Juniper - Actualtests.jn0 350.v2008!07!15.by - Ramon 1

Juniper.ActualTests.JN0-350.v2008-07-15.by.Ramon.
147q
Number: JN0-350
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
JN0-350
Exam :
Juniper Networks Certified Internet

Titl e :
Specialist (JNCIS-ER)
07.15.08
Ver :
JN0-350
Exam A
QUESTION 1
Which statement is true about external BGP peering sessions?
A. A peer-group must be defined as type external.

B. A peer-as must be configured for each peering session.
C. You must specify a local-address for each peering session.
D. You must specify a ttl for each peering session.
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 2
You want to determine what IP address and port number the router is using to NAT a particular connection.
Which command will display this information?
A. show services stateful-firewall flows

B. show services session-table
C. show services nat flows
D. show services nat conversations
Answer: A
Section: (none)
QUESTION 3
Which statement is true about the area-range command?
A. When the area-range command is used, the ABR generates a default route.
B. You can have only one area-range statement per OSPF area.
C. The area-range command can only be used to summarize internal routes.
D. The area-range statement can be configured under an NSSA area to summarize external routes.
Answer: D
Section: (none)
QUESTION 4
You need to transport non-IP traffic between a branch office and headquarters. What is a valid connectivity
option?
A. MPLS Layer 3 VPN

B. IPSec tunnel
C. MPLS Layer 2 VPN
D. IP in IP tunnel
Answer: C
Section: (none)
QUESTION 5
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what will
be the result of a packet sourced from address 10.10.1.1 when the filter is applied?
A. The packet will be counted and then discarded.

B. The packet will be counted and then accepted.
C. The packet will be accepted with no other action.
D. The packet will be discarded with no other action.
Answer: B
Section: (none)
QUESTION 6
Which two features can you configure to optimize the processing of VoIP traffic? (Choose two.)
A. H.323 proxy
B. Compressed Real-Time Transport Protocol
C. Multiclass Multilink PPP
D. SIP compression
Answer: BC
Section: (none)
QUESTION 7
Which two statements are true with regard to outbound BGP policies in a dual homed scenario? (Choose two.)
A. To enforce strict primary/secondary outbound routing only default routes should be received from both your
ISPs.
B. To enforce load-sharing between both ISPs, when multiple routers are used, configurations should not be
synchronized between them.
C. To enforce strict primary/secondary outbound routing full BGP routes should be received from both your
ISPs.
D. To enforce load-sharing between both ISPs, when multiple routers are used, configurations should be
synchronized between them.
Answer: AD
Section: (none)
QUESTION 8
You are configuring a router under [edit services nat]. Which command will configure the router to perform
Network Address Port Translation (NAPT/PAT)?
A. set pool my-pool port automatic

B. set pool my-pool port overload
C. set rule my-rule term 1 then translated overload
D. set rule my-rule term 1 then translated port automatic
Answer: A
Section: (none)
QUESTION 9
Which two statements are true about scheduler maps? (Choose two.)
A. A scheduler map controls the resources assigned to a specific queue.

B. A scheduler map is applied before a multifield firewall filter.
C. A default scheduler map is applied to each interface.
D. A scheduler map is only needed on low speed interfaces.
Answer: AC
Section: (none)
QUESTION 10
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, R1's
loopback address is 192.168.100.100. There is a static route for 192.168.200.200/32 with a next-hop of se-
1/0/0.0.
Why is GRE communication failing?
A. There is no IP address configured on gr-0/0/0 unit 0.

B. The outbound GRE packets are being blocked by the restrict-traffic firewall filter.
C. The encapsulation gre statement is missing from gr-0/0/0 unit 0.
D. The inbound GRE packets are being blocked by the restrict-traffic firewall filter.
Answer: B
Section: (none)
QUESTION 11
You have multiple routes to the same destination using default route preference values. Which source of
routing information will be chosen?
A. direct
B. static
C. OSPF
D. RIP
Answer: A
Section: (none)
QUESTION 12
What are two important configuration steps for next-hop-style service sets? (Choose two.)
A. Configure the outside service interfaces in the stateful firewall, NAT and VPN rules.
B. Configure the outside service interfaces in the service set.
C. Configure service-domain outside on the ISP's interface.
D. Configure service-domain outside on the outside service interface.
Answer: BD
Section: (none)
QUESTION 13
What is a common use for CoS in a branch office?
A. to eliminate the need for congestion management

B. to implement congestion avoidance using DSCP
C. to ensure different classes of traffic receive allocated bandwidth
D. to prioritize network control traffic
Answer: C
Section: (none)
QUESTION 14
Which three actions can be performed in a routing policy? (Choose three.)
A. flow control action

B. forwarding action
C. terminating action
D. redistributing action
E. modifying action
Answer: ACE
Section: (none)
QUESTION 15
Which statement about stateless firewall filters is true?
A. You must specify the action "then log" for the packets to be logged in the syslog file.
B. You must specify the action "then syslog" for packets to be logged in the firewall log.
C. All rejected or discarded packets are sent to the firewall log.
D. You must specify the action "then log" for packets to be logged to the firewall log.
Answer: D
Section: (none)
QUESTION 16
Using the command show system connections, you see the following result:
tcp4 0 0 *.179 *.* LISTEN
What does this mean?
A. 179 packets have been received by the router.

B. Four TCP sessions are established.
C. The BGP protocol has been activated on the router.
D. A BGP session is established.
Answer: C
Section: (none)
QUESTION 17
What are two features of IPSec VPNs? (Choose two.)
A. data modification
B. data authentication
C. data integrity
D. data prioritization
Answer: BC
Section: (none)
QUESTION 18
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, R1's
loopback address is 192.168.100.100. There is a static route for 192.168.200.200/32 with a next-hop of se-
1/0/0.0. Which step must you take to allow communications through the GRE tunnel?
A. Configure keepalives for the GRE tunnel.

B. Allow the outbound GRE packets in the restrict-traffic firewall filter.
C. Use the se-1/0/0 unit 0 IP address as the source address for the GRE tunnel.
D. Configure an IP address on gr-0/0/0 unit 0.
Answer: B
Section: (none)
QUESTION 19
Which command will show you the number of packets secured within IPSec VPN tunnels for a given service
set?
A. show services ipsec statistics

B. show services service-sets statistics
C. show ipsec statistics
D. show services ipsec-vpn ipsec statistics
Answer: D
Section: (none)
QUESTION 20
You set the syslog to log any warning messages. Which command allows you to monitor warning messages in
real time?
A. show system alarms

B. monitor start messages
C. show log messages
D. monitor traffic
Answer: B
Section: (none)
QUESTION 21
Which two commands would you use to list all active alarm on a router? (Choose two.)
A. request system alarms

B. show chassis alarms
C. show chassis environment
D. show system alarms
Answer: BD
Section: (none)
QUESTION 22
All operations team members are authenticated and authorized by a TACACS+ server. All users are members
of the same login class with view permissions only. You want to give one user in the same login class
permission to also run the show configuration command. How do you accomplish this?
A. You must have the TACACS+ server return the Juniper-Allow-Commands attribute.
B. You cannot do this without assigning the user to a different login class.
C. You must have the TACACS+ server return the Juniper-Configure attribute.
D. You must have the TACACS+ server return the Juniper-Local-User-Name attribute.
Answer: A
Section: (none)
QUESTION 23
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, assuming
you apply the firewall filter to the input of an interface, which two statements are true for incoming packets on
this interface? (Choose two.)
A. Packets destined to the BGP port with precedence 4 will be rate-limited.

