An IRB interface is a Layer 2 VLAN interface.
C. An IRB interface is used to route traffic between VLANs.
D. An IRB interface cannot be associated with any VLAN.
Answer: AC
23.You have deployed a Juniper EX Series switch in the network. The switch receives a broadcast frame
on an interface.
Which statement describes the behavior of the switch?
A. The frame is flooded out all ports that are part of the same VLAN as the receiving port, except for the
port on which the frame was received.
B. The frame is flooded out all ports in all VLANs configured on the switch.
C. The frame is re-transmitted as a multicast frame on all ports on the switch.
D. The frame is flooded out all ports that are part of the same VLAN as the receiving port, including the
port on which the frame was received.
Answer: A
24.What are three components that populate the Ethernet switching table? (Choose three.)
A. the interface on which the traffic was received
B. the MAC address of the destination node
C. the MAC address of the source node
D. the link state
E. the time the address was learned
Answer: ACE
12 / 76
There are dynamically and statically routed networks attached to the ge-0/0/1 interface on R1. You only
want the dynamically learned routes to show up in routing tables for R2 and R3, but the statically routed
networks are also appearing. Those networks should only be seen by the R1 device.
Which actions would solve the problem?
A. Remove the IP address from interface ge-0/0/1.
B. Add the no-readvertiseparameter to the static routes.
C. Create a routing policy for all routing protocols to drop routes learned from interface ge-0/0/1.
D. Place interface ge-0/0/1 into its own routing instance.
Answer: B
13 / 76
You are unable to establish a BGP session between R2 and ISP-B.

Referring to the exhibit, what must be changed in the configuration?
A. A local address statement with the lo0 address must be added to R2 under group external-a.
B. An import policy statement must be added to R2 under group external-ato allow ISP-B to peer.
C. The type externalstatement must be added to R2 under group external-b.
D. The peer-asstatement needs the AS number for ISP-B.
Answer: D
27.Which three BGP attributes are well-known and mandatory? (Choose three.)
A. AS Path
B. Next Hop
C. MED
D. Local Preference
E. Origin
Answer: ABE
14 / 76
Referring to the exhibit, which three statements are true? (Choose three.)
A. Interface ge-0/0/1 is an access port.
B. There are no active ports in the default VLAN.
C. The switch cannot be managed through the production network.
D. Frames on interface ge-0/0/2 can be tagged with VLAN ID 101 or VLAN 1.
E. Frames on interface ge-0/0/0 can be tagged with VLAN ID 101.
Answer: ACE
15 / 76
What will be two results of the OSPF configuration shown in the exhibit? (Choose two.)
A. A default route will be advertised into Area 1 as a Type 7 LSA.
B. Area 0 will not generate summary LSAs for networks in Area 1.
C. There will be no Type 3 LSAs in Area 1.
D. Only Type 7 LSAs will be present in Area 1.
Answer: AB
30.Which protocol prevents loops and calculates the best path through a switched network that contains
redundant paths?
A. VRRP
B. STP
C. DHCP
D. IS-IS
Answer: B
Explanation:
Spanning Tree Protocol (STP) is a Layer 2protocol that runs on bridges and switches. The main purpose
of STP is to ensure that you do not create loops when you have redundant paths in your network
31.You received an alert from your monitoring system that the master Routing Engine (RE) on an EX4300
switch in a virtual chassis has hardware issues and might need to be replaced. Because the switch
already had graceful Routing Engine switchover (GRES) enabled and configured, you must perform a
manual switchover to the backup RE to avoid disruption.
Which command would be used to perform the manual RE switchover?
A. Log in to the backup RE and issue the request chassis-control operation command.
B. Log in to the backup RE and issue the request chassis routing-engine master switch operation
command.
C. Log in to the backup RE and issue the request chassis routing-engine master acquire operation
command.
D. Log in to the backup RE and issue the request iccp-service operation command.
Answer: B
16 / 76
You are asked to change the default behavior of your trunk port (ge-0/0/1) to now pass untagged traffic.
Which configuration would accomplish this task?
A. set interfaces ge-0/0/1 native-vlan-id 1
set interfaces ge-0/0/1 unit 0 family ethernet-switching interface mode
trunk vlan members vlan.1
B. set interfaces ge-0/0/1 native-vlan-id 1
trunk vlan members native
C. set interfaces ge-0/0/1 native-vlan-id 1
trunk vlan members 1
D. set interfaces ge-0/0/1 native-vlan-id 1
trunk vlan members native_v1
Answer: C
33.You are currently defining a new OSPF area. The area must advertise external routes but should not
receive external routes from another area.
In this scenario, which type of area should you define?
A. stub
B. backbone
C. not-so-stubby
D. totally stubby
Answer: A
17 / 76
Referring to the exhibit, which two statement are true? (Choose two.)
A. The device will not form adjacencies with devices in a different area.
B. The Level 2 database will be empty.
C. The IS-IS protocol is disabled on the device.
D. The device will not have a Level 2 database.
Answer: AB
35.Which static route next-hop value indicated that the packet will be silently dropped?
A. resolve
B. discard
C. reject
D. next-table
Answer: B
You manage the Layer 2 network shown in the exhibit. You experience a failure on the ge-0/0/0 link
between Switch-1 and Switch-2.
Which statement is correct about the expected behavior?
18 / 76
A. Switch-3’s ge-0/0/2 port role and state will transition to designated and forwarding.
B. Switch-3’s ge-0/0/2 port role and state will remain as alternate and discarding.
C. Switch-3 will become the root bridge for the RSTP topology.
D. Switch-3 will remove the ge-0/0/2 interface from the RSTP topology.
Answer: A
Referring to the exhibit, which statement explains why the route to 192.168.178.0/24 advertised from
192.168.35.90 is hidden?
A. The import routing policy rejected the route.
B. The AS path contains invalid confederation attributes.
C. The next-hop address is a multicast address.
D. The AS path contains a zero.
Answer: A
38.Which two statements describe the BGP Local Preference attribute? (Choose two.)
A. The attribute can be altered through a BGP configuration or using a policy.
19 / 76
B. The attribute is transmitted across EBGP links.

C. The attribute can be given a higher preference by configuring a lower numerical value.
D. The attribute can be used to direct all outbound traffic through a specific peer.
Answer: AD
You have an existing Virtual Chassis consisting of five member devices. Member 3 fails and must be
replaced. You remove the EX Series switch with a Member ID of 3 and install a replacement switch in its
place using identical cabling as shown in the exhibit. The replacement’s member ID is 6, so the
configuration for member ID 3 is not applied to it.
Referring to the exhibit, what should have been done before installing the replacement switch?
A. Reactivate the Virtual Chassis.
B. Recycle the member ID of the switch being replaced.
C. Renumber the member IDs.
D. Clear the Virtual Chassis protocol.
Answer: B
20 / 76
What would cause the status of interface ge-0/0/8 as shown in the exhibit?
A. Interface ge-0/0/8 is physically down and is not forwarding traffic.
B. Interface ge-0/0/8 has a firewall filter in place that is blocking traffic.
C. Interface ge-0/0/8 is administratively disabled and is not forwarding traffic.
D. Interface ge-0/0/8 is connected to the same LAN as one of the other ports.
Answer: D
41.What are three types of bridge protocol data units? (Choose three.)
A. media endpoint discovery
B. topology change acknowledgement
21 / 76
C. topology change notification

D. type length value
E. configuration
Answer: BCE
42.An EX Series switch receives a frame with an unknown destination MAC address.
What is the expected behavior?
A. The frame is sent out all ports assigned to all configured VLANs except the ingress port on which the
frame was received.
B. The frame is sent out all access ports associated with the ingress VLAN regardless of whether a
matching MAC address was found in the bridge table.
C. The frame is sent out all ports assigned to the associated VLAN except the ingress port on which the
frame was received.
D. The frame is sent out all trunk ports associated with the ingress VLAN regardless of whether a
matching MAC address was found in the bridge table.
Answer: C
You are establishing a BGP session between R1 and R2. R2 shows 172.24.1.1 as its peer address for R1
instead of 192.168.100.1.
Referring to the exhibit, what must be changed in the configuration?
A. A peer-as statement must be added to R1 in the internal group.
B. An export policy statement must be added to R1 in the internal group to allow the lo0 address to peer.
C. A local interface statement with the lo0 address must be added to R1 in the internal group.
D. A local address statement with the lo0 address must be added to R1 in the internal group.
Answer: D
22 / 76
44.What is considered a requirement for passing traffic through GRE tunnels?

