Q1. Which attributes are automatically updated when a BGP update is sent to an EBGP
neighbor? (choose 2) A,D
A. BGP Next-hop attribute
B. Local Preference attribute
C. Multi Exit Descriminator (MED) attribute
D. AS-Path attribute
E. Origin attribute
Q2. Which statements are true about post-service-filters? (choose 3) A,C,D
A. A post-service-filter can only be used on input
B. A post-service-filter can be used on input, output or both
C. A post-service-filter is only applied to packets that are processed by a service-set
D. A post-service-filter is a standard stateless firewall-filter
Q3. For a given prefix 10.10.10.0/23 learned as an OSPF Internal Intra-Area, an OSPF
Internal Inter-Area and an OSPF AS External type 1, which route will be preferred? A
A. OSPF Internal Intra-Area route
B. OSPF Internal Inter-Area route
C. OSPF AS External type 1
D. Equal cost load sharing will occur if equal cost paths exist
Q4. Your enterprise is dual-homed to the same Service Provider using BGP, with two links
having bandwidth of STM1/OC3 and STM4/OC12 respectively. You want to influence all traffic
leaving your autonomous-system to use the STM/OC12 link.
Which BGP attributes can you modify to accomplish this goal? (choose 2) B,D
A. Set Local Preference in an import policy for routes learned from the neighbor on the
STM4/OC12 link to be 80
B. Set Local Preference in an import policy for routes learned from the neighbor on the
STM4/OC12 link to be 180
C. Configure the import-policy for the STM4/OC12 neighbor to set the ORIGIN attribute to
be INCOMPLETE
D. Configure the import-policy for the STM1/OC3 neighbor to as-path prepend the
neighbors autonomous-system twice
E. Configure the import-policy for the STM4/OC12 neighbor to as-path prepend the
neighbors autonomous-system twice
Q5. In the exhibit,
which export policy or policies will be applied to BGP neighbor 10.10.10.1? C
A. global-policy
B. group-policy
C. nbr-policy
D. all three policies
E. none of the policies
Q6. Which steps are required to configure an interface-style service set? (choose 5) A,B,C,D,F
A. Configure the service interface
B. Configure the service rules and rule-sets
C. Configure the service-set to include the service rules and/or rule-sets
D. Configure the service-set to be interface-style and which service interface to use
E. Configure routing to the service interface
F. Apply the service-set to the required interfaces
Q7. Which step is not recommended as part of a seamless RIP to OSPF IGP transition using
the overlay method? C
A. Configure all routers to ensure the existing RIP IGP has a better route preference than
the new OSPF IGP
B. Configure all routers to run OSPF
C. Redistribute all RIP routes into OSPF and vise versa
D. Ensure all routers have learned all networks via OSPF
E. Gracefully transition to OSPF by changing the route-preference of RIP to be higher than
OSPF
Q8. Which configuration step is required when configuring an OSPF NSSA area? C
A. You must configure nssa on all routers in the network
B. You must configure nssa under [ edit protocols ospf ]
C. You must configure nssa under [ edit protocols ospf area ]
D. You must configure nssa only on the Area Border Routers (ABR's)
Q9. Which statements below are valid JUNOS stateful-firewall rule match types? (choose 3) A,
B,D
A. destination-address-range
B. source-prefix-list
C. esp-spi
D. applications
E. interface-set
Q10. In the exhibit, which statement is true for the static route 11.11.11.0/24 that is evaluated
against the BGP export policy chain? D
A. The 11.11.11.0/24 prefix is accepted by policy P1 and advertised to neighbor
10.10.10.1
B. The 11.11.11.0/24 prefix is rejected by policy P1 and not advertised to neighbor
10.10.10.1
C. The 11.11.11.0/24 prefix is rejected by the policy P2
D. The 11.11.11.0/24 prefix is rejected by the BGP default policy
E. The 11.11.11.0/24 prefix is accepted by the BGP default policy
Q11. You want to determine which NAT pools have been configured on the router.
Which command will display this information (choose 1) D
A. show services nat available pools
B. show services pools
C. show services nat-pool-table
D. show services nat pools
Q12. Which statements best describe Enterprise connections to Service Providers? (choose 2) C,
D
A. Enterprises should always run BGP with their Service Providers when their CPE router
has parallel multiple links to the ISP router
B. When BGP is run in an enterprise network, all routers need to run BGP
C. Enterprises should use a static default route when there is only one entry/exit point out
of their network
D. Enterprises should use BGP when they are multi-homed and have a need to exercise
policy controls
Q13. Assuming the requirements for the establishment of an EBGP session between the
loopback0 interfaces of both routers. The local autonomous-system is defined as AS100 and
the neighbors autonomous-system is AS200.
