Professional Documents
Culture Documents
147q
Number: JN0-350
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
JN0-350
Exam :
07.15.08
Ver :
JN0-350
Exam A
QUESTION 1
Which statement is true about external BGP peering sessions?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 2
You want to determine what IP address and port number the router is using to NAT a particular connection.
Which command will display this information?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 3
Which statement is true about the area-range command?
A. When the area-range command is used, the ABR generates a default route.
B. You can have only one area-range statement per OSPF area.
C. The area-range command can only be used to summarize internal routes.
D. The area-range statement can be configured under an NSSA area to summarize external routes.
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 4
You need to transport non-IP traffic between a branch office and headquarters. What is a valid connectivity
option?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 5
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what will
be the result of a packet sourced from address 10.10.1.1 when the filter is applied?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 6
Which two features can you configure to optimize the processing of VoIP traffic? (Choose two.)
A. H.323 proxy
B. Compressed Real-Time Transport Protocol
C. Multiclass Multilink PPP
D. SIP compression
Answer: BC
Section: (none)
Explanation/Reference:
QUESTION 7
Which two statements are true with regard to outbound BGP policies in a dual homed scenario? (Choose two.)
A. To enforce strict primary/secondary outbound routing only default routes should be received from both your
ISPs.
B. To enforce load-sharing between both ISPs, when multiple routers are used, configurations should not be
synchronized between them.
C. To enforce strict primary/secondary outbound routing full BGP routes should be received from both your
ISPs.
D. To enforce load-sharing between both ISPs, when multiple routers are used, configurations should be
synchronized between them.
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 8
You are configuring a router under [edit services nat]. Which command will configure the router to perform
Network Address Port Translation (NAPT/PAT)?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 9
Which two statements are true about scheduler maps? (Choose two.)
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 10
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, R1's
loopback address is 192.168.100.100. There is a static route for 192.168.200.200/32 with a next-hop of se-
1/0/0.0.
Why is GRE communication failing?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 11
You have multiple routes to the same destination using default route preference values. Which source of
routing information will be chosen?
A. direct
B. static
C. OSPF
D. RIP
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 12
What are two important configuration steps for next-hop-style service sets? (Choose two.)
A. Configure the outside service interfaces in the stateful firewall, NAT and VPN rules.
B. Configure the outside service interfaces in the service set.
C. Configure service-domain outside on the ISP's interface.
D. Configure service-domain outside on the outside service interface.
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 13
What is a common use for CoS in a branch office?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 14
Which three actions can be performed in a routing policy? (Choose three.)
Answer: ACE
Section: (none)
Explanation/Reference:
QUESTION 15
Which statement about stateless firewall filters is true?
A. You must specify the action "then log" for the packets to be logged in the syslog file.
B. You must specify the action "then syslog" for packets to be logged in the firewall log.
C. All rejected or discarded packets are sent to the firewall log.
D. You must specify the action "then log" for packets to be logged to the firewall log.
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 16
Using the command show system connections, you see the following result:
tcp4 0 0 *.179 *.* LISTEN
What does this mean?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 17
What are two features of IPSec VPNs? (Choose two.)
A. data modification
B. data authentication
C. data integrity
D. data prioritization
Answer: BC
Section: (none)
Explanation/Reference:
QUESTION 18
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, R1's
loopback address is 192.168.100.100. There is a static route for 192.168.200.200/32 with a next-hop of se-
1/0/0.0. Which step must you take to allow communications through the GRE tunnel?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 19
Which command will show you the number of packets secured within IPSec VPN tunnels for a given service
set?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 20
You set the syslog to log any warning messages. Which command allows you to monitor warning messages in
real time?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 21
Which two commands would you use to list all active alarm on a router? (Choose two.)
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 22
All operations team members are authenticated and authorized by a TACACS+ server. All users are members
of the same login class with view permissions only. You want to give one user in the same login class
permission to also run the show configuration command. How do you accomplish this?