B. Packets destined to the BGP port will never be rate-limited.
C. Packets destined to the BGP port will be classified to queue P3.
D. All packets in forwarding class P3 are rate-limited.
Answer: BC
Section: (none)
QUESTION 24
Which statement is true about route-filters and prefix-lists?
A. Prefix-lists are defined within a routing policy.

B. All routes in a route-filter are evaluated sequentially.
C. All prefixes in a prefix-list are evaluated sequentially.
D. Route-filters are defined within a routing policy.
Answer: D
Section: (none)
QUESTION 25
Which two statements are true about BGP? (Choose two.)
A. The BGP next-hop attribute must always be set to a non-private IP address when peering with a service
provider.
B. The as-path attribute tracks loops within an autonomous system.
C. The BGP next-hop attribute is automatically updated when sending routes to an external peer on a point-to-
point link.
D. The as-path attribute is automatically updated when sending routes to an external peer.
Answer: CD
Section: (none)
QUESTION 26
You are using an ISP provided Layer 3 MPLS VPN solution for remote connectivity. Which BA classification
options do you use for traffic coming from the provider? (Choose two.)
A. IP precedence bits
B. source IP address
C. DSCP bits
D. EXP bits
Answer: AC
Section: (none)
QUESTION 27
When would you use BGP as a routing protocol?
A. When you do not want to run other IGPs such as OSPF, RIP or IS-IS.
B. When you need internet access through an Internet Service Provider.
C. When you are dual-homed to multiple Internet Service Providers.
D. When you need a gateway out of your network.
Answer: C
Section: (none)
QUESTION 28
Your enterprise is dual homed to the same ISP using BGP. You want to influence the return traffic to always
come back to your network over one of the links. Which three BGP attributes can you modify in a policy to
accomplish this goal? (Choose three.)
A. local preference
B. AS path
C. next hop
D. origin
E. MED
Answer: BDE
Section: (none)
QUESTION 29
Which statement describes where to apply a packet filter to protect the router?
A. Apply a firewall filter to the fxp0 interface.

B. Apply a firewall filter to the fxp1 interface.
C. Apply firewall filters to all physical interfaces on the router.
D. Apply a firewall filter to the lo0 interface.
Answer: D
Section: (none)
QUESTION 30
You want to configure the router to match all Telnet (tcp/23) connections. You are configuring the router in the
[edit services stateful-firewall rule my-rule term my-term] hierarchy. Which command will cause this to
happen?
A. set from tcp-destination-port 23
B. set from destination-port 23
C. set from applications junos-telnet
D. set from application-set junos-telnet
Answer: C
Section: (none)
QUESTION 31
You have set the OSPF reference bandwidth to 1 Gigabit. Which statement is true?
A. Fast Ethernet interfaces will all calculate a metric value of 100.

B. This setting will override any bandwidth setting in a routing policy.
C. This setting will override any static metric configured under the OSPF interface.
D. This setting will not override any static metric configured under the OSPF interface.
Answer: D
Section: (none)
QUESTION 32
Which statement is correct regarding policer use for CoS in the enterprise?
A. Traffic can only be policed once in ingress.

B. Traffic can only be policed once in egress.
C. Policers are a tool to classify packets.
D. Policers are only useful in ingress.
Answer: C
Section: (none)
QUESTION 33
Your Juniper WAN router is connected to an Ethernet switch that is configured to use 802.1p bits for classifying
traffic. Which statement is correct about the configuration of CoS on the router?
A. Additional configuration is needed to use the 802.1 bits for classification.

B. You can only use multifield classifiers for this traffic.
C. By default the router will use the 802.1p bits for classification.
D. You can only use multifield rewrites for this traffic.
Answer: A
Section: (none)
QUESTION 34
What is the primary reason to configure CoS for branch office connectivity?
A. To provide differentiated services to network traffic.

B. You want to make the network faster.
C. You want to reduce congestion.
D. You want to treat all traffic transiting the router equally.
Answer: A
Section: (none)
QUESTION 35
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. Router Certkiller 3 and
Router Certkiller 6 are peering using loopback addresses. In the exhibit, how will the link failure between
Router Certkiller 6 and Router Certkiller 3 affect the internal BGP session between Router Certkiller 6 and
Router Certkiller 3?
A. The internal BGP session will fail and will be re-established when the physical link between Router
Certkiller 6 and Router Certkiller 3 is repaired.
B. The internal BGP session will drop and a new session will be established through Router Certkiller 1.
C. The session will remain up, and packets crossing the network will be forwarded through Router Certkiller 1.
D. The session will remain up, but forwarding will be interrupted until the physical link between Router
Certkiller 6 and Router Certkiller 3 is repaired.
Answer: C
Section: (none)
QUESTION 36
What is the primary reason for configuring a multi area OSPF network?
A. to allow external OSPF routes to be advertised to all areas

B. to reduce the possibility of creating a routing loop
C. to allow scalability by reducing the size of the OSPF database
D. to reduce the number of routers in the backbone area
Answer: C
Section: (none)
QUESTION 37
The router is using the RED algorithm to selectively drop random packets before congestion becomes critical.
Which two statements are correct? (Choose two)
A. Higher-bandwidth data streams are the least likely to be affected.

B. Lower-bandwidth streams are the most likely to be affected.
C. Higher-bandwidth data streams are the most likely to be affected.
D. Lower-bandwidth streams are the least likely to be affected.
Answer: CD
Section: (none)
QUESTION 38
Which statement is true for a DTE frame-relay interface on a Juniper Networks router?
A. point-to-point must be set on the logical unit.