A. Tunnel endpoints must have static routes pointing to the remote endpoints.
B. You must configure the tunnel on the physical interface connecting to the remote endpoint.
C. You must be able to reach the remote endpoint through the tunnel.
D. Tunnel endpoints must have a route that directs traffic into the tunnel.
Answer: C
45.Which two values are used to generate a bridge ID when using STP? (Choose two.)
A. system MAC address
B. bridge priority
C. port identifier
D. loopback IP address
Answer: AB
You are troubleshooting an IS-IS adjacency problem as shown in the exhibit.
23 / 76
Which action would solve the problem?

A. Configure matching authentication keys.
B. Configure the INET6 family for the loopback interface.
C. Configure the ISO family for the loopback interface.
D. Configure matching area IDs.
Answer: D
47.You manage a Layer 2 network that spans two buildings. You are asked to ensure that all traffic that
traverses this connection between the two buildings is secured.
Which port security feature should be used to secure this Layer 2 traffic?
A. IP source guard
B. MACsec
C. DHCP snooping
D. dynamic ARP inspection
Answer: B
48.You are troubleshooting your OSPF configuration and notice that you have subnet mismatch errors
when running the show ospf statisticscommand.
Which two actions would further troubleshoot the errors? (Choose two.)
A. Examine your interface configuration on impacted devices.
B. Examine the interface assignment to areas in your OSPF configuration.
C. Examine the stub configuration for mismatches.
D. Examine messages from the traceoptions log file.
Answer: AD
49.Which statement describes optional transitive BGP attributes?

A. They must be supported in all BGP implementations, but do not have to be included in every BGP
update.
B. If they are not recognized, they are ignored and not passed to other peers.
C. They must be supported by all BGP implementations and must be included in every BGP update.
D. Although not required, they should be passed along, unchanged to other BGP peers when included.
Answer: D
24 / 76
Referring to the exhibit, which statement is correct?

A. 10.20.20.1 will be the active next hop.
B. 10.30.30.1 will be the active next hop.
C. Packets will be load balanced.
D. Next hops 10.20.20.1 and 10.30.30.1 will both be active.
Answer: A
Referring to the exhibit, why is the 0.0.0.0/0 route hidden?

A. The next hop is set to discard.
B. You already have an active BGP default route.
C. You cannot make a 0.0.0.0/0 generated route.
D. There are no contributing routes.
Answer: D
52.What are two OSPF packet types that use multicast for communication on a multicast segment?
(Choose two.)
A. hello
B. link-state request
C. database description
25 / 76
D. link-state update
Answer: AD
The configuration shown in the exhibit was committed on an EX Series switch. You are notified that the
phone using the voice VLAN does not work. You determine that voice traffic is not passing through the
local switch.
What should be done to solve the problem?
A. You should add the voice VLAN as a member on the ge-0/0/8.0 interface.
B. You should change the port mode on ge-0/0/9.0 to trunk.
C. You should add the voice VLAN as a member on the ge-0/0/9.0 interface.
D. You should change the voice VLAN ID to match the data VLAN ID.
Answer: A
54.There is a GRE tunnel configured over the Internet between Router-1 and Router-2. An OSPF
adjacency is configured over this GRE tunnel.
However, the OSPF adjacency briefly reaches the Full state before it is torn down. This cycle repeats
indefinitely.
Which two actions would you perform to solve this problem? (Choose two.)
A. Configure OSPF to not export the tunnel endpoint interface routes.
B. Configure the GRE interfaces on both routers as passive interfaces in OSPF.
26 / 76
C. Configure the physical WAN interfaces on both routers as passive OSPF interfaces.
D. Configure static routes to the tunnel endpoints.
Answer: AD
55.Which two statements are true about link aggregation groups (LAGs)? (Choose two.)
A. Member links must use contiguous ports on the same member switch.
B. Duplex and speed settings are not required to match on both participating devices.
C. If one-member link fails, the LAG can continue to carry traffic over the remaining links.
D. LAGs increase available bandwidth based on the number of member links.
Answer: CD
56.Which three mechanisms are associated with the bridging process? (Choose three.)
A. pruning
B. listening
C. learning
D. filtering
E. flooding
Answer: CDE
57.Which two OSPF LSA types will you see in a stub area? (Choose two.)
A. network (Type 2)
B. summary (Type 3)
C. ASBR summary (Type 4)
D. external (Type 5)
Answer: AB
58.You disconnected a switch from the Virtual Chassis, but the disconnected switch’s member ID is still
displayed in the status output.
Which operational command is used to remove the disconnected member?
A. request virtual-chassis renumber member-id 3 new-member-id 2
B. request virtual-chassis vc-port delete pic-slot 2 port 0
C. request virtual-chassis reactivate
D. request virtual-chassis recycle
Answer: D
27 / 76
Referring to the exhibit, which two statements are correct? (Choose two.)
A. All traffic destined to the 172.25.11.0/24 subnet will be discarded.
B. SSH traffic received from host IP 172.25.11.2 will be accepted.
C. Any traffic not matched by one of the terms will be discarded.
D. ICMP echo requests destined to 172.25.11.10 will be accepted.
Answer: CD
60.Which statement is true about load balancing of equal cost paths?

A. A load-balancing policy must be configured under the policy-optionshierarchy.
B. The route preference parameter must be manually set to the same value.
C. The maximum-paths parameter must be configured under the routing-optionshierarchy.
D. Traffic is balanced across equal cost paths by default.
Answer: D
61.What is the default BGP group type on a Junos device?

A. internal
B. external
C. multihop
D. null
Answer: B
62.Which two statements are true about nonstop bridging (NSB)? (Choose two.)
A. NSB does not require all participating Routing Engines to run the same version of the Junos OS.
B. NSB can be enabled under the protocols layer2-controlhierarchy.
C. NSB requires you to configure graceful Routing Engine switchover (GRES).
28 / 76
D. NSB does not require you to configure graceful Routing Engine switchover (GRES).
Answer: BC
Referring to the exhibit, when using the default routing behavior, what happens to Packet A and Packet B
on R1?
A. Packet A is rejected and Packet B is forwarded to its destination.
B. Packet A is forwarded to its destination and Packet B is rejected.
C. Packet A and Packet B are forwarded to their respective destinations.
D. Packet A and Packet B are discarded.
Answer: B
64.Which Junos feature allows you to combine multiple interfaces into a single bundle?
A. VRRP
B. Virtual Chassis
C. LAG
D. NSB
Answer: C
65.You are asked to ensure that a designated interface on an EX Series switch only allows a specific
server to pass traffic.
Which two features are required to satisfy this solution? (Choose two.)
A. IP source guard
B. proxy ARP
C. MAC limiting
D. persistent MAC learning
Answer: CD
29 / 76
66.What information is included in the DHCP snooping database? (Choose two.)