A. You must have the TACACS+ server return the Juniper-Allow-Commands attribute.
B. You cannot do this without assigning the user to a different login class.
C. You must have the TACACS+ server return the Juniper-Configure attribute.
D. You must have the TACACS+ server return the Juniper-Local-User-Name attribute.
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 23
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, assuming
you apply the firewall filter to the input of an interface, which two statements are true for incoming packets on
this interface? (Choose two.)
Answer: BC
Section: (none)
Explanation/Reference:
QUESTION 24
Which statement is true about route-filters and prefix-lists?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 25
Which two statements are true about BGP? (Choose two.)
A. The BGP next-hop attribute must always be set to a non-private IP address when peering with a service
provider.
B. The as-path attribute tracks loops within an autonomous system.
C. The BGP next-hop attribute is automatically updated when sending routes to an external peer on a point-to-
point link.
D. The as-path attribute is automatically updated when sending routes to an external peer.
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 26
You are using an ISP provided Layer 3 MPLS VPN solution for remote connectivity. Which BA classification
options do you use for traffic coming from the provider? (Choose two.)
A. IP precedence bits
B. source IP address
C. DSCP bits
D. EXP bits
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 27
When would you use BGP as a routing protocol?
A. When you do not want to run other IGPs such as OSPF, RIP or IS-IS.
B. When you need internet access through an Internet Service Provider.
C. When you are dual-homed to multiple Internet Service Providers.
D. When you need a gateway out of your network.
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 28
Your enterprise is dual homed to the same ISP using BGP. You want to influence the return traffic to always
come back to your network over one of the links. Which three BGP attributes can you modify in a policy to
accomplish this goal? (Choose three.)
A. local preference
B. AS path
C. next hop
D. origin
E. MED
Answer: BDE
Section: (none)
Explanation/Reference:
QUESTION 29
Which statement describes where to apply a packet filter to protect the router?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 30
You want to configure the router to match all Telnet (tcp/23) connections. You are configuring the router in the
[edit services stateful-firewall rule my-rule term my-term] hierarchy. Which command will cause this to
happen?
A. set from tcp-destination-port 23
B. set from destination-port 23
C. set from applications junos-telnet
D. set from application-set junos-telnet
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 31
You have set the OSPF reference bandwidth to 1 Gigabit. Which statement is true?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 32
Which statement is correct regarding policer use for CoS in the enterprise?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 33
Your Juniper WAN router is connected to an Ethernet switch that is configured to use 802.1p bits for classifying
traffic. Which statement is correct about the configuration of CoS on the router?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 34
What is the primary reason to configure CoS for branch office connectivity?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 35
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. Router Certkiller 3 and
Router Certkiller 6 are peering using loopback addresses. In the exhibit, how will the link failure between
Router Certkiller 6 and Router Certkiller 3 affect the internal BGP session between Router Certkiller 6 and
Router Certkiller 3?
A. The internal BGP session will fail and will be re-established when the physical link between Router
Certkiller 6 and Router Certkiller 3 is repaired.
B. The internal BGP session will drop and a new session will be established through Router Certkiller 1.
C. The session will remain up, and packets crossing the network will be forwarded through Router Certkiller 1.
D. The session will remain up, but forwarding will be interrupted until the physical link between Router
Certkiller 6 and Router Certkiller 3 is repaired.
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 36
What is the primary reason for configuring a multi area OSPF network?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 37
The router is using the RED algorithm to selectively drop random packets before congestion becomes critical.
Which two statements are correct? (Choose two)
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 38
Which statement is true for a DTE frame-relay interface on a Juniper Networks router?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 39
You are at the [edit policy-options policy-statement my-policy term one] configuration hierarchy. Which two
commands are valid syntax? (Choose two.)
A. set then counter four
B. set then term three
C. set from metric 2
D. set from prefix-list five
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 40
You are an ISP. Your backbone IP address space is 10.10.0.0/16. Your network management IP address
space is 192.168.100.0/24. A firewall filter is applied to lo0 which allows management access using Telnet and
FTP. Which firewall filter will also allow OSPF and BGP to function without blocking management access ?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 41
What are three types of NAT that Juniper Networks routers support? (Choose three.)