The local autonomous-system is configured under [ routing-options autonomous-system
100 ]
Which statement is not true about Multihop External BGP peering sessions? A
A. Both peer-as 200 and type external parameters are required
B. Only peer-as 200 is required
C. You must configure the local-address parameter
D. You must configure the ttl for the multi-hop neighbor(s)
E. The local router must have a route to the eBGP neighbors configured address
Q14. In the exhibit, which statements are true for the NAT translation? (choose 2) B,C
A. The private/internal IP address that will be changed is 192.168.11.4
B. The private/internal IP addresses that will be changed are 10.222/16
C. The public/external IP address is 192.168.11.4
D. The private/internal IP addresses can be anything
E. The public/external IP address is 10.222.44.1
Q15. While monitoring the systems messages file, you encounter an entry that is frequently
repeated, but seems somewhat cryptic
Jun 8 14:12:28 R1 chassisd[2737]: CHASSISD_IFDEV_DETACH_PIC: ifdev_detach_pic(0/3)
Which command can you use to better understand the significance of this message? C
A. show syslog message CHASSISD_IFDEV_DETACH_PIC
B. show system message CHASSISD_IFDEV_DETACH_PIC
C. help syslog CHASSISD_IFDEV_DETACH_PIC
D. show system error log CHASSISD_IFDEV_DETACH_PIC
Q16. In the exhibit, which statements are valid entries for the "State" field? (choose 3) B,D,E
A. Monitor
B. Watch
C. Listen
D. Drop
E. Forward
Q17. The security policy for your company specify that access for all operations staff to network
devices will migrate to the TACACS+ protocol. The RADIUS protocol is currently deployed and
will be the preferred method for authentication
What configuration is required on the JUNOS routers to ensure that only when network
connectivity issues resulting in the TACACS+ and RADIUS being inaccessible allow locally
defined users to login to the routers? C
A. set system authentication-order [radius tacplus password]
B. set system authentication-order [tacplus radius password]
C. set system authentication-order [radius tacplus]
D. set system authentication-order [tacplus radius]
Q18. Which statements are true about Queuing on M-Series and J-Series routers (choose 3) B,C,
E
A. All M-Series routers support up to 8 hardware queues
B. All J-Series routers support up to 8 queues
C. Forwarding-classes map to queues
D. Voice Traffic is automatically classified as expedited-forwarding (EF) and sent to queue
1
E. The default queue/forwarding class associations are
a. Queue 0 - best-effort
b. Queue 1 - expedited-forwarding
c. Queue 2 - assured-forwarding
d. Queue 3 - network-control
Q19. You need to determine which VPN technology is best suited to provide enterprise branch
office connectivity. The requirements are that the solution should be:
cost-effective does not have stringent security requirements need not support legacy protocols
should be simple to manage for the customer
should also provide Internet access on the same physical interface Which technologies/
solutions are best suited? D
A. Traditional overlay L2VPN based on Frame-Relay, ATM or Leased lines
B. MPLS based L2VPN
C. IPSec VPN
D. MPLS based L3VPN
E. GRE tunnel VPN
Q20. You need to ensure that a branch office which is connected to the Service Provider with a
link speed of 128K does not get overwhelmed with traffic from the head office which has a link
speed of 2Mbps. Juniper Networks J-Series routers are deployed as CPE devices in both
locations.