B. keepalives must be disabled on the physical interface.
C. dte must be set on the physical interface.
D. A dlci value must be defined on the logical unit.
Answer: D
Section: (none)
QUESTION 39
You are at the [edit policy-options policy-statement my-policy term one] configuration hierarchy. Which two
commands are valid syntax? (Choose two.)
A. set then counter four
B. set then term three
C. set from metric 2
D. set from prefix-list five
Answer: CD
Section: (none)
QUESTION 40
You are an ISP. Your backbone IP address space is 10.10.0.0/16. Your network management IP address
space is 192.168.100.0/24. A firewall filter is applied to lo0 which allows management access using Telnet and
FTP. Which firewall filter will also allow OSPF and BGP to function without blocking management access ?
A. [edit firewall family inet]

user@r2# show
filter management-access {
term allow_telnet_ftp {
from {
source-address {
192.168.100.0/24;
}
protocol tcp;
destination-port [ telnet ftp ];
}
then accept;
}
B. [edit firewall family inet]
user@r2# show
from {
source-address {
192.168.100.0/24;
}
then accept;
}
C. [edit firewall family inet]
user@r2# show
from {
source-address {
192.168.100.0/24;
}
}
then accept;
}
term 2 {
from {
source-address {
10.10.0.0/16;
}
then accept;
}
D. [edit firewall family inet]
user@r2# show
from {
source-address {
192.168.100.0/24;
10.10.0.0/16;
}
}
then accept;
}
term 2 {
then {
discard;
}
}}
Answer: C
Section: (none)
QUESTION 41
What are three types of NAT that Juniper Networks routers support? (Choose three.)
A. dynamic destination port translation

B. static destination address translation
C. static source address translation
D. dynamic source port translation
E. dynamic destination address translation
Answer: BCD
Section: (none)
QUESTION 42
You are using the route redistribution strategy to transition your network from RIP to OSPF. What must you do
to avoid routing loops?
A. Apply import policies to restrict routing exchange between protocols.

B. Decease the preference of OSPF.
C. Apply export policies to restrict routing exchange between protocols.
D. Increase the preference of RIP.
Answer: C
Section: (none)
QUESTION 43
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, which
commands will cause the router to use both ESP and AH to secure traffic in the IPSec tunnel?
A. [edit services ipsec-vpn ipsec]

lab@R1# set policy my-policy protocol [ esp ah ]
B. [edit services ipsec-vpn ipsec]
lab@R1# set proposal my-proposal protocol bundle
C. [edit services ipsec-vpn ipsec]
lab@R1# set proposal my-proposal protocol [ esp ah ]
D. [edit services ipsec-vpn ipsec]
lab@R1# set policy my-policy protocol bundle
Answer: B
Section: (none)
QUESTION 44
BGP communities can be used to influence your ingress traffic from the Internet. The communities signal the
ISP to change specific route attributes for this purpose. Which two attributes should be used for this? (Choose
two.)
A. MED
B. local preference
C. next hop
D. AS path
Answer: BD
Section: (none)
QUESTION 45
You are examining the output of the stateful firewall session table. Which state indicates that the router is using
an application-layer gateway (ALG) to forward traffic?
A. Forward
B. NAT
C. ALG
D. Watch
Answer: D
Section: (none)
QUESTION 46
You want to verify that traffic is being classified correctly and forwarded in the proper queue on interface fe-
0/0/1. Which two commands would show you this information? (Choose two.)
A. show interfaces queue fe-0/0/1

B. show interfaces fe-0/0/1 detail
C. show class-of-service interface fe-0/0/1
D. show interfaces fe-0/0/1 statistics
Answer: AB
Section: (none)
QUESTION 47
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. The re-protect firewall
filter is applied as an input filter on the lo0.0 interface. You have a single BGP peering session with 10.0.0.1.
Which statement is true?
A. term two has an incorrect match condition.

B. term three is necessary for the correct operation of BGP.
C. term one is necessary for the correct operation of BGP.
D. term one has an incorrect match condition.
Answer: C
Section: (none)
QUESTION 48
Which statement is true?
A. Configuring a stateful firewall requires a stateless firewall filter to also be configured.

B. Stateful firewalls allow conditional acceptance of a packet based on compliance with protocol state.
C. Stateless firewall filters allow conditional acceptance of a packet based on compliance with protocol state.
D. Stateful firewalls and stateless firewall filters are mutually exclusive.
Answer: B
Section: (none)
QUESTION 49
You are troubleshooting a CoS problem for packets transitioning the router. What are two useful actions?
(Choose two.)
A. Use show interfaces queue to look for policed traffic.

B. Use monitor traffic to look for BA markings in the header of outgoing packets.
C. Use show interfaces queue to look for dropped traffic.
D. Use a firewall filter to check the IP precedence of incoming packets and the rewrite results for outgoing
packets.
Answer: CD
Section: (none)
QUESTION 50
Which command will allow you to monitor the fan status on a router?
A. show chassis fan-status

B. show chassis system
C. show chassis cooling
D. show chassis environment
Answer: D
Section: (none)
QUESTION 51
Which single command would you use to identify all protocols running on a router?
A. show system services

B. show system processes
C. show system statistics
D. show system connections
Answer: D
Section: (none)
QUESTION 52
You found a log message from your router as follows:
Aug 9 19:16:51 radon-re0 chassisd[2622]: CHASSISD_FRU_EVENT:
scb_recv_slot_attach: attached FPC 0
Which part of the message code indicates the process that generated the message?
A. radon-re0
B. scb_recv_slot_attach
C. CHASSISD_FRU_EVENT
D. chassisd[2622]
Answer: D
Section: (none)
QUESTION 53
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit a
scheduler-map is applied to fe-0/0/0 interface of an M7i router.
Which statement is correct?
A. With the exception of the assigned bandwidth, all queues will share the remaining bandwidth.
B. Packets in queue P0 and P2 will be dropped because there is no bandwidth assigned to them.
C. Traffic in queue P3 will use all bandwidth if there is enough traffic in the queue .
D. Traffic in P1 and P3 will share the remaining bandwidth.
Answer: A
Section: (none)
QUESTION 54
What are three functions associated with the JUNOS software class of service? (Choose three.)
A. Manage congestion by intelligently dropping traffic.

B. Manage outbound bandwidth.
C. Map each forwarding class to a different ATM VC.
D. Classify incoming packets.
E. Manage ingress bandwidth.
Answer: ABD
Section: (none)
QUESTION 55
Which two statements are correct when configuring an IBGP peering session? (Choose two.)
A. You do not need to define a "peer-as" if you specify "type internal"

B. You must define the session as "type internal" if you specify a "peer-as".
C. You should peer to loopback interfaces.
D. The source address of your updates will be your loopback interface by default.
Answer: AC
Section: (none)
QUESTION 56
You need to transport sensitive financial data between a branch office and headquarters. Which connectivity
option provides optimum security?
A. GRE tunnel
B. Frame Relay
C. IPSec tunnel
D. MPLS Layer 2 VPN
Answer: C
Section: (none)
QUESTION 57
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, the BA
classifiers are applied to an interface. The packets incoming to this interface will be classified accordingly.
Which forwarding class will the router assign to an IP packet with precedence bits 101?
A. P0
B. P3
C. P2
D. P1
Answer: A
Section: (none)
QUESTION 58
Which statement is true when configuring CoS?
A. Priority and transmission rate define how packets are stored and dropped.
B. Buffer size and RED configuration define how packets are stored and dropped.
C. Buffer size and RED configuration define the priority and transmission rate.
D. You define the transmit rate and buffer size in the scheduler map.
Answer: B
Section: (none)
QUESTION 59
How can you perform a debug on a Juniper enterprise router?
A. Use the debug command.