Answer: BCD
Section: (none)
Explanation/Reference:
QUESTION 42
You are using the route redistribution strategy to transition your network from RIP to OSPF. What must you do
to avoid routing loops?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 43
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, which
commands will cause the router to use both ESP and AH to secure traffic in the IPSec tunnel?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 44
BGP communities can be used to influence your ingress traffic from the Internet. The communities signal the
ISP to change specific route attributes for this purpose. Which two attributes should be used for this? (Choose
two.)
A. MED
B. local preference
C. next hop
D. AS path
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 45
You are examining the output of the stateful firewall session table. Which state indicates that the router is using
an application-layer gateway (ALG) to forward traffic?
A. Forward
B. NAT
C. ALG
D. Watch
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 46
You want to verify that traffic is being classified correctly and forwarded in the proper queue on interface fe-
0/0/1. Which two commands would show you this information? (Choose two.)
Answer: AB
Section: (none)
Explanation/Reference:
QUESTION 47
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. The re-protect firewall
filter is applied as an input filter on the lo0.0 interface. You have a single BGP peering session with 10.0.0.1.
Which statement is true?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 48
Which statement is true?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 49
You are troubleshooting a CoS problem for packets transitioning the router. What are two useful actions?
(Choose two.)
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 50
Which command will allow you to monitor the fan status on a router?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 51
Which single command would you use to identify all protocols running on a router?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 52
You found a log message from your router as follows:
Aug 9 19:16:51 radon-re0 chassisd[2622]: CHASSISD_FRU_EVENT:
scb_recv_slot_attach: attached FPC 0
Which part of the message code indicates the process that generated the message?
A. radon-re0
B. scb_recv_slot_attach
C. CHASSISD_FRU_EVENT
D. chassisd[2622]
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 53
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit a
scheduler-map is applied to fe-0/0/0 interface of an M7i router.
Which statement is correct?
A. With the exception of the assigned bandwidth, all queues will share the remaining bandwidth.
B. Packets in queue P0 and P2 will be dropped because there is no bandwidth assigned to them.
C. Traffic in queue P3 will use all bandwidth if there is enough traffic in the queue .
D. Traffic in P1 and P3 will share the remaining bandwidth.
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 54
What are three functions associated with the JUNOS software class of service? (Choose three.)
Answer: ABD
Section: (none)
Explanation/Reference:
QUESTION 55
Which two statements are correct when configuring an IBGP peering session? (Choose two.)
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 56
You need to transport sensitive financial data between a branch office and headquarters. Which connectivity
option provides optimum security?
A. GRE tunnel
B. Frame Relay
C. IPSec tunnel
D. MPLS Layer 2 VPN
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 57
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, the BA
classifiers are applied to an interface. The packets incoming to this interface will be classified accordingly.
Which forwarding class will the router assign to an IP packet with precedence bits 101?
A. P0
B. P3
C. P2
D. P1
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 58
Which statement is true when configuring CoS?
A. Priority and transmission rate define how packets are stored and dropped.
B. Buffer size and RED configuration define how packets are stored and dropped.
C. Buffer size and RED configuration define the priority and transmission rate.
D. You define the transmit rate and buffer size in the scheduler map.
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 59
How can you perform a debug on a Juniper enterprise router?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 60
You want to run RIPv2 as the IGP in your network. Which two statements are true? (Choose two.)
Answer: AB
Section: (none)
Explanation/Reference:
QUESTION 61
Which three statements are correct with respect to stateful and stateless firewalls? (Choose three.)
Answer: ACE
Section: (none)
Explanation/Reference:
QUESTION 62
Which step is required to configure an FRF.16 Multilink Frame Relay interface on a J-series router?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 63
Where are CoS multifield classifiers configured?
A. firewall filter
B. routing policy
C. rewrite marker
D. scheduler
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 64
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what
would the result be when the prefix 192.168.192.0/18 is evaluated by the term?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 65
Which two commands would you use to verify the Routing Engine memory utilization? (Choose two.)
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 66
Which two commands will show you the effects of an import policy applied to BGP neighbor 1.1.1.1? (Choose
two.)
Answer: BC
Section: (none)
Explanation/Reference:
QUESTION 67
Which two statements about policers are correct? (Choose two.)