A. client MAC address
B. DHCP server address
C. DHCP options
D. VLAN
Answer: AD
Explanation:
When DHCP snooping is enabled, the lease information from the server is used to create the DHCP
snooping table, also known as the binding table. The table shows current IP-MAC bindings, as well as
lease time, type of binding, names of associated VLANs, and associated interface.
Reference:
http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/port-security-dhcp-snoopingels.html
67.Which three statements are correct about the voice VLAN feature? (Choose three.)
A. It allows the access port to accept tagged voice and untagged data packets.
B. It allows you to apply independent CoS actions to data and voice packets.
C. It can be used with LLDP-MED to dynamically assign the VLAN ID value to IP phones.
D. It allows trunk ports to accept tagged voice and untagged data packets.
E. It must use the same VLAN ID as data traffic on a defined interface.
Answer: ABC
Explanation:
A (not D): The Voice VLAN feature in EX-series switches enables access ports to accept both data
(untagged) and voice (tagged) traffic and separate that traffic into different VLANs.
B: To assign differentiated priority to Voice traffic, it is recommended that class of service (CoS) is
configured prior to enabling the voice VLAN feature. Typically, voice traffic is treated with a higher priority
than common user traffic. Without differentiated treatment through CoS, all traffic, regardless of the type,
is subject to the same delay during times of congestion.
C: In conjunction with Voice VLAN, you can utilize Link Layer Discovery Protocol Media Endpoint
Discovery (LLDP-MED) to provide the voice VLAN ID and 802.1p values to the attached IP phones. This
dynamic method associates each IP phone with the appropriate voice VLAN and assigns the
necessary802.1p values, which are used by CoS, to differentiate service for voice traffic within a network.
Reference: https://kb.juniper.net/InfoCenter/index?page=content&id=KB11062&actp=search
68.Which two statements are correct about aggregate routes in the Junos OS? (Choose two.)
A. An active route can contribute only to a single aggregate route.
B. Only one aggregate route can be configured for each destination prefix.
C. An aggregate route has a default next hop of an IP address.
D. An aggregate route always shows as active in the routing table.
Answer: AB
Explanation:
A route can contribute only to a single aggregate route. You can configure only one aggregate route for
each destination prefix.
69.What are two types of IS-IS PDUs? (Choose two.)
30 / 76
A. open PDU
B. VRF PDU
C. hello PDU
D. link-state PDU
Answer: CD
Explanation:
IS-IS hello (IIH) PDUs broadcast to discover the identity of neighboring IS-IS systems and to determine
whether the neighbors are Level 1 or Level 2 intermediate systems. Link-state PDUs contain information
about the state of adjacencies to neighboring IS-IS systems. Reference:
http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/is-is-routing-overview.html
70.What are three extended BGP communities? (Choose three.)

A. Origin: 172.16.100.100:100
B. domain-id: 192.168.1.1:555
C. extend:454:350
D. 172.16.90.100:888
E. target:65000:65000
Answer: ABE
Explanation:
The BGP extended communities attribute format has three fields: type: administrator: assigned-number.
type is the type of extended community and can be either the 16-bit numerical identifier of a specific BGP
extended community or one of these types: origin-- Identifies where the route originated. domain-id--
Identifies the OSPF domain from which the route originated. target-- Identifies the destination to which the
route is going. bandwidth-- Sets up the bandwidth extended community. Specifying link bandwidth allows
you to distribute traffic unequally among different BGP paths.
rt-import-- Identifies the route to install in the routing table. src -as-- Identifies the AS from which the route
originated. You must specify an AS number, not an IP address. Reference:
https://www.juniper.net/techpubs/en_US/junos12.3/topics/usage-guidelines/policy-defining-bgp-
communities-and-extended-communities-for-use-in-routing-policy-match-conditions.html
71.Which two statements are true about DIS elections in IS-IS? (Choose two.)
A. If a priority tie occurs, the router with the lower subnetwork point of attachment (SNPA) value becomes
the DIS.
B. If a priority tie occurs, the router with the higher subnetwork point of attachment (SNPA) value becomes
the DIS.
C. The router with the lower priority value becomes the DIS.
D. The router with the higher priority value becomes the DIS.
Answer: BD
Explanation:
In IS-IS, deterministic DIS election makes the possibility of predicting the router that will be elected as DIS
from the same set of routers. The router advertising the numerically highest priority wins, with numerically
highest MAC address, also called a Subnetwork Point of Attachment (SNPA), breaking the tie. Reference:
https://kb.juniper.net/kb/documents/public/junos/StudyGuides/ Ch4_from_JNCIP_studyguide.pdf
31 / 76
72.Host-1 was recently added in the network and is attached to ge-0/0/10 on Switch-A. Host-1 is powered
on and has its interface configured with default Layer 2 settings and an IP address on the 172.17.12.0/24
IP subnet. Host-1's MAC address is not shown in Switch-A's bridging table.
What are three explanations for this state? (Choose three.)
A. The ge-0/0/10 interface is configured as an access port.
B. The ge-0/0/10 interface is not operationally or administratively up.
C. The ge-0/0/10 interface does not have an associated IRB.
D. The ge-0/0/10 interface has not received any traffic from Host-1.
E. The ge-0/0/10 interface is configured as a trunk port.
Answer: BCD
Explanation:
B: MAC learning messages received with errors include: Interface down--The MAC address is learned on
an interface that is down.
C: To configure the MAC address of an IRB interface Etc.
Reference:
http://www.juniper.net/techpubs/en_US/junos15.1/topics/reference/command-summary/show-ethernet-
switching-statistics-mac-learning-ex-series.html https://www.juniper.net/documentation/en_US/junos16.1/
topics/example/example-configuring-mac-address-of-an-irb-interface.html
73.Router-1 and Router-2 need to connect through the Internet using a tunneling technology. Hosts that
are connected to Router-1 and Router-2 will be sending traffic up to 1500 bytes. The maximum segment
size is supported across the path is 1520 bytes.
Which tunneling technology will allow this communication to take place?
A. GRE tunnel
B. IPsec VPN transport mode
C. IPsec VPN tunnel mode
D. IP-IP tunnel
Answer: D
Explanation:
Difference Between GRE and IP-IP Tunnel. Generic Routing Encapsulation (GRE) and IP-in-IP (IPIP) are
two rather similar tunneling mechanisms which are often confused. In terms of less overhead, the GRE
header is 24 bytes and an IP header is 20 bytes.
74.What are two interarea OSPF LSA types? (Choose two.)