B. JUNOS does not have a debug command.
C. Use the show debug information.
D. Use traceoptions.
Answer: D
Section: (none)
QUESTION 60
You want to run RIPv2 as the IGP in your network. Which two statements are true? (Choose two.)
A. RIP multicasts updates to neighbors by default.

B. You must apply an export policy to RIP in order to send RIP routes to neighbors.
C. RIP broadcasts updates to neighbors by default.
D. RIP routers automatically discover neighbors on an interface and send RIP routes to them.
Answer: AB
Section: (none)
QUESTION 61
Which three statements are correct with respect to stateful and stateless firewalls? (Choose three.)
A. Stateless firewalls provide packet level protection.

B. Stateless firewalls provide application level protection.
C. Stateful firewalls provide application level protection.
D. Stateless firewalls provide session level protection.
E. Stateful firewalls provide session level protection.
Answer: ACE
Section: (none)
QUESTION 62
Which step is required to configure an FRF.16 Multilink Frame Relay interface on a J-series router?
A. Configure a logical unit between 1000 and 1022.

B. Configure multiple DLCIs on a logical unit.
C. Configure the number of bundles at the [edit chassis fpc 0 pic 0] hierarchy.
D. Set encapsulation frame-relay at the [edit interfaces ls-0/0/0] hierarchy.
Answer: C
Section: (none)
QUESTION 63
Where are CoS multifield classifiers configured?
A. firewall filter
B. routing policy
C. rewrite marker
D. scheduler
Answer: A
Section: (none)
QUESTION 64
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what
would the result be when the prefix 192.168.192.0/18 is evaluated by the term?
A. The route would be accepted with no modifications.

B. The route would be accepted with the metric set to 10.
C. The route would be rejected.
D. No match is found.
Answer: A
Section: (none)
QUESTION 65
Which two commands would you use to verify the Routing Engine memory utilization? (Choose two.)
A. show system processes extensive

B. show system memory
C. show process memory
D. show chassis routing-engine
Answer: AD
Section: (none)
QUESTION 66
Which two commands will show you the effects of an import policy applied to BGP neighbor 1.1.1.1? (Choose
two.)
A. show bgp neighbor 1.1.1.1 received-routes

B. show route protocol bgp
C. show route receive-protocol bgp 1.1.1.1
D. show bgp neighbor 1.1.1.1 detail
Answer: BC
Section: (none)
QUESTION 67
Which two statements about policers are correct? (Choose two.)
A. Policers can only be configured using firewall filters.

B. Traffic exceeding the policer can be dropped or reclassified.
C. You can only police traffic once per direction.
D. Policers are useful against Denial of Service (DoS) attacks.
Answer: BD
Section: (none)
QUESTION 68
Which command would you use to display the stateful firewall session table?
A. show services stateful-firewall session-table

B. show services session-table
C. show services flows
D. show services stateful-firewall flows
Answer: D
Section: (none)
QUESTION 69
Which statement is true about stateless packet filters?
A. Multiple input and output filters can be applied to each logical interface.
B. A firewall filter applied to a physical port affects all logical ports on that physical port.
C. One input and one output filter can be applied to each logical interface.
D. Firewall filters applied to an interface can track session information for statistical analysis.
Answer: A
Section: (none)
QUESTION 70
What is the purpose of an ASBR summary LSA?
A. to reach networks that are outside of your area

B. to summarize all ASBR routes into a single route
C. to reach ASBR routers that are outside of your area
D. to reach ASBR routers in your area when used in a multi area OSPF network
Answer: C
Section: (none)
QUESTION 71
You have configured an IPSec-over-GRE tunnel to a non-Juniper router with different IPSec and GRE
endpoints. The tunnel interface is gr-0/0/0.0, the inside service interface is sp-0/0/0.2, and the outside service
interface is sp-0/0/0.1. How do you enable OSPF in area 0 for this tunnel?
A. set protocols ospf area 0 interface sp-0/0/0.1

B. set protocols ospf area 0 interface gr-0/0/0.0
C. set protocols ospf area 0 interface sp-0/0/0.0
D. set protocols ospf area 0 interface sp-0/0/0.2
Answer: B
Section: (none)
QUESTION 72
Firewall filters are processed by which component in the router?
A. The routing protocols.

B. The Routing Process Daemon (rpd).
C. The Packet Forwarding Engine.
D. The master routing table.
Answer: C
Section: (none)
QUESTION 73
You are configuring an IPSec VPN on a J-series router. Which two statements are true? (Choose two.)
A. An IPSec proposal can reference multiple encryption algorithms.

B. An IPSec rule can reference multiple IPSec policies in a single term.
C. An IPSec policy can reference multiple IPSec proposals.
D. An IKE policy can reference multiple IKE proposals.
Answer: CD
Section: (none)
QUESTION 74
When you contact JTAC for a troubleshooting problem, which two commands will provide important
information about the router's hardware and software? (Choose two.)
A. show version
B. show chassis hardware
C. show system coredump
D. show system statistics
Answer: AB
Section: (none)
QUESTION 75
Which form of Multilink Frame Relay allows multiple DLCIs to be bound to a single logical unit?
A. FRF.15
B. FRF.26
C. FRF.16
D. FRF.25
Answer: A
Section: (none)
QUESTION 76
Which statement is true if a packet does not match any terms in a firewall filter?
A. The packet is forwarded and no other action is taken.

B. The packet is forwarded and the "no-match" counter is incremented in the firewall statistics.
C. The packet is rejected and an "administratively-prohibited" message is sent back to the source.
D. The packet is silently discarded.
Answer: D
Section: (none)
QUESTION 77
Which two statements about the Compressed Real-Time Transport Protocol (CRTP) are correct regarding the
J-series router? (Choose two.)
A. CRTP can only be configured on non-multilink interfaces.