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 68
Which command would you use to display the stateful firewall session table?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 69
Which statement is true about stateless packet filters?
A. Multiple input and output filters can be applied to each logical interface.
B. A firewall filter applied to a physical port affects all logical ports on that physical port.
C. One input and one output filter can be applied to each logical interface.
D. Firewall filters applied to an interface can track session information for statistical analysis.
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 70
What is the purpose of an ASBR summary LSA?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 71
You have configured an IPSec-over-GRE tunnel to a non-Juniper router with different IPSec and GRE
endpoints. The tunnel interface is gr-0/0/0.0, the inside service interface is sp-0/0/0.2, and the outside service
interface is sp-0/0/0.1. How do you enable OSPF in area 0 for this tunnel?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 72
Firewall filters are processed by which component in the router?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 73
You are configuring an IPSec VPN on a J-series router. Which two statements are true? (Choose two.)
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 74
When you contact JTAC for a troubleshooting problem, which two commands will provide important
information about the router's hardware and software? (Choose two.)
A. show version
B. show chassis hardware
C. show system coredump
D. show system statistics
Answer: AB
Section: (none)
Explanation/Reference:
QUESTION 75
Which form of Multilink Frame Relay allows multiple DLCIs to be bound to a single logical unit?
A. FRF.15
B. FRF.26
C. FRF.16
D. FRF.25
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 76
Which statement is true if a packet does not match any terms in a firewall filter?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 77
Which two statements about the Compressed Real-Time Transport Protocol (CRTP) are correct regarding the
J-series router? (Choose two.)
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 78
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit you see a
policy that filters routes based on their community value.
Which route will be accepted by the policy?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 79
Exhibit:
A. Configure the stateful firewall to allow all incoming TCP connections from the FTP server.
B. Configure the stateful firewall to allow all outgoing TCP connections to the FTP server.
C. Configure the router to use the FTP application-layer gateway.
D. Remove the stateful firewall rules.
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 80
Which two CoS options for branch office connectivity should be configured? (Choose two.)
Answer: BC
Section: (none)
Explanation/Reference:
QUESTION 81
Which two statements are true about the as path attribute? (Choose two.)
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 82
You have enabled traceoptions for IKE using the configuration command set services ipsec-vpn traceoptions
flag ike. Which command will display the resulting IKE logs?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 83
Which statement is correct about applying interface-style service sets?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 84
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, how
many internal BGP sessions are needed on Router 6 if all routers are running BGP and no route reflection or
confederations are being used?
A. 6
B. 5
C. 3
D. 1
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 85
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. Referring to the exhibit,
which two statements are true? (Choose two.)
A. The "input" match direction for the service-set is from the "Trusted" network towards the FTP server.
B. A route pointing to the service interface must be configured.
C. The "input" match direction for the service-set is from the FTP server towards the "Trusted" network.
D. The service-set is applied directly to the interface.
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 86
Which statement is true about next-hop-style and interface-style service sets for IPSec VPNs?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 87
Which two statements are true regarding IPSec VPN service rules configured at the [edit services ipsec-vpn]
hierarchy? (Choose two.)
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 88
Which two statements are true about setting the MED attribute? (Choose two.)
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 89
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what is
the correct internal BGP configuration for router 192.168.1.6 in order to peer with 192.168.1.3 using loopback
addresses?
A. [edit protocols]
User@Router6#show
bgp {
group internal-peers {
type internal;
local-address 192.168.1.6;
neighbor 192.168.1.3;
}
B. [edit protocols]
User@Router6#show
bgp {
group internal-peers {
local-address 192.168.1.6;
neighbor 192.168.1.3;
}
C. [edit protocols]
User@Router6#show
bgp {
group internal-peers {
type internal;
local-address 192.168.1.6;
neighbor 192.168.1.3 {
multihop {
ttl 2;
}
D. [edit protocols]
User@Router6#show
bgp {
group internal-peers {
type internal;
peer-as 65000;
neighbor 192.168.1.3;
}
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 90
Which statement is true when applying policies to BGP?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 91
Which configuration step is required when configuring an OSPF stub area?