Which mechanism is best suited? D
A. Police traffic exceeding 128Kbps to the branch site at the head office
B. Upgrade the branch sites bandwidth to 2 Mbps to ensure traffic limits are not exceeded
C. Apply Class of Service to ensure that the most important traffic is prioritized
D. Apply JUNOS Virtual Channels at the head office to ensure branch office sites are not
overwhelmed with too much traffic
Q21. Which statements are true regarding Class of Service configuration in JUNOS? (choose 4)
A,C,D,E
A. Behavior Aggregate (BA) classifiers are configured under
[edit class-of-service classifiers]
B. Behavior Aggregate (BA) classifiers are applied under
[edit interfaces class-of-service]
C. scheduler-maps are needed to link forwarding-classes to schedulers
D. RED/WRED profiles configured under [edit class-of-service drop-profiles] must be
referenced in schedulers to take effect
E. Rewrite-rules are configured under [edit class-of-service rewrite-rules] and must be
applied to the logical interfaces defined under [edit class-of-service interfaces]
F. Schedulers are configured under [edit class-of-service schedulers] and may include
a. forwarding-class
b. transmit-rate
c. priority
d. buffer-size
Q22. Which statements are true about Policing/Rate Limiting (choose 2) A,C
A. Policing is a useful tool for protecting the network from non-compliant sources
B. Token-bucket policers can not be used on all interface types
C. Policers can be used to protect the network against DoS/DDoS attacks
D. Policers can only be configured on ingress
Q23. Which command can be used to determine which sockets the router has in either a listen
or established state? B
A. show netstat sockets
B. show system connections
C. show running protocols
D. show connections up
Q24. During the establishment of an IPSec VPN, the routers negotiate which parameters will be
used for the establishment of the IPSec Security Association (SA) using proposals that define
these parameters.
Which statements are true about configuring IPSec proposals? (choose 3) C,D,F
[edit services ipsec-vpn ipsec proposal p1]
luser@Junos-router#
A. set authentication algorithm blowfish
B. set encryption algorithm rsa
C. set encryption algorithm aes-256-cbc
D. set protocol esp
E. set protocol ip
F. set lifetime 86400
Q25. You need to verify that the IPSec VPN that you have just configured on a J-Series router is
operating correctly.
Which commands could be used to verify this? (choose 2) C,D
A. show ike security-associations
B. show ipsec security-associations
C. show services ipsec-vpn ike security-associations
D. show services ipsec-vpn ipsec security-associations
Q26. Which statements are true for Class of Service ingress processing (choose 2) B,E
A. Rewrite codepoints
B. Multifield classification
C. Scheduling
D. Shaping
E. RateLimiting/Policing
Q27. Which three commands are valid syntax?' A,C,D
A. set then reject
B. set then discard
C. set then accept
D. set then next-policy
E. set then metric2 20 accept
Q28. Which configuration step is required when configuring an OSPF NSSA area? C
A. You must configure nssa on all routers in the network
B. You must configure nssa under [ edit protocols ospf ]
C. You must configure nssa under [ edit protocols ospf area ]
D. You must configure nssa only on the Area Border Routers (ABR's)
Q29. Which statement is true about prefix-lists? (choose 2) B,C
A. They are always exact matches when used in firewall-filters
B. They are always orlonger matches when used in firewall-filters
C. They are always exact matches when used in routing policies
D. They are always orlonger matches when used in routing policies
Q30. You are at the [ firewall family inet filter actions term u-decide] Yoiurconfiguration
hierarchy.
Which three commands are valid syntax? A,C,E
A. set then reject tcp-reset
B. set then source-class
C. set then accept log syslog sample count PKTS
D. set then next-policy
E. set then forwarding-class
Q31. Which statement is true if a route does not match any terms in a policy chain? D
A. The route is automatically accepted
B. The route is automatically rejected',false
C. The accept/reject decision must be specified in the final policy',false
D. The accept/reject decision is based on the protocols default policy
Q32. Which OSPF LSA is not flooded in an OSPF Stub Area? D
A. Router LSA\'s (Type 1)
B. Network LSA\'s (Type 2)
C. Summary LSA\'s (Type 3)
D. ASBR Summary LSA\'s (Type 4)
Q. Which statement is true for the order of the selection of the BGP active route? D
A. AS-Path -> Local-Preference -> Origin -> MED
B. MED -> Origin -> AS-Path -> Local-Preference
C. Local-Preference -> Origin -> AS-Path -> MED
D. Local-Preference -> AS-Path -> Origin -> MED
Q33. Which statements are true about Internal BGP configurations? (choose 3) B,C,D
A. Only directly connected neighbors need be configured
B. Usually the IP address of the loopback0 interface is used for the IBGP sessions
C. Use of the local-address configuration statement is required
D. The IGP is used to route packets between remote neighbors
E. When multiple links exist between neighbors, there needs to be multiple neighbors
configured
Q34. In a network which does not use Route Reflectors, which statements are true about BGP
readvertisement rules? (choose 2) B,E
A. When learned from External BGP, readvertise to only IBGP neighbors
B. When learned from External BGP, readvertise to both IBGP and other EBGP neighbors
C. When learned from Internal BGP, readvertise to only IBGP
D. When learned from Internal BGP, readvertise to both IBGP and EBGP neighbors
E. When learned from Internal BGP, readvertise to only EBGP
Q35.You have multiple routes to the same destination using the default route preference.