B. CRTP can only be configured on multilink interfaces.
C. CRTP options are configured on an ls- interface.
D. CRTP operates between two directly-connected routers.
Answer: CD
Section: (none)
QUESTION 78
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit you see a
policy that filters routes based on their community value.
Which route will be accepted by the policy?
A. 200.2.0.0/24 community 65002:10

B. 200.3.0.0/24 community 65001:11
C. 200.1.0.0/24 community 65001:10
D. 200.4.0.0/24 community 65002:11
Answer: C
Section: (none)
QUESTION 79
Exhibit:
Network Topology Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, Router
Certkiller 2 has a stateful firewall and PAT configured on the fe-0/0/0.0 interface, using the stateful firewall and
NAT rules shown. When the user contacts the FTP server, the client is able to establish a control connection.
However, when the user tries to transfer data, the data transfers fail.
What is required to resolve this situation?
A. Configure the stateful firewall to allow all incoming TCP connections from the FTP server.
B. Configure the stateful firewall to allow all outgoing TCP connections to the FTP server.
C. Configure the router to use the FTP application-layer gateway.
D. Remove the stateful firewall rules.
Answer: C
Section: (none)
QUESTION 80
Which two CoS options for branch office connectivity should be configured? (Choose two.)
A. a multifield classifier in the core

B. a BA classifier in the core
C. a multifield classifier at the edge
D. a BA classifier at the edge
Answer: BC
Section: (none)
QUESTION 81
Which two statements are true about the as path attribute? (Choose two.)
A. AS path prepending can be modified using policy.

B. You can only prepend your own AS number.
C. Each BGP router must add its own AS number.
D. It is used for loop detection.
Answer: AD
Section: (none)
QUESTION 82
You have enabled traceoptions for IKE using the configuration command set services ipsec-vpn traceoptions
flag ike. Which command will display the resulting IKE logs?
A. show log messages

B. show log ike
C. show log kmd
D. show log ipsec-vpn
Answer: C
Section: (none)
QUESTION 83
Which statement is correct about applying interface-style service sets?
A. Service-domain inside and service-domain outside must be configured.

B. No service filter can be used.
C. Multiple post-service filters can be used.
D. Different service sets for input and output are not allowed.
Answer: D
Section: (none)
QUESTION 84
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, how
many internal BGP sessions are needed on Router 6 if all routers are running BGP and no route reflection or
confederations are being used?
A. 6
B. 5
C. 3
D. 1
Answer: B
Section: (none)
QUESTION 85
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. Referring to the exhibit,
which two statements are true? (Choose two.)
A. The "input" match direction for the service-set is from the "Trusted" network towards the FTP server.
B. A route pointing to the service interface must be configured.
C. The "input" match direction for the service-set is from the FTP server towards the "Trusted" network.
D. The service-set is applied directly to the interface.
Answer: CD
Section: (none)
QUESTION 86
Which statement is true about next-hop-style and interface-style service sets for IPSec VPNs?
A. Only interface-style supports IPSec-over-GRE with the same tunnel endpoints.

B. Both sets support routing protocols directly over IPSec.
C. Only interface-style supports multicast traffic directly over IPSec.
D. For data encryption you must use interface-style sets.
Answer: A
Section: (none)
QUESTION 87
Which two statements are true regarding IPSec VPN service rules configured at the [edit services ipsec-vpn]
hierarchy? (Choose two.)
A. Each term can specify a different IPSec policy.

B. Each term can match multiple source and destination prefixes.
C. Each term can specify a different local gateway.
D. Each term can specify a different remote gateway.
Answer: AD
Section: (none)
QUESTION 88
Which two statements are true about setting the MED attribute? (Choose two.)
A. MED can only be set using a policy.

B. MED cannot be set by using a policy.
C. MED can be set to equal the IGP metric.
D. MED can be set to equal the IGP metric + offset value.
Answer: CD
Section: (none)
QUESTION 89
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what is
the correct internal BGP configuration for router 192.168.1.6 in order to peer with 192.168.1.3 using loopback
addresses?
A. [edit protocols]
User@Router6#show
bgp {
group internal-peers {
type internal;
local-address 192.168.1.6;
neighbor 192.168.1.3;
}
B. [edit protocols]
User@Router6#show
bgp {
neighbor 192.168.1.3;
}
C. [edit protocols]
User@Router6#show
bgp {
type internal;
neighbor 192.168.1.3 {
multihop {
ttl 2;
}
D. [edit protocols]
User@Router6#show
bgp {
type internal;
peer-as 65000;
neighbor 192.168.1.3;
}
Answer: A
Section: (none)
QUESTION 90
Which statement is true when applying policies to BGP?
A. Global policies override group and neighbor policies.

B. You must apply a policy directly to a neighbor if you want to filter routes to or from that neighbor.
C. Neighbor policies override group and global policies.
D. A route must pass through all global, group, and neighbor policies before it can be accepted.
Answer: C
Section: (none)
QUESTION 91
Which configuration step is required when configuring an OSPF stub area?
A. You must configure the command stub under [edit protocols ospf] on the ASBR.
B. You must configure the command stub on all routers under [edit protocols ospf].
C. You must configure the command stub under [edit protocols ospf area] on the ABR.
D. You must configure the command stub on all routers under [edit protocols opsf area].
Answer: D
Section: (none)
QUESTION 92
Which path attribute is automatically updated when a route is sent to an external BGP neighbor on a point-to-
point link?
A. originator ID attribute
B. aggregator ID attribute
C. BGP next-hop attribute
D. route preference attribute
Answer: C
Section: (none)
QUESTION 93
Assume the router is currently using default route preferences. Which command would cause the router to
select different active routes?
A. set protocols bgp preference 170
B. set protocols ospf preference 500
C. set protocols direct preference 20
D. set protocols rip group my-group preference 90
Answer: B
Section: (none)
QUESTION 94
You want to configure the router to match all FTP connections to 172.30.30.30/32. You are configuring the
router in the [edit services stateful-firewall rule my-rule term my-term] hierarchy. Which commands will cause
this to happen?
A. set from applications junos-ftp

set from destination-address 172.30.30.30/32
B. set from applications junos-ftp
set to destination-address 172.30.30.30/32
C. set to applications junos-ftp
set to destination-address 172.30.30.30/32
D. set to applications junos-ftp
set from destination-address 172.30.30.30/32
Answer: A
Section: (none)
QUESTION 95
Which two statements are true about Port Address Translation (PAT) on J-series routers? (Choose two.)
A. It supports dynamic destination PAT.

B. It supports TCP and UDP.
C. It supports dynamic source PAT.
D. It does not support ICMP as it has no port numbers.
Answer: BC
Section: (none)
QUESTION 96
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what
would the result be when the prefix 10.0.67.43/32 is evaluated by the term?
A. The route would be rejected.

B. The route would be accepted with no modifications.
C. No match is found.
D. The route would be accepted with the metric set to 10.
Answer: D
Section: (none)
QUESTION 97
You have configured an OSPF stub area. What does adding the no-summaries command do?
A. It blocks summaries out of the stub area, and blocks summaries coming in from the backbone.
B. It allows summaries out of the stub area, but blocks summaries coming in from the backbone.
C. It allows summaries out of the stub area, and allows summaries coming in from the backbone.
D. It blocks summaries out of the stub area, and allows summaries coming in from the backbone.
Answer: B
Section: (none)
QUESTION 98
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what will
the router do when it receives a packet from source address 10.10.10.10 on an interface where the my-service-
set service set is applied?
A. Accept the packet.