A. Type-4 ASBR summary LSAs
B. Type 3 summary LSAs
C. Type 1 router LSAs
D. Type 2 network LSAs
Answer: AB
Explanation:
A: The fourth LSA type, network example:
32 / 76
In this example we have R1 that is redistributing information from the RIP router into OSPF. This makes
R1 an ASBR (Autonomous System Border Router).
What happens is that R1 will flip a bit in the router LSA to identify itself as an ASBR. When R2 who is an
ABR receives this router LSA it will create a type 4 summary ASBR LSA and flood it into area 0. This LSA
will also be flooded in all other areas and is required so all OSPF routers know where to find the ASBR.
B: Example: Router 2 can create a Type 3 summary LSA and flood it into area 0. This LSA will flood into
all the other areas of our OSPF network. This way all the routers in other areas will know about the
prefixes from other areas. Note: The name "summary" LSA is very misleading. By default, OSPF is not
going to summarize anything for you. There is however a command that let you summarize inter-area
routes. Take a look at my OSPF summarization tutorial if you are interested. If you are looking at the
routing table of an OSPF router and see some O IA entries, you are looking at LSA type 3 summary LSAs.
Those are your inter-area prefixes!
33 / 76
Given the configuration shown in the exhibit, what will be the threshold for storm control?
A. 100 Kbps (kilobits per second)
B. 100 Mbps (megabits per second)
C. 100% (percent of link bandwidth)
D. 100 pps (packets per second)
Answer: A
Explanation:
This example shows how to configure the storm control level on interface ge-0/0/0 by setting the level to a
traffic rate of 15,000 Kbps, based on the traffic rate of the combined applicable traffic streams. To
configure storm control: Specify the traffic rate in Kbps of the combined traffic streams on a specific
interface: [edit ethernet-switching-options] user@switch# set storm-control interface ge-0/0/0 bandwidth
15000 Reference:
https://www.juniper.net/techpubs/en_US/junos12.3/topics/example/rate-limiting-storm-control-
configuring.html#X7AlwRyc817gtLBC.99
34 / 76
You are notified that clients connected to your EX Series switch are not receiving IP addresses from the
DHCP server. You examine the switch configuration and notice that DHCP snooping has been enabled.
In this scenario, what would cause the problem?
A. The location information is not being inserted into the DHCP option 82 requests.
B. The dynamic ARP inspection feature needs to be enabled on the ge-0/0/0 interface.
C. The DHCP relay setting in the forwarding-options hierarchy has not been configured.
D. The DHCP server's ge-0/0/0 interface has not been configured as a trusted interface.
Answer: B
Explanation:
You can configure DHCP snooping, dynamic ARP inspection (DAI), MAC limiting, persistent MAC learning,
and MAC move limiting on the access ports of EX Series switches to protect the switches and the
Ethernet LAN against address spoofing and Layer 2 denial-of-service (DoS) attacks. You can also
configure a trusted DHCP server and specific (allowed) MAC addresses for the switch interfaces.
Step-by-Step Procedure Configure basic port security on the switch: Etc. Reference:
http://www.juniper.net/techpubs/en_US/junos11.4/topics/example/port-security-configuring.html
77.Which two statements are true about STP port states? (Choose two.)
A. In the listening state, the port forwards all data packets.
35 / 76
B. A port that has been administratively disabled under the STP protocol drops all BPDUs.
C. In the learning state, the port drops all data packets.
D. A port that has been administratively disabled under the STP protocol floods all BPDUs.
Answer: BC
Explanation:
B: A port in the disabled state is manually isolated from the network. A port in the disabled state does not
participate in frame forwarding or the operation of STP because a port in the disabled state is considered
non-operational.
C: The learning state is a 15-second interval during which the bridge does not pass user data frames
while the bridge is building its bridging table. As the bridge receives frames, it places the source MAC
address and port of each frame into the bridging table. The learning state reduces the amount of flooding
required when data forwarding begins.
A number of reports from end-users indicate that internal and external communications are intermittent
and not reliable. You verified the status of the switch ports and have determined that they are up and
operational. You also noticed a very high level of link bandwidth utilization on those same ports. The
current topology of the affected environment is shown in the exhibit.
What would be the cause of the reported issues?
A. A lack of port-based ACLs filtering the traffic flows.
B. A lack of a loop-prevention mechanism or protocol.
C. A malformed route-based ACL improperly filtering traffic flows.
D. A misconfigured interior gateway protocol (IGP).
Answer: B
Explanation:
Enabling Spanning-Tree Protocol will mitigate loops, so if possible, enable Spanning-Tree Protocol on the
devices in the network segment where the loop is observed.
36 / 76
The exhibit shows that Host-1 and Host-2 are attached to the switch and associated with IRB irb.1.
However, traffic sent from Host-1 to Host-2 is not blocked as expected.
Why is this problem occurring?
A. Inter-VLAN traffic cannot be blocked by a router-based filter.
B. The block-host filter is applied in the wrong direction on theirb.1interface.
C. The Block-Host-2 term does not contain the MAC address of Host-2.
D. Intra-VLAN traffic cannot be blocked by a router-based filter.
Answer: B
Explanation:
The block-host filter blocks traffic with source address of 10.10.12.102, which is traffic sent from Host-2. It
37 / 76
should block traffic from Host-1, with the source address of 10.10.12.101.
80.Referring to the exhibit.
Which three actions would summarize these routes to a BGP peer? (Choose three.)
A. Create a policy that accepts the more specific contributing routes.
B. Create a route to 10.200.16.0/21 with a next hop of 172.16.36.1 under the [edit routing- options static]
hierarchy.
C. Create a policy that rejects the more specific contributing routes.
D. Create a policy to accept aggregate routes.
E. Create a 10.200.16.0/22 route under the [edit routing-options aggregate] hierarchy.
Answer: CDE
81.Which two statements are correct regarding the root bridge election process when using STP?
(Choose two.)
A. A higher system MAC address is preferred.
B. A higher bridge priority is preferred.
C. A lower system MAC address is preferred.
D. A lower bridge priority is preferred.
Answer: CD
Explanation:
The root bridge for each spanning-tree protocol (STP) instance is determined by the bridge ID. The bridge
ID consists of a configurable bridge priority and the MAC address of the bridge. The bridge with the lowest
bridge ID is elected as the root bridge. If the bridge priorities are equal or if the bridge priority is not
configured, the bridge with the lowest MAC address is elected the root bridge. Reference:
https://www.juniper.net/documentation/en_US/junos15.1/topics/concept/layer-2-services-stp-guidelines-
statement-bridge-priority.html
82.What would be used to combine multiple switches into a single management platform?
A. redundant trunk groups
B. Virtual Chassis
C. graceful Routing Engine switchover
D. Virtual Router Redundancy Protocol
Answer: B
Explanation:
Many Juniper Networks EX Series switches support the Virtual Chassis flexible, scaling switch solution.
You can connect individual switches together to form one unit and manage the unit as a single chassis.
Reference:
http://www.juniper.net/documentation/en_US/junos14.1/topics/concept/virtual-chassis-ex4200
overview.html
38 / 76
83.Which protocol supports tunneling of non-IP traffic?

A. GRE
B. SSH
C. IPsec
D. IP-IP
Answer: A
Explanation:
The GRE protocol (Generic Routing Encapsulation) which is a tunneling protocol that can encapsulate a
variety of network layer packet types into a GRE tunnel. GRE therefore can encapsulate multicast traffic,
routing protocols (OSPF, EIGRP etc) packets, and other non-IP traffic inside a point-to-point tunnel.
Reference:
http://www.networkstraining.com/passing-non-ip-traffic-over-ipsec-vpn-using-gre-over-ipsec/
84.Which three link-specific fields must match between OSPF neighbors before they form an adjacency
over a broadcast medium? (Choose three.)
A. dead interval
B. options
C. hello interval
D. neighbor
E. router priority
Answer: ACD
Explanation:
AC: If OSPF HELLO or Dead timer interval values are mismatched, then adjacency cannot be achieved.
D: In a successful formation of OSPF adjacency, OSPF neighbors will attain the FULL neighbor state.
Reference:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13699-29.html
85.Which mechanism is used to share routes between routing tables?

A. filter-based forwarding
B. forwarding instances
C. RIB groups
D. routing instances
Answer: C
Explanation:
A RIB group is a way to have a routing protocol, in most cases, place information in multiple route tables.
39 / 76
40 / 76
Referring to the exhibit, Router-1 and Router-2 are failing to form an IS- IS adjacency.
What should you do to solve the problem?
A. Change the IP subnet masks to match on the ge-0/0/2 interfaces of both routers.
B. Change the ISO areas on the Io0 interfaces to match on both routers.
C. Remove the ISO address fromge-0/0/2 on Router-1
D. Remove the overloaded statement from Router-1.
Answer: C
Explanation:
There are two interfaces with ISO addresses on Router-1, and they have different area IDs, 002 and 003.
Only one interface on Router-1 need to have an ISO address.
41 / 76
Referring to the exhibit, what does the asterisk (*) indicate?

A. The router received this entry.
B. This entry is stale.
C. This entry is new.
D. The router originated this entry.
Answer: C
Explanation:
The asterisk (*) next to one of the block entries corresponds to the active route that is used for new traffic.
The term 'new traffic' corresponds to a single packet or an entire flow to a destination, depending on the
type of switching configured. Reference:
42 / 76
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5212-46.html
88.What are three RSTP port states? (Choose three.)