A. You must configure the command stub under [edit protocols ospf] on the ASBR.
B. You must configure the command stub on all routers under [edit protocols ospf].
C. You must configure the command stub under [edit protocols ospf area] on the ABR.
D. You must configure the command stub on all routers under [edit protocols opsf area].
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 92
Which path attribute is automatically updated when a route is sent to an external BGP neighbor on a point-to-
point link?
A. originator ID attribute
B. aggregator ID attribute
C. BGP next-hop attribute
D. route preference attribute
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 93
Assume the router is currently using default route preferences. Which command would cause the router to
select different active routes?
A. set protocols bgp preference 170
B. set protocols ospf preference 500
C. set protocols direct preference 20
D. set protocols rip group my-group preference 90
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 94
You want to configure the router to match all FTP connections to 172.30.30.30/32. You are configuring the
router in the [edit services stateful-firewall rule my-rule term my-term] hierarchy. Which commands will cause
this to happen?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 95
Which two statements are true about Port Address Translation (PAT) on J-series routers? (Choose two.)
Answer: BC
Section: (none)
Explanation/Reference:
QUESTION 96
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what
would the result be when the prefix 10.0.67.43/32 is evaluated by the term?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 97
You have configured an OSPF stub area. What does adding the no-summaries command do?
A. It blocks summaries out of the stub area, and blocks summaries coming in from the backbone.
B. It allows summaries out of the stub area, but blocks summaries coming in from the backbone.
C. It allows summaries out of the stub area, and allows summaries coming in from the backbone.
D. It blocks summaries out of the stub area, and allows summaries coming in from the backbone.
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 98
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what will
the router do when it receives a packet from source address 10.10.10.10 on an interface where the my-service-
set service set is applied?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 99
Which statement is correct about the use of BA classifiers for incoming packets?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 100
Which two statements are true about RIPv2? (Choose two.)
A. RIP routers can update individual prefixes to provide incremental route updates.
B. A RIP router acknowledges updates it receives.
C. RIP metrics are based on hop count.
D. A RIP router can send up to 25 prefixes in a single update.
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 101
Which two statements about AH and ESP are correct? (Choose two.)
Answer: BC
Section: (none)
Explanation/Reference:
QUESTION 102
Network Topology Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, after
applying the firewall filter to the router, you notices that some unwanted ICMP traffic is still passing through the
router. Which two reasons would be the cause? (Choose two.)
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 103
What is the most preferred route preference value?
A. 255
B. 4294967295
C. 1
D. 0
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 104
Which benefit do IPSec VPNs provide compared to MPLS-based VPNs?
A. performance
B. security
C. control
D. Internet connectivity
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 105
You are configuring the router at the [edit services stateful-firewall rule my-rule term my-term] hierarchy. You
want to match connections from all source addresses except 10.10.10.17 through 10.10.10.32. Which
command will cause the router to match this traffic?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 106
Which two statements are true regarding BA classifiers? (Choose two.)
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 107
A stateful firewall is configured on a Juniper router. Which command displays the number of connections that
the router has rejected due to errors with the IP headers?
A. show services statistics
B. show services stateful-firewall statistics errors
C. show services stateful-firewall errors
D. show services stateful-firewall statistics extensive
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 108
You are configuring a router at the [edit] hierarchy. Which command will configure the router to log information
regarding IKE sessions?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 109
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, which
configuration hierarchy may my-policy be defined?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 110
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, you
configure R1 and R2 to export RIP routes to OSPF and OSPF routes to RIP. Users in the RIP network are
complaining about connectivity to users in the OSPF network.
What are two possible causes of the problem? (Choose two.)
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 111
You have configured the router to use an interface-style service set on an interface.
Which two statements are true? (Choose two.)
A. The router will use the interface-style service set to process multicast traffic if you have configured a
service filter that selects the traffic.
B. If you do not configure a service set to use any stateful firewall rules, the AS PIC allows all connections.
C. The router will use the interface-style service set to process all multicast traffic by default.
D. If you use at least one stateful firewall rule, the AS PIC discards all connections that fail to match.
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 112
Which two statements are correct about IPSec-over-GRE tunnels? (Choose two.)