B. Send an ICMP error message.
C. Silently discard the packet.
D. Send a TCP RST.
Answer: C
Section: (none)
QUESTION 99
Which statement is correct about the use of BA classifiers for incoming packets?
A. Custom classifiers are needed in some cases.

B. No custom classifiers are possible.
C. All BA classifiers are enabled by default.
D. Only Layer 3 BA classifiers are available.
Answer: A
Section: (none)
QUESTION 100
Which two statements are true about RIPv2? (Choose two.)
A. RIP routers can update individual prefixes to provide incremental route updates.
B. A RIP router acknowledges updates it receives.
C. RIP metrics are based on hop count.
D. A RIP router can send up to 25 prefixes in a single update.
Answer: CD
Section: (none)
QUESTION 101
Which two statements about AH and ESP are correct? (Choose two.)
A. ESP provides data privacy, data integrity, and data correction.

B. AH provides data integrity and data authentication.
C. ESP provides data privacy, data authentication, and data integrity.
D. AH provides data privacy, data authentication, and data integrity.
Answer: BC
Section: (none)
QUESTION 102
Network Topology Exhibit:
Show firewall Exhibit:

Show interfaces Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, after
applying the firewall filter to the router, you notices that some unwanted ICMP traffic is still passing through the
router. Which two reasons would be the cause? (Choose two.)
A. The filter does not have a reject or discard at the end.

B. The filter does not specify which protocol to allow.
C. The filter is not applied to the interface correctly.
D. The filter is performing as configured.
Answer: BD
Section: (none)
QUESTION 103
What is the most preferred route preference value?
A. 255
B. 4294967295
C. 1
D. 0
Answer: D
Section: (none)
QUESTION 104
Which benefit do IPSec VPNs provide compared to MPLS-based VPNs?
A. performance
B. security
C. control
D. Internet connectivity
Answer: B
Section: (none)
QUESTION 105
You are configuring the router at the [edit services stateful-firewall rule my-rule term my-term] hierarchy. You
want to match connections from all source addresses except 10.10.10.17 through 10.10.10.32. Which
command will cause the router to match this traffic?
A. set from source-address-range-except 10.10.10.17 through 10.10.10.32

B. set from source-address-range-except low 10.10.10.17 high 10.10.10.32
C. set from source-address-range 10.10.10.17 through 10.10.10.32 except
D. set from source-address-range low 10.10.10.17 high 10.10.10.32 except
Answer: D
Section: (none)
QUESTION 106
Which two statements are true regarding BA classifiers? (Choose two.)
A. They are more flexible than multifield classifiers.

B. They are most useful when using multiple routers.
C. They are most useful when using one router.
D. They are less flexible than multifield classifiers.
Answer: BD
Section: (none)
QUESTION 107
A stateful firewall is configured on a Juniper router. Which command displays the number of connections that
the router has rejected due to errors with the IP headers?
A. show services statistics
B. show services stateful-firewall statistics errors
C. show services stateful-firewall errors
D. show services stateful-firewall statistics extensive
Answer: D
Section: (none)
QUESTION 108
You are configuring a router at the [edit] hierarchy. Which command will configure the router to log information
regarding IKE sessions?
A. set services ipsec-vpn traceoptions flag ike

B. set services ipsec-vpn ike traceoptions flag all
C. set security ipsec traceoptions flag ike
D. set system syslog file messages ike
Answer: A
Section: (none)
QUESTION 109
Exhibit:
configuration hierarchy may my-policy be defined?
A. [edit services stateful-firewall]

B. [edit firewall]
C. [edit policy-options]
D. [edit access-list]
Answer: B
Section: (none)
QUESTION 110
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, you
configure R1 and R2 to export RIP routes to OSPF and OSPF routes to RIP. Users in the RIP network are
complaining about connectivity to users in the OSPF network.
What are two possible causes of the problem? (Choose two.)
A. Export policy is allowing a routing loop to form.

B. RIP is not a link-state protocol.
C. The correct RIP routes are not exported to OSPF.
D. RIP has a lower preference than OSPF.
Answer: AC
Section: (none)
QUESTION 111
You have configured the router to use an interface-style service set on an interface.
Which two statements are true? (Choose two.)
A. The router will use the interface-style service set to process multicast traffic if you have configured a
service filter that selects the traffic.
B. If you do not configure a service set to use any stateful firewall rules, the AS PIC allows all connections.
C. The router will use the interface-style service set to process all multicast traffic by default.
D. If you use at least one stateful firewall rule, the AS PIC discards all connections that fail to match.
Answer: BD
Section: (none)
QUESTION 112
Which two statements are correct about IPSec-over-GRE tunnels? (Choose two.)
A. You can use the same endpoint IP addresses for both the IPSec and GRE tunnels.
B. You must use a next-hop-style service set when configuring an IPSec-over-GRE tunnel.
C. You must use a next-hop-style service set in order to send multicast traffic over an IPSec-over-GRE tunnel.
D. You can send multicast traffic over an IPsec-over-GRE tunnel.
Answer: AD
Section: (none)
QUESTION 113
Which two statements are correct about CoS processing on enterprise routers? (Choose two.)
A. On the J-series platform, CoS functions are performed in the software and their availability and limitations
are not dependent on the interface type.
B. On the M-series platform, CoS functions are performed in the hardware and have limitations that are
dependent on the interface type.
C. On the J-series platform, CoS functions are performed in the hardware and have limitations that are
dependent on the interface type.
D. On the M-series platform, CoS functions are performed in the software and their availability and limitations
are not dependent on the interface type.
Answer: AB
Section: (none)
QUESTION 114
Given OSPF AS external, RIP, EBGP, and IBGP learned routes to the same destination, which route is
preferred?
A. the EBGP route

B. the RIP route
C. the IBGP route
D. the OSPF AS external route
Answer: B
Section: (none)
QUESTION 115
Which statement is true about external BGP sessions?
A. You normally filter the routes sent to you by your provider using policy.
B. Your provider normally does not allow you to filter routes sent to or received from your provider.
C. You normally should not filter any routes sent to or received from your provider.
D. You normally filter the routes you send to your provider using policy.
Answer: D
Section: (none)
QUESTION 116
You have a BGP peer that goes up and down repeatedly. How would you gather log messages to troubleshoot
the problem?
A. Use the monitor interface command.

B. Change the syslog level to debug.
C. Use the request support information command.
D. Set the traceoptions for the BGP neighbor.
Answer: D
Section: (none)
QUESTION 117
Your router is under a denial-of-service attack, you apply a firewall filter to lo0 to silently drop the packets.
Which firewall filter action enables you to achieve this?
A. blackhole
B. reject
C. deny
D. discard
Answer: D
Section: (none)
QUESTION 118
Which BGP path attribute is automatically updated when a route is sent to an external BGP peer?
A. originator ID attribute
B. AS path attribute
C. local preference attribute
D. MED attribute
Answer: B
Section: (none)
QUESTION 119
Which two statements are true about BGP peering sessions? (Choose two.)
A. IBGP peers should peer between loopback interfaces.