A. learning
B. forwarding
C. listening
D. blocking
E. discarding
Answer: ABE
Explanation:
Port States in STP and RSTP
Reference:
https://www.juniper.net/documentation/en_US/junos12.3/topics/concept/mx-series-rstp-port-states-
roles.html
43 / 76
Referring to the exhibit, which router will be selected as the DR?

A. R1
B. R5
C. R4
D. R3
Answer: D
Explanation:
Note: The higher the priority value, the greater likelihood the routing device will become the designated
router. By default, routing devices have a priority of 128. A priority of 0 marks the routing device as
ineligible to become the designated router. A priority of 1 means the routing device has the least chance of
becoming a designated router. A priority of 255 means the routing device is always the designated router.
Reference: https://www.juniper.net/documentation/en_US/junos16.1/topics/concept/ospf-routing-
designated-router-overview.html
44 / 76
Referring to the exhibit, what does the asterisk (*) following the ge-0/0/5.0 interface indicate?
A. It indicates the interface is a trunk port.
B. It indicates the interface is not active.
C. It indicates the interface is an access port.
D. It indicates the interface is active.
45 / 76
Answer: D
Explanation:
An asterisk (*) beside the interface indicates that the interface is UP. Reference:
http://www.juniper.net/documentation/en_US/junos14.1/topics/reference/command-summary/show-vlans-
bridging-qfx-series.html
46 / 76
47 / 76
Referring to the exhibit, what is the problem?

A. LAG requires more than two member links.
B. LACP is required for LAG to work.
C. Aggregated interfaces must be defined under the chassis stanza.
D. The LAG member interfaces are configured across different line cards.
Answer: C
Explanation:
Use the link aggregation feature to aggregate one or more links to form a virtual link or link aggregation
group (LAG).
92.Which two statements about RSTP are correct? (Choose two.)

A. RSTP is not backwards compatible with STP.
B. RSTP is backwards compatible with STP.
C. RSTP permits multiple root bridges within a Layer 2 domain.
D. RSTP permits only a single root bridge within a Layer 2 domain.
Answer: BC
Explanation:
B: RSTP and STP can co-exist. RSTP achieves its rapid converges over STP through new mechanisms.
If a RSTP switch connects to an STP switch, the RSTP switch will drop down to STP convergence speeds
on a per-port basis.
C: Unlike 802.1d (STP), 802.1w (RSTP) uses Hello packets between bridges to maintain link states and
does not rely on the root bridge.
Reference: https://www.juniper.net/documentation/en_US/junos12.3/topics/concept/mx-series-rstp-port-
states-roles.html
http://www.ciscopress.com/articles/article.asp?p=474236&seqNum=3
93.Which two port security features are dependent on the DHCP snooping database? (Choose two.)
A. MAC limiting
B. dynamic ARP inspection
C. IP source guard
D. storm control
Answer: BC
Explanation:
B: Dynamic ARP inspection (DAI) prevents Address Resolution Protocol (ARP) spoofing attacks. ARP
requests and replies are compared against entries in the DHCP snooping database, and filtering
decisions are made on the basis of the results of those comparisons.
C: IP source guard mitigates the effects of IP address spoofing attacks on the Ethernet LAN. With IP
source guard enabled, the source IP address in the packet sent from an untrusted access interface is
validated against the SourceDSN MAC address in the DHCP snooping database. The packet is
forwarded if the source IP-MAC binding is valid; if the binding is not valid, the packet is discarded. You
enable IP source guard on a VLAN. EX Series switches support IPv6 source guard also. Reference:
http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/port-security-overview.html
94.What is reviewed first in the BGP route selection process?
48 / 76
A. the peer with the lowest IP address

B. the route with an origin of incomplete
C. the path with no MED value
D. the next-hop resolution
Answer: D
Explanation:
Understanding BGP Path Selection The algorithm for determining the active route is as follows: Etc.
Reference: https://www.juniper.net/documentation/en_US/junos12.3/topics/reference/general/routing-
ptotocolsaddress-representation.html
Referring to the exhibit, which type of route is displayed?

A. static
B. generate
C. aggregate
D. martian
Answer: C
Explanation:
From the exhibit we see: 109.0.0.0/8 *[Aggregate/130]
49 / 76
Referring to the exhibit, which type of route is displayed?

A. generate.
B. martian
C. aggregate
D. static
Answer: C
Explanation:
From the exhibit se see: Contributing Routes Note: Route aggregation allows you to combine groups of
routes with common addresses into a single entry in the routing table. This decreases the size of the
routing table as well as the number of route advertisements sent by the routing device. An aggregate
50 / 76
route becomes active when it has one or more contributing routes.

A contributing route is an active route that isa more specific match for the aggregate destination.
Reference: http://www.juniper.net/techpubs/en_US/junos15.1x49-d40/topics/concept/policy-aggregate-
routes.html
51 / 76
52 / 76
Based on the trace options output shown in the exhibit, what is the problem with the adjacency?
A. connectivity
B. authentication mismatch
C. area mismatch
D. MTU mismatch
Answer: C
Explanation:
From the exhibit we see: OSPF packet ignored: area mismatch
Based on the output shown in the exhibit, which statement is correct?

A. The ge-0/0/9 interface is using the default priority value.
B. The ge-0/0/15 interface is using the default port cost.
C. This switch has a bridge priority of 32k.
D. This switch has been elected as the root bridge.
Answer: B
Explanation:
The default port cost for a 100 Mbit/s interface is 200,000, which is the port cost of the ge-0/0/15 interface.
Note: Data rate and default STP path cost
53 / 76
In the exhibit, each IP subnet in the network is associated with a unique VLAN ID.
Which action will ensure that Host C will communicate with Host A and Host B?
A. Configure all switch ports connecting to the host devices as access ports associated with a common
VLAN.
B. Configure an IRB interface for each VLAN and associate it with its corresponding VLAN.
C. Configure all switch ports connecting to the host devices as trunk ports associated with all VLANs.
D. Configure a port-based ACL that permits inter-VLAN routing for all configured VLANs.
Answer: B
Explanation:
Configuring Routing Between VLANs on One Switch To segment traffic on a LAN into separate broadcast
domains, you create separate virtual LANs (VLANs). Of course, you also want to allow these employees
to communicate with people and resources in other VLANs. To forward packets between VLANs you
normally you need a router that connects the VLANs.
However, you can accomplish this on a Juniper Networks switch without using a router by configuring an
integrated routing and bridging (IRB) interface (also known as a routed VLAN interface-- or RVI-- in
versions of Junos OS that do not support Enhanced Layer 2 Software). Reference:
http://www.juniper.net/documentation/en_US/junos15.1/topics/example/RVIs-qfx-seriesexample1.html
100.Depending on the link type, OSPF sends link state update packets to which two addresses? (Choose
two.)
A. 224.0.0.8
54 / 76
B. 224.0.0.6
C. 224.0.0.9
D. 224.0.0.5
Answer: BD
Explanation:
Every time a router sends an update, it sends it to the DR and BDR on the multicast address 224.0.0.6.
The DR will then send the update out to all other routers in the area, to the multicast address 224.0.0.5.
Reference: https://en.wikipedia.org/wiki/Open_Shortest_Path_First
101.Which statement about IS-IS adjacencies is true?