Which source of routing information will be selected? A
A. OSPF Internal
B. RIP
C. OSPF External
D. Internal BGP
E. External BGP
Q36. Which of the following configuration statements must be added to the sample configuration
to redistribute RIP prefixes into all OSPF areas? A
A. set export rip-2-ospf
B. set area 0 export rip-2-ospf
set area 10 export rip-2-osp
set area 20 export rip-2-ospf
C. set area 20 nssa default-lsa default-metric 1
D. set area all export rip-2-ospf
Q37. Which statements are true about service-filters? (choose 3) B,C,E
A. A service-filter can only be used on input
B. A service-filter can be used on input, output or both
C. A service-filter cannot match multicast traffic
D. A service-filter is a standard stateless firewall-filter
E. A service-filter can only be used with interface-style service-sets
Q38. Which statements are true about the Networks Address Translations (NAT) options that
JUNOS supports? (choose 3) A,C,D
A. Source Dynamic
B. Destination Dynamic
C. Source Static
D. Destination Static
Q39. Which statements are true about the Networks Address Translations (NAT) types that
JUNOS supports? (choose 4) A,B,C,E
A. Source Static 1:1 translation
B. Destination Static 1:1 translation
C. Source Dynamic many:1 translation (PAT)
D. Destination Dynamic 1:1 translation
E. Source Dynamic 1:1 translation
Q. Which statements below are valid JUNOS stateful-firewall rule actions and action modifiers?
(choose 2) C
A. discard
B. log
C. syslog
D. sample
Q40. Which statements are true about the IPSec VPN implementation for protecting transit data
on M-Series and J-Series routers? (choose 2) C,D
A. Only data integrity is supported with Authentication Header (AH)
B. Only data privacy is supported with Encapsulating Security Payload (ESP)
C. Both data integrity with Authentication Header (AH) and data privacy with Encapsulating
Security Paylpoad (ESP) are supported
D. Only tunnel mode is supported
E. Only transport mode is supported
Q41. Which statements are true about Application Layer Gateways (ALG\'s)? (choose 3) A,B,E
A. ALG\'s allow the router to interact with protocols at layer 4 and above
B. ALG\'s allow the router to inspect the payload of connections
C. ALG\'s allow the router to translate protocols
D. ALG\'s are required for all connections
E. Custom ALG definitions can be configured
Q42. Which statements below are valid JUNOS nat rule match types and actions? (choose 3) A,D,
F
A. from source-address
B. from destination-address-range
C. from source-prefix-list
D. then translated translation-type source dynamic
E. then count
F. then no-translation
Q43. Which statements below best describe the role of Class of Service (choose 2) B,D
A. CoS is designed to make the network faster
B. CoS provides mechanisms for categorizing traffic
C. CoS is designed to reduce congestion
D. CoS allows network devices to prioritize traffic based on category
E. CoS always improves network performance
Q44. Which statements are true for Class of Service traffic classification (choose 3) B,D,E
A. Behavior Aggregate (BA) classification is based on examining various fields in the IP header
B. Multifield (MF) classification is based on examining various fields in the IP header
C. Behavior Aggregate (BA) classifiers are most commonly used at the edge of the network
D. Behavior Aggregate (BA) classifiers are most commonly used in the network core
E. Behavior Aggregate (BA) classification is based on examining codepoints
Q45. The components of scheduling include priority, transmission-rate, buffer-size and
congestion avoidance (RED).
Which statements are true about Scheduling on MSeries
and J-Series routers (choose 4) A,B,C,D
A. Priority defines the order of which queues will be serviced
B. By default all queues are low priority
C. The queue priorities on J-Series routers are
a. High
b. Medium-high
c.
Medium-low
d. Low
D. By default the buffer-size is distributed equally amongst available queues
E. Congestion avoidance with RED by default results in 50% drop when the corresponding
queue is 50% full
Q46. You need to verify that packets are being correctly classified and sent to the appropriate queue on a J-Series router with interface se-3/0/0.