B. EBGP peers must be directly connected to each other.
C. EBGP peering sessions to loopbacks may require static routes.
D. IBGP peering sessions require the configuration of a peer-as.
Answer: AC
Section: (none)
QUESTION 120
Exhibit:
statement is true of a BGP-learned route to 10.1.0.0/24 that is evaluated against the BGP export policy chain?
A. It is accepted and the metric is not modified.

B. It is accepted and the metric is set to 5.
C. It is accepted and the metric is set to 10.
D. It is rejected.
Answer: C
Section: (none)
QUESTION 121
A router is configured to use source NAT with a next-hop-style service set. Which statement is true?
A. The router automatically adds a route for the NAT pool with a next hop of the inside service interface.
B. You must manually configure a route for the NAT pool with a next hop of the inside service interface.
C. The router automatically adds a route for the NAT pool with a next hop of the outside service interface.
D. You must manually configure a route for the NAT pool with a next hop of the outside service interface.
Answer: C
Section: (none)
QUESTION 122
You have policy-statement my-policy configured at the [edit policy-options] configuration hierarchy. At which
two configuration hierarchies could you reference this policy? (Choose two.)
A. [edit routing-options forwarding-table]

B. [edit services service-set my-service-set]
C. [edit interfaces lo0 family inet filter]
D. [edit protocols bgp]
Answer: AD
Section: (none)
QUESTION 123
What is a proper encapsulation setting for MLPPP?
A. encapsulation mlppp on an se- interface

B. encapsulation mlppp on an ls- interface
C. encapsulation multilink-ppp on a logical unit of a t1- interface
D. encapsulation multilink-ppp on a logical unit of an ls- interface
Answer: D
Section: (none)
QUESTION 124
Which two statements about AH and ESP are correct? (Choose two.)
A. AH protects the complete packet except mutable fields from being modified in transit
B. AH protects only the original packet from being modified in transit
C. ESP protects only the original packet from being modified in transit
D. ESP protects the complete packet except mutable fields from being viewed in transit
Answer: AC
Section: (none)
QUESTION 125
Which command will allow you to see the encryption and/or authentication algorithms that the router is using to
encrypt user data on a given IPSec tunnel?
A. show services ipsec-vpn tunnel detail

B. show services ipsec-vpn ipsec security-associations extensive
C. show services ipsec-vpn ipsec statistics detail
D. show services ipsec-vpn ike security-associations detail
Answer: B
Section: (none)
QUESTION 126
Which interface type is used to configure MLPPP on a J-series router?
A. as-
B. lt-
C. ls-
D. ml-
Answer: C
Section: (none)
QUESTION 127
Which two statements are true regarding NAT and PAT support on J-series routers? (Choose two.)
A. You may translate source addresses using a smaller NAT pool.

B. You may configure NAT only for source translations.
C. You may configure dynamic PAT only for source translations.
D. You may use an interface address in a NAT pool with a next-hop-style service set.
Answer: AC
Section: (none)
QUESTION 128
You are configuring an IPSec tunnel between two devices. Which two statements are true? (Choose two.)
A. You define your transit data encryption algorithms under the [services ipsec-vpn ike] configuration
hierarchy.
B. You must configure IKE to establish the tunnel.
C. You define your transit data encryption algorithms under the [services ipsec-vpn ipsec] configuration
hierarchy.
D. You can configure manual or dynamic security associations.
Answer: CD
Section: (none)
QUESTION 129
Which command do you use to collect necessary information for JTAC assistance?
A. show tech-support
B. request support information
C. request system support information
D. show configuration
Answer: B
Section: (none)
QUESTION 130
You have the following configuration on the router:
authentication-order [ radius tacplus password ]; Which statement is true?
A. Each authentication method is tried in order until the password is accepted.

B. If all configured methods fail to reply, local authentication will not be tried.
C. The user will only be authenticated through RADIUS if local user password fails.
D. If a password is rejected, the next method on the list will not be tried.
Answer: A
Section: (none)
QUESTION 131
You are configuring schedulers for VoIP, business critical data and best effort data traffic which are classified
in different forwarding classes. Which two statements are true? (Choose two.)
A. You should assign a large buffer to business critical data traffic to decrease packet loss as much as
possible.
B. You should assign to VoIP traffic the same priority as that of business critical data traffic.
C. You should assign high priority and a large buffer to VoIP traffic to prevent packet loss.
D. You should assign high priority and a reasonably small buffer to VoIP traffic to minimize delay.
Answer: AD
Section: (none)
QUESTION 132
In stateful firewall or NAT rules, what are two functions performed by an application-layer gateway? (Choose
two.)
A. Allows the router to perform NAT properly for an application.

B. Allows the router to properly accept traffic for an application when using a stateful firewall without NAT.
C. Allows the router to authenticate user credentials to determine whether to allow traffic to an application
server.
D. Allows the router to act as a proxy device for an application.
Answer: AB
Section: (none)
QUESTION 133
Which two parameters of a scheduler can control the resources assigned to a queue? (Choose two.)
A. priority
B. period to visit a queue
C. buffer-size
D. delay
Answer: AC
Section: (none)
QUESTION 134
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. Your enterprise is dual
homed to two different ISPs (A and B). Your AS number is 2001. You want to make sure you will not be a
transit AS between the two ISPs. In the exhibit you see a partial configuration.
Which AS-path regular expressions complete the configuration to accomplish this goal?
A. [edit policy-options]
set as-path no_transit ".*";
B. [edit policy-options]
set as-path no_transit ".* 2001 .*";
C. [edit policy-options]
set as-path no_transit "2001";
D. [edit policy-options]
set as-path no_transit "()";
Answer: D
Section: (none)
QUESTION 135
Which three can be used for matching in a stateless firewall filter from statement? (Choose three.)
A. port
B. source-address
C. next-hop
D. application-set
E. source-port
Answer: ABE
Section: (none)
QUESTION 136
Which statement is true for a DTE frame-relay interface on a Juniper Networks router?
A. dte must be set on the physical interface.