A. Adjacency formation between Level 2 routers must have different area IDs.
B. Adjacency formation between Level 2 routers must have the same area ID.
C. Adjacency formation between Level 1 routers must have the same area ID.
D. Adjacency formation between Level 1 routers must have different area IDs.
Answer: C
Explanation:
IS-IS hello PDUs establish adjacencies with other routers and have three different formats: one for
pointto-point hello packets, one for Level 1 broadcast links, and one for Level 2 broadcast links. Level 1
routers must share the same area address to form an adjacency, while Level 2 routers do not have this
limitation. Reference:
http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/is-is-routing-overview.html
Referring to the exhibit, you are asked to ensure that host-1 can communicate with host-3 while also
allowing host-2 to communicate with host-4.
What should you do to enable this behavior?
A. Configure the native-vlan-id default statement under the ge-0/0/1 port settings on Switch-1.
B. Use the all keyword when defining the member VLANs for the ge-0/0/1 interface on Switch-1.
C. Configure the native-vlan-id default statement under the ge-0/0/1 port settings on both Switch-1 and
Switch-2
D. Use the all keyword when defining the member VLANs for the ge-0/0/1 interface on both Switch-1 and
Switch-2.
55 / 76
Answer: C
Explanation:
Configuring Mixed Tagging Support for Untagged Packets For 1-, 4-, and 8-port Gigabit Ethernet IQ2 and
IQ2-E PICs, for 1-port 10-Gigabit Ethernet IQ2 and IQ2-E PICs, for all MX Series router Gigabit Ethernet,
Tri-Rate Ethernet copper, and 10-Gigabit Ethernet interfaces configured for 802.1Q flexible VLAN tagging,
and for aggregated Ethernet interfaces on IQ2 and IQ2-E PICs or MX Series DPCs, you can configure
mixed tagging support for untagged packets on a port. Untagged packets are accepted on the same
mixed VLAN-tagged port. To accept untagged packets, include the native-vlan-id statement and the
flexible-vlan-tagging statement at the [edit interfaces interface-name] hierarchy level: [edit interfaces
ge-fpc/pic/port] flexible-vlan-tagging; native-vlan-id number; Reference:
https://www.juniper.net/documentation/en_US/junos13.3/topics/usage-guidelines/interfaces-enabling-vla
n-tagging.html
103.Click to the exhibit button.
56 / 76
57 / 76
Referring to the exhibit, which configuration change is needed for an IS-IS Level 1 adjacency between R1
and R2?
A. Configure the Io0 family ISO address 49.0002.0010.0042.0002.00 on R1.
B. Disable Level 2 on R2'sge-0/0/1 interface.
C. Configure the Io0 family ISO address 49.0002.0010.0042.0002.00 on R2.
D. Enable Level 2 on R1's ge-0/0/1 interface.
Answer: C
Explanation:
Level 1 adjacencies can be formed between routers that share a common area number. We need to
change ISO addresses so that both routers have the same area number. If we change the ISO address
on R2 49.0002.0010.0042.0002.00, both routers will have 0002 as area number. Note: Level 2 adjacency
can be formed between routers that might or might not share an area number. Reference:
http://www.juniper.net/techpubs/en_US/junos16.1/topics/example/isis-multi-level.html
104.Which two statements are correct about redundant trunk groups on EX Series switches? (Choose
two.)
A. Layer 2 control traffic is permitted on the secondary link.
B. If the active link fails, then the secondary link automatically takes over.
C. Redundant trunk groups load balance traffic across two designated uplink interfaces.
D. Redundant trunk groups use spanning tree to provide loop-free redundant uplinks.
Answer: AB
Explanation:
A: While data traffic is blocked on the secondary link, Layer 2 control traffic is still permitted. For example,
an LLDP session can be run between two switches on the secondary link.
B: The redundant trunk group is configured on the access switch and contains two links: a primary or
active link, and a secondary link. If the active link fails, the secondary link automatically starts forwarding
data traffic without waiting for normal spanning-tree protocol convergence. Reference:
http://www.juniper.net/documentation/en_US/junos13.2/topics/concept/cfm-redundant-trunk-groups-
understanding.html
58 / 76
Referring to the exhibit, which statement is correct?

A. This device is the root bridge.
B. The spanning tree session has timed out.
C. The bridge priority on the root device is set to 8k.
D. The local bridge priority is set to 8k.
Answer: C
Explanation:
The Root ID field is the Bridge ID of the elected spanning tree root bridge. The bridge ID consists of a
configurable bridge priority and the MAC address of the bridge. Here the bridge priority is 8192, which is
8k.
106.Click to the Exhibit button.
59 / 76
Referring to the exhibit, which router will become the BDR if all routers are powered on at the same time?
A. R3
B. R2
C. R1
D. R4
Answer: A
Explanation:
In LANs, the election of the designated router takes place when the OSPF network is initially established.
When the first OSPF links are active, the routing device with the highest router identifier (defined by the
router-id configuration value, which is typically the IP address of the routing device, or the loopback
address) is elected the designated router. The routing device with the second highest router identifier is
elected the backup designated router. Reference:
www.juniper.net/documentation/en_US/junos16.1/topics/concept/ospf-routing-designated-router
overview.html
60 / 76
Switch-1 in the exhibit receives a packet from User A with a destination MAC address of
00:26:88:02:74:48.
Which statement is correct?
A. Switch-1 floods the packet out ge-0/0/6, ge-0/0/7, and ge-0/0/8.
B. Switch-1 sends the packet out ge-0/0/7 only.
C. Switch-1 sends the packet out ge-0/0/8 only.
D. Switch-1 floods the packet out ge-0/0/7 and ge-0/0/8.
Answer: D
Explanation:
A switch populates its mac-address table with mac addresses registered on incoming frames. As a result,
when the switch needs to forward a frame destined to that specific mac-address, it will know out of which
port to send the frame. Flooding however occurs when the switch does not know of the destination mac-
address? say the switch has not learnt that mac address yet; or maybe that specific entry expired so it got
flushed away from the mac-address table. To ensure the frame reaches its intended destination, the
switch will replicate that frame out of all ports, less the port where the frame was received that's flooding.
Reference:
http://blogbt.net/index.php/2015/03/mac-address-table-arp-table-and-unicast-flooding-part-i/
108.Which two statements are true about OSPF not-so-stubby areas? (Choose two.)
A. The ASBR originates Type 7 LSA a for redistributed external routes.
B. Type 5 LSAs are translated by the ASBR into Type 7 LSAs.
C. The ASBR originates Type 5 LSAs for redistributed external routes.
D. Type 7 LSAs are translated by the ABR into Type 5 LSAs.
Answer: AD
Explanation:
Redistribution into an NSSA area creates a special type of link-state advertisement (LSA) known as type 7,
which can only exist in an NSSA area. An NSSA autonomous system boundary router (ASBR) generates
this LSA and an NSSA area border router (ABR) translates it into a type5 LSA, which gets propagated into
the OSPF domain. Reference:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/6208-nssa.html
61 / 76
Given the information shown in the exhibit, what was used to determine mastership?
A. member uptime
B. manually assigned role
C. highest serial number
D. manually assigned priority
Answer: A
Explanation:
When a Virtual Chassis configuration boots, the Juniper Networks Junos operating system (Junos OS) on
the switches automatically runs a master election algorithm to determine which member switch assumes
the role of master. The algorithm proceeds from the top condition downward until the stated condition is
satisfied.
110.An EBGP session sources its TCP connection from which IP address?
62 / 76
A. The IP address of the primary address assigned to the loopback interface.

B. The IP address assigned as the router ID.
C. The IP address of the preferred address assigned to the loopback interface.
D. The IP address of the interface that connects the two BGP speakers.
Answer: D
Explanation:
The BGP session between two BGP peers is said to be an external BGP (eBGP) session if the BGP peers
are in different autonomous systems (AS). A BGP session between two BGP peers is said to be an
internal BGP (iBGP) session if the BGP peers are in the same autonomous systems. By default, the peer
relationship is established using the IP address of the interface closest to the peer router. Reference:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13751-23.html
Referring to the exhibit, which statement is true?