Which commands or tools could
be used to verify this information? (choose 2) A,D
A. how interfaces queue se-3/0/0
B. show class-of-service interface se-3/0/0
C. show interfaces se-3/0/0 queue-statistics
D. show interfaces detail se-3/0/0
Q47. Which statements are true regarding Multilink Frame Relay (MLFR)? (choose 2) A,D
A. FRF.15 is similar to Multilink PPP (MLPPP) and operates end-to-end
B. FRF.16 is similar to Multilink PPP (MLPPP) and operates end-to-end
C. FRF.15 makes it possible to connect a Customer Premise Equipment (CPE) device with
multiple connections to the Provider Edge (PE) device as a single logical connection
D. FRF.16 makes it possible to connect a Customer Premise Equipment (CPE) device with
multiple connections to the Provider Edge (PE) device as a single logical connection
Q48. The enterprise network you manage is tightening security of all network devices. You are
tasked to ensure that optimum security of the routers is achieved without interruption to any
legitimate protocols or services that are required to run and manage this network.
Which commands should be run to ensure all services and protocols are included in
the router protection filters? (choose 4) A,B,D,F
A. Configuration mode show system
B. Configuration mode show snmp
C. Configuration mode show services
D. Configuration mode show protocols
E. Configuration mode show firewall
F. Operation mode show system connections
G. Operation mode show system statistics
Q49. Which statements are true about the use of next-hop style service sets over interface-style
service sets when using IPSec VPNs? B
A. Supports securing traffic to remote endpoint
B. Supports routing protocols directly over IPSec
C. Supports multiple remote endpoints
D. Supports having multiple local endpoints in the same service-set
Q50. M-Series and J-Series routers? (choose 2) C,D
A. Only data integrity is supported with Authentication Header (AH)
B. Only data privacy is supported with Encapsulating Security Payload (ESP)
C. Both data integrity with Authentication Header (AH) and data privacy with Encapsulating
Security Paylpoad (ESP) are supported
D. Only tunnel mode is supported
Q51. Which statements are true about IPSec-over-GRE Tunnels? (choose 2) A,D
A. ipsec-over-gre are GRE tunnels that are secured by IPSec
B. ipsec-over-gre are IPSec tunnels that are routed over GRE
C. If the GRE and IPSec endpoints are the same, you should use a next-hop style service-set
D. If the GRE and IPSec endpoints are the same, you should use a interface style service-set
Q52. The IPSec VPN you have just configured is not establishing. To troubleshoot this you have
configured the router with traceoptions as below.
[edit services ipsec-vpn]
user@Junos-router# show traceoptions
file size 1m files 5;
flag ike;
[edit
services ipsec-vpn]
Which commands could be used to monitor this? (choose 2) C,F
A. show log ipsec-vpn
B. show log messages
C. show log kmd
D. monitor start ipsec-vpn
E. monitor start messages
F. monitor start kmd
Q53. Which command can be used to determine whether the SNMP process is running? C
A. show process snmp
B. show snmp daemon
C. show system processes
D. show task snmp
Q54. Which command can be used monitor the temperature of the components in a Juniper
Networks enterprise router? C
A. show chassis temperature
B. show system temperature
C. show chassis environment
D. show temperature
Q55. Which statements are true about multilink-ppp? Which mechanism is best suited? B
A. multilink-ppp can only be configured on ISDN interfaces on a J-Series router
B. multilink-ppp allows for the increase in overall throughput by combining the bandwidth of
two or more physical links
C. multilink-ppp can only be configured in combination with a valid CRTP configuration
D. multilink-ppp requires multiple IP pt-to-pt links over PPP to provide redundancy
Q56. Which statements are true about Compressed Real-Time Transport Protocol? (choose 2) A,C
A. CRTP is intended to reduce serialization delay
B. CRTP must be configured with multiple links
C. CRTP can be configured with a single link
D. CRTP compresses both UDP and TCP headers
Q57. The routers configuration in the exhibit does not have the router-id configured. Which area
will the loopback interface of the router be included in the Router LSA (Type 1)? D
A. Area 0.0.0.0
B. Area 0.0.0.20
C. No Areas
D. Area 0.0.0.0 and Area 0.0.0.20
really useful, i passed my preassessment with above questions. Thanks.
ReplyDeleteMy name is Khalid Kamal. I have passing with score 84%. Thanks its really works. only Two questions are not in this post. Thanks again to help me.
ReplyDeletevery good khalid actually I tried my best to gather all questions meanwhile you can send me the missing questions i will try to find out
ReplyDeleteThanks a lot man.. that's very useful to pass the exam....
ReplyDeletesid here!! n thanxxx..aloot..i got 92%...
ReplyDelete