B. multipoint must be set on the physical interface.
C. The dlci and logical unit values must match.
D. Encapsulation frame-relay must be configured on the physical interface.
Answer: D
Section: (none)
QUESTION 137
What information can be gathered using traceoptions? (Choose two.)
A. interface operational information

B. firewall counters
C. chassis status
D. routing protocol information
Answer: AD
Section: (none)
QUESTION 138
Which statement is true when using BGP with a provider?
A. You should advertise all of your internal routes so your provider can return traffic to your network.
B. Your provider should send you the full BGP route table to ensure external reachability.
C. You should try to summarize your routes into the least number of routes possible.
D. You should only run BGP on your edge device and redistribute the BGP routes into your IGP.
Answer: C
Section: (none)
QUESTION 139
Which two statements are correct? (Choose two.)
A. A BA classifier can be applied to egress packets to set the ToS bits in the IPv4 header.
B. If a BA classifier puts a packet into a forwarding class, a firewall filter can override it and put the packet into
a different forwarding class.
C. A BA classifer can put the incoming packets into different queues based on their destination addresses.
D. Both an IPv4 BA classifier and a firewall can classify packets based on their ToS bits.
Answer: BD
Section: (none)
QUESTION 140
Which two statements are correct? (Choose two.)
A. By default, traffic can only use the best effort queue and assured-forwarding queues.
B. You can configure traffic to the same destination to use multiple queues.
C. You can not configure traffic to the same destination to use multiple queues.
D. By default, traffic can only use the best effort and network control queues.
Answer: BD
Section: (none)
QUESTION 141
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, you have
an external BGP neighbor that is not receiving the route 192.168.20.0/24 in your BGP updates. You have
applied the policy "example" as an export policy to your BGP neighbor. You ran the "test policy" command on
the prefix and received the results in the exhibit.
Which statement would explain why the route is not being sent to your BGP neighbor?
A. The prefix 192.168.20.0/24 was accepted by a term in the example policy.

B. Policy example should be applied as an import policy, not an export policy.
C. The prefix 192.168.20.0/24 was rejected by a term in the example policy.
D. The prefix 192.168.20.0/24 was not accepted or rejected by any terms in the example policy.
Answer: D
Section: (none)
QUESTION 142
Your enterprise is dual homed to two different ISPs (A and B) using BGP. You want to influence traffic entering
your network to prefer ISP
A. Which two BGP attributes can

you manipulate in a policy to accomplish this goal? (Choose two.)
B. origin
C. local preference
D. AS path
E. route preference
Answer: AC
Section: (none)
QUESTION 143
You have a next-hop-style service set. You want to use sp-0/0/0.1 as the outside service interface and use sp-
0/0/0.2 as the inside service interface. Which two statements regarding next-hop style service sets are true?
(Choose two.)
A. You must configure next-hop-style on the sp-0/0/0 interface.

B. You must configure family inet on the sp-0/0/0.1 interface.
C. You may configure a service filter on the sp-0/0/0.1 interface.
D. You must configure service-domain outside on the sp-0/0/0.1 interface.
Answer: BD
Section: (none)
QUESTION 144
You make changes to an existing NAT rule and commit the configuration. Which two statements are true?
(Choose two.)
A. The change affects existing flows only after you clear the flow table.
B. The change affects existing flows immediately.
C. The change affects new flows immediately.
D. The change affects new flows only after you clear the flow table.
Answer: AC
Section: (none)
QUESTION 145
Exhibit:
export policy or policies will be applied to BGP neighbor 1.1.1.1?
A. customer-filter
B. customer-filter, local-routes and block-privates
C. local-routes and block-privates
D. local-routes
Answer: D
Section: (none)
QUESTION 146
Your router is under distributed denial-of-service (DDoS) attack, which tool should you use to protect your
Routing Engine (RE)?
A. a policer applied to the input of fe-0/0/0.0

B. a firewall filter applied to the input of fe-0/0/0.0
C. a policy-statement to discard all routes to source addresses of DoS packets
D. a firewall filter applied to the input of lo0.0
Answer: D
Section: (none)
QUESTION 147
Which statement about next-hop-style and interface-style service sets is correct?
A. Both styles support multicast traffic.

B. Both styles require multiple routing instances.
C. Only interface-style service sets can use multiple routing instances.
D. Only next-hop-style service sets support multicast traffic.
Answer: D
Section: (none)

Juniper - Actualtests.jn0 350.v2008!07!15.by - Ramon 1

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Juniper - Actualtests.jn0 350.v2008!07!15.by - Ramon 1

Uploaded by

Copyright:

Available Formats

Juniper.ActualTests.JN0-350.v2008-07-15.by.Ramon.

Juniper Networks Certified Internet

A. A peer-group must be defined as type external.

A. show services stateful-firewall flows

A. MPLS Layer 3 VPN

A. The packet will be counted and then discarded.

A. set pool my-pool port automatic

A. A scheduler map controls the resources assigned to a specific queue.

A. There is no IP address configured on gr-0/0/0 unit 0.

A. to eliminate the need for congestion management

A. flow control action

A. 179 packets have been received by the router.

A. Configure keepalives for the GRE tunnel.

A. show services ipsec statistics

A. show system alarms

A. request system alarms

A. Packets destined to the BGP port with precedence 4 will be rate-limited.

A. Prefix-lists are defined within a routing policy.

A. Apply a firewall filter to the fxp0 interface.

A. Fast Ethernet interfaces will all calculate a metric value of 100.

A. Traffic can only be policed once in ingress.

A. Additional configuration is needed to use the 802.1 bits for classification.

A. To provide differentiated services to network traffic.

A. to allow external OSPF routes to be advertised to all areas

A. Higher-bandwidth data streams are the least likely to be affected.

A. point-to-point must be set on the logical unit.

A. [edit firewall family inet]

A. dynamic destination port translation

A. Apply import policies to restrict routing exchange between protocols.

A. [edit services ipsec-vpn ipsec]

A. show interfaces queue fe-0/0/1

A. term two has an incorrect match condition.

A. Configuring a stateful firewall requires a stateless firewall filter to also be configured.

A. Use show interfaces queue to look for policed traffic.

A. show chassis fan-status

A. show system services

A. Manage congestion by intelligently dropping traffic.

A. You do not need to define a "peer-as" if you specify "type internal"

A. Use the debug command.

A. RIP multicasts updates to neighbors by default.

A. Stateless firewalls provide packet level protection.

A. Configure a logical unit between 1000 and 1022.

A. The route would be accepted with no modifications.

A. show system processes extensive

A. show bgp neighbor 1.1.1.1 received-routes

A. Policers can only be configured using firewall filters.

A. show services stateful-firewall session-table

A. to reach networks that are outside of your area

A. set protocols ospf area 0 interface sp-0/0/0.1

A. The routing protocols.

A. An IPSec proposal can reference multiple encryption algorithms.

A. The packet is forwarded and no other action is taken.

A. CRTP can only be configured on non-multilink interfaces.

A. 200.2.0.0/24 community 65002:10

Network Topology Exhibit:

A. a multifield classifier in the core

A. AS path prepending can be modified using policy.

A. show log messages

A. Service-domain inside and service-domain outside must be configured.

A. Only interface-style supports IPSec-over-GRE with the same tunnel endpoints.

A. Each term can specify a different IPSec policy.

A. MED can only be set using a policy.