A. R3 has the complete OSPF database.
B. R3 and R4 have an adjacency state of Full.
C. R4 is elected as the DR.
D. R1 and R2 are elected as DROTHERs.
Answer: AC
Explanation:
C: In LANs, the election of the designated router takes place when the OSPF network is initially
established. When the first OSPF links are active, the routing device with the highest router identifier
63 / 76
(defined by the router-id configuration value, which is typically the IP address of the routing device, or the
loopback address) is elected the designated router.
112.You notice that there are currently two MAC addresses associated with a single access port in the
bridge table on one of your EX Series switches.
What are two explanations for this behavior? (Choose two.)
A. The access port connects to an IP phone which connects to a host device.
B. The native VLAN feature has been associated with the access port.
C. The mac-move-limit feature has been disabled on the access port.
D. The access port connects to multiple hosts through a rogue device.
Answer: BD
Explanation:
MAC move limiting detects MAC movement and MAC spoofing on access interfaces. You enable this
feature on VLANs.
113.Which two statements are correct about a Virtual Chassis?

A. A Virtual Chassis is managed using a single virtual console port.
B. Each device must be managed separately.
C. All members in a Virtual Chassis must be running the same Junos version.
D. You must use the same EX Series switch for all members in a Virtual Chassis.
Answer: AC
Explanation:
A: You can connect a PC or laptop directly to a console port of any member switch to set up and configure
the Virtual Chassis. When you connect to the console port of any member switch, the console session is
redirected to the master switch.
C: In a Virtual Chassis, each member switch must be running the same version of Juniper Networks
Junos operating system (Junos OS).
64 / 76
65 / 76
Referring to the exhibit, which policy will export routes to IBGP peers?
A. static-4
B. static-1
C. static-3
D. static-2
Answer: A
Explanation:
Explanation; Type internal in group two indicates refers to an IBGP route. Reference:
http://www.juniper.net/documentation/en_US/junos13.3/topics/topic-map/bgp-ibgp-peering.html
115.Which two sequence correctly describe the correct processing order of firewall filters on an EX Series
switch? (Choose two.)
A. port filter > VLAN filter > router filter > transmit packet
B. router filter > VLAN filter > port filter > transmit packet
C. receive packet > port filter > VLAN filter >router filter
D. receive packet > router filter > VLAN filter > port filter
Answer: BC
Explanation:
The order in which filters are applied depends on the direction in which they are applied, as indicated
here:
B: Egress filters (outbound traffic leaving the device or interface): C: Ingress filters (inbound traffic to the
device or interface): Reference:
https://www.juniper.net/documentation/en_US/junos16.1/topics/task/troubleshooting/firewall-f ilter-qfx-
series.html
116.Which state indicates that the BGP session is fully converged?

A. Connect
B. Up
C. Established
D. Active
Answer: C
Explanation:
In order to make decisions in its operations with peers, a BGP peer uses a simple finite state machine
(FSM) that consists of six states: Idle; Connect; Active; OpenSent; OpenConfirm; and Established. In the
Established state, the peers send Update messages to exchange information about each route being
advertised to the BGP peer.
117.Which connection method do OSPF routers use to communicate with each other?
A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6
Answer: C
66 / 76
118.Which two prefixes are martian routes by default? (Choose two.)

A. 127.0.0.0/16
B. 127.0.0.0/8
C. 192.0.0.0/16
D. 192.0.0.0/24
Answer: BD
Explanation:
Martian addresses are host or network addresses about which all routing information is ignored. When
received by the routing device, these routes are ignored. They commonly are sent by improperly
configured systems on the network and have destination addresses that are obviously invalid. To view the
default and configured martian routes, run the show route martians command. IPv4 Martian Addresses
user@host> show route martians table inet.
inet.0:
0.0.0.0/0 exact -- allowed
0.0.0.0/8 orlonger – disallowed
127.0.0.0/8 orlonger -- disallowed
192.0.0.0/24 orlonger – disallowed
224.0.0.0/4 exact – disallowed
224.0.0.0/24 exact – disallowed
inet.1:
0.0.0.0/0 exact -- allowed
240.0.0.0/4 orlonger -- disallowed Etc.
Reference:
https://www.juniper.net/documentation/en_US/junos16.1/topics/concept/martian-addressesunderstanding
.html
119.You configured a GRE tunnel that traverses a path using default MTU settings. You want t o ensure
that packets are not dropped or fragmented.
In this scenario, what is the maximum packet size that would traverse the GRE tunnel?
A. 1476
B. 1500
C. 1400
D. 1524
Answer: A
Explanation:
The default Ethernet MTU is 1500. There is a 24 byte GRE overhead, so there remain 1476 bytes for the
data packet. Reference: https://kb.juniper.net/InfoCenter/index?page=content&id=KB7848&actp=search
120.Which two statements are true about a unified ISSU? (Choose two.)
A. It requires that Bidirectional Forwarding Detection be disabled.
67 / 76
B. It is only supported on platforms with redundant control planes.

C. It is only supported on platforms with redundant power supplies.
D. It requires that graceful Routing Engine switchover be enabled.
Answer: BD
Explanation:
B: Recent development work by many router vendors has focused on an effort to provide hitless control
plane switchovers, which means keeping the control plane states in sync between the active and standby
control planes prior to a switchover. Many consider this capability to be a prerequisite to delivering ISSU.
Hitless control plane switch overs are usually implemented using the same version of code on both active
and standby control plane components.
However, ISSU design additionally requires different software versions running on active and standby
control plane components.
D: Unified ISSU is supported only on dual Routing Engine platforms. In addition, the graceful Routing
Engine switchover (GRES) and nonstop active routing (NSR) must be enabled. https://www.juniper.net/
documentation/en_US/junos15.1/topics/reference/requirements/issu- system-requirements.html
Reference: https://www.juniper.net/kr/kr/local/pdf/whitepapers/2000280-en.pdf
121.What is the default route preference for BGP?

A. 167
B. 170
C. 150
D. 179
Answer: B
Explanation:
BGP has the default preference of 170. Reference:
https://www.juniper.net/documentation/en_US/junos14.2/topics/reference/general/routing- protocols-
default-route-preference-values.html
68 / 76
Your router is configured to peer with your ISP's router using BGP. You can only control your BGP
configuration.
69 / 76
Which address families are negotiated between the two BGP peers shown in the exhibit?
A. inet-vpn-unicast
B. inet-unicast inet-vpn-unicast 12vpn
C. inet-unicast inet-vpn-unicast 12vpn-signaling
D. inet-unicast
Answer: D
Explanation:
From the exhibit we see: NLRI for restart configured on peer: inet -unicast inet-vpn-unicast 12vpn but we
also see: NLRI that restate is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
In the exhibit, each IP subnet in the campus environment is associated with a unique VLAN ID.
Which action will ensure that Host C will communicate with Host A and Host B?
A. Configure an IRB interface for each VLAN and associate it with its corresponding VLAN.
B. Configure all switch ports connecting to the host devices as trunk ports associated with all VLANs.
C. Configure a port-based ACL that permits inter-VLAN routing for all configured VLANs.
D. Configure all switch ports connecting to the host devices as access ports associated with a common
VLAN.
Answer: A
Explanation:
Configuring Routing Between VLANs on One Switch to segment traffic on a LAN into separate broadcast
domains, you create separate virtual LANs (VLANs). Of course, you also you want to allow these
employees to communicate with people and resources in other VLANs. To forward packets between
VLANs you normally you need a router that connects the VLANs.
However, you can accomplish this on a Juniper Networks switch without using a router by configuring an
integrated routing and bridging (IRB) interface (also known as a routed VLAN interface-- or RVI-- in
versions of Junos OS that do not support Enhanced Layer 2 Software). Reference:
http://www.juniper.net/documentation/en_US/junos15.1/topics/example/RVIs-qfx-series-example1.html
70 / 76
124.How many bytes of overhead does an IP-IP tunnel add to a packet?

A. 24 bytes
B. 28 bytes
C. 20 bytes
D. 14 bytes
Answer: C
Explanation:
Difference Between GRE and IP-IP Tunnel. Generic Routing Encapsulation (GRE) and IP-in-IP (IPIP) are
two rather similar tunneling mechanisms which are often confused. In terms of less overhead, the GRE
header is 24 bytes and an IP header is 20 bytes.
Reference: https://www.knowledgebombs.net/blog/2012/08/01/wireshark-ipip-capture-filter.html
71 / 76
Referring to the exhibit, which two statements are true?

A. The policy A routing policy takes precedence over all other policies.
B. No policy is used for neighbor 10.0.0.4.
C. The policy B routing policy is used by neighbor 10.0.0.4.
72 / 76
D. The policy D routing policy is the only policy used by neighbor 10.0.0.2.
Answer: CD
Explanation:
C: A group-level import or export statement, such as export policy B within the group ibgp-peer’s
statements, overrides a global BGP import or export statement. It is applied to neighbor 10.0.0.4
126.Switch-1 in the exhibit receives a packet from User A with a destination MAC address of
00:26:88:02:74:47.
Which statement is correct in this scenario?

A. Switch-1 floods the packet out ge-0/0/6, ge-0/0/7, ge-0/0/8, and ge-0/0/9.
B. Switch-1 floods the packet out ge-0/0/7 and ge-0/0/8.
C. Switch-1 floods the packet out ge-0/0/7, ge-0/0/8, and ge-0/0/9.
D. Switch-1 sends the packet out ge-0/0/7 only.
Answer: C
Explanation:
To forward a frame destined to that specific mac -address, it will know out of which port to send the frame.
73 / 76
Flooding however occurs when the switch does not know of the destination mac - address? say the switch
has not learnt that mac address yet; or maybe that specific entry expired so it got flushed away from the
mac-address table. To ensure the frame reaches its intended destination, the switch will replicate that
frame out of all ports, less the port where the frame was received that's flooding. Reference:
http://blogbt.net/index.php/2015/03/mac-address-table-arp-table-and-unicast-flooding-part-i/
127.An OSPF hello packet has been sent, but bidirectional communication has not been established.
What is the state of the OSPF adjacency?
A. Down
B. Init
C. Exchange
D. Loading
Answer: A
Explanation:
Down is the first OSPF neighbor state. It means that no information (hellos) has been received from this
neighbor, but hello packets can still be sent to the neighbor in this state. Incorrect Answers:
B: The Init state specifies that the router has received a hello packet from its neighbor, but the receiving
router's ID was not included in the hello packet. Reference:
http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-13.html
128.You want to provide reachability to your data center by advertising its subnet throughout your
upstream peer AS.
However, you do not want this prefix advertised any further.
Which BGP community value would be used to meet this requirement?
A. no-advertise
B. no-export
C. no-export-subconfed
D. 65512 - 65535
Answer: B
129.Referring to the exhibit, you want router A to have an EBGP peering with router C. They are both
connected through router B, which does not have BGP running, and has static routes configured.
What must be configured in the EBGP peer groups on routers A and C to make this connection possible?
74 / 76
A. MED
B. multihop
C. multipath
D. next-hop
Answer: B
130.Referring to the configuration shown in the exhibit, which statement is true?
A. RP2 stops sending all SA messages to its peer.

B. RP1 stops sending all SA messages to its peer.
C. RP2 stops sending SA messages for the group 224.7.7.7 from source 192.168.100.10 to RP1.
D. RP1 stops sending SA messages for the group 224.7.7.7 from source 192.168.100.10 to RP2.
Answer: C
131.You are a service provider and have multiple customers in a building. You are installing a new switch
that can host all of your customers.
However, you would like to ensure that one customer cannot see or broadcast to another customer. You
would also like to have them use a common gateway IP address from the building.
What should be used to provide this access?
A. VLAN
B. private VLAN
C. filter-based VLAN
D. Layer 2 tunneling
Answer: B
132.What kind of filter would be written to protect control traffic destined for the switch?
A. A filter applied to the default VLAN
B. A filter applied to the native VLAN
75 / 76
C. A filter applied to the management interface

D. A filter applied to the loopback interface
Answer: D
133.What BGP attribute is mostly likely to influence a remote AS that you do not peer with?
A. This is not possible given the local scope of BGP
B. AS path
C. MED
D. Local preference
Answer: B
134.You were provided a network diagram that told you to number your network from the 191.255.0.0/16
space. OSPF is enabled and adjacencies are up, but no routers are learning any routes.
What can explain this?
A. The default OSPF export policies advertise nothing, so you need to apply export policy
B. The default OSPF import policy rejects all OSPF routes, so you need to apply import policy
C. You need to modify the martian table with a 191.255.0.0/16 accept statement
D. You need to enable OSPF on the lo0 interface to provide a route to the RID of each router in the
network
Answer: C
135.What types of authentication are supported in Junos for OSPF?

A. Simple password
B. MD5 checksum
C. Hitless key chain of MD5 keys/checksums
D. All of the above
Answer: D
136.What are three types of port designation specific to Private VLANs? (Choose three.)
A. Promiscuous ports
B. Transparent ports
C. PVLAN trunk ports
D. Designated ports
E. Isolated ports
Answer: ACE
76 / 76

JN0 348

Uploaded by

Copyright:

Available Formats

JN0 348

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

JN0 348

Uploaded by

Copyright:

Available Formats

IT Certification Exams Provider!

Title : Enterprise Routing and

1.Which two statements describe aggregate routes? (Choose two.)

5.Click the Exhibit button.

6.Click the Exhibit button.

8.Click the Exhibit button.

9.Which statement is true about GRE tunnels?

10.Which device is used to separate collision domains?

11.Click the Exhibit button.

12.Click the Exhibit button.

C. The destination MAC added to the DHCP snooping database.

14.Click the Exhibit button.

16.Which area is reserved for the OSPF backbone?

17.Click the Exhibit button.

What is causing the problem, as shown in the exhibit?

19.Click the Exhibit button.

20.Click the Exhibit button.

The IS-IS adjacency between routers R1 and R2 will not establish.

21.Click the Exhibit button.

Referring to the outputs shown in the exhibit, which statement is correct?

B. The switch’s bridge priority is 4k.

25.Click the Exhibit button.

26.Click the Exhibit button.

You are unable to establish a BGP session between R2 and ISP-B.

28.Click the Exhibit button.

29.Click the Exhibit button.

32.Click the Exhibit button.

34.Click the Exhibit button.

36.Click the Exhibit button.

37.Click the Exhibit button.

B. The attribute is transmitted across EBGP links.

39.Click the Exhibit button.

40.Click the Exhibit button.

C. topology change notification

43.Click the Exhibit button.

44.What is considered a requirement for passing traffic through GRE tunnels?

46.Click the Exhibit button.

You are troubleshooting an IS-IS adjacency problem as shown in the exhibit.

Which action would solve the problem?

49.Which statement describes optional transitive BGP attributes?

50.Click the Exhibit button.

Referring to the exhibit, which statement is correct?

51.Click the Exhibit button.

Referring to the exhibit, why is the 0.0.0.0/0 route hidden?

53.Click the Exhibit button.

59.Click the Exhibit button.

60.Which statement is true about load balancing of equal cost paths?

61.What is the default BGP group type on a Junos device?

63.Click the Exhibit button.

66.What information is included in the DHCP snooping database? (Choose two.)

69.What are two types of IS-IS PDUs? (Choose two.)

70.What are three extended BGP communities? (Choose three.)

74.What are two interarea OSPF LSA types? (Choose two.)

75.Click the Exhibit button.

76.Click the Exhibit button.

78.Click the Exhibit button.

79.Click the Exhibit button.

80.Referring to the exhibit.

83.Which protocol supports tunneling of non-IP traffic?