A. You can use the same endpoint IP addresses for both the IPSec and GRE tunnels.
B. You must use a next-hop-style service set when configuring an IPSec-over-GRE tunnel.
C. You must use a next-hop-style service set in order to send multicast traffic over an IPSec-over-GRE tunnel.
D. You can send multicast traffic over an IPsec-over-GRE tunnel.
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 113
Which two statements are correct about CoS processing on enterprise routers? (Choose two.)
A. On the J-series platform, CoS functions are performed in the software and their availability and limitations
are not dependent on the interface type.
B. On the M-series platform, CoS functions are performed in the hardware and have limitations that are
dependent on the interface type.
C. On the J-series platform, CoS functions are performed in the hardware and have limitations that are
dependent on the interface type.
D. On the M-series platform, CoS functions are performed in the software and their availability and limitations
are not dependent on the interface type.
Answer: AB
Section: (none)
Explanation/Reference:
QUESTION 114
Given OSPF AS external, RIP, EBGP, and IBGP learned routes to the same destination, which route is
preferred?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 115
Which statement is true about external BGP sessions?
A. You normally filter the routes sent to you by your provider using policy.
B. Your provider normally does not allow you to filter routes sent to or received from your provider.
C. You normally should not filter any routes sent to or received from your provider.
D. You normally filter the routes you send to your provider using policy.
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 116
You have a BGP peer that goes up and down repeatedly. How would you gather log messages to troubleshoot
the problem?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 117
Your router is under a denial-of-service attack, you apply a firewall filter to lo0 to silently drop the packets.
Which firewall filter action enables you to achieve this?
A. blackhole
B. reject
C. deny
D. discard
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 118
Which BGP path attribute is automatically updated when a route is sent to an external BGP peer?
A. originator ID attribute
B. AS path attribute
C. local preference attribute
D. MED attribute
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 119
Which two statements are true about BGP peering sessions? (Choose two.)
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 120
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, which
statement is true of a BGP-learned route to 10.1.0.0/24 that is evaluated against the BGP export policy chain?
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 121
A router is configured to use source NAT with a next-hop-style service set. Which statement is true?
A. The router automatically adds a route for the NAT pool with a next hop of the inside service interface.
B. You must manually configure a route for the NAT pool with a next hop of the inside service interface.
C. The router automatically adds a route for the NAT pool with a next hop of the outside service interface.
D. You must manually configure a route for the NAT pool with a next hop of the outside service interface.
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 122
You have policy-statement my-policy configured at the [edit policy-options] configuration hierarchy. At which
two configuration hierarchies could you reference this policy? (Choose two.)
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 123
What is a proper encapsulation setting for MLPPP?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 124
Which two statements about AH and ESP are correct? (Choose two.)
A. AH protects the complete packet except mutable fields from being modified in transit
B. AH protects only the original packet from being modified in transit
C. ESP protects only the original packet from being modified in transit
D. ESP protects the complete packet except mutable fields from being viewed in transit
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 125
Which command will allow you to see the encryption and/or authentication algorithms that the router is using to
encrypt user data on a given IPSec tunnel?
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 126
Which interface type is used to configure MLPPP on a J-series router?
A. as-
B. lt-
C. ls-
D. ml-
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 127
Which two statements are true regarding NAT and PAT support on J-series routers? (Choose two.)
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 128
You are configuring an IPSec tunnel between two devices. Which two statements are true? (Choose two.)
A. You define your transit data encryption algorithms under the [services ipsec-vpn ike] configuration
hierarchy.
B. You must configure IKE to establish the tunnel.
C. You define your transit data encryption algorithms under the [services ipsec-vpn ipsec] configuration
hierarchy.
D. You can configure manual or dynamic security associations.
Answer: CD
Section: (none)
Explanation/Reference:
QUESTION 129
Which command do you use to collect necessary information for JTAC assistance?
A. show tech-support
B. request support information
C. request system support information
D. show configuration
Answer: B
Section: (none)
Explanation/Reference:
QUESTION 130
You have the following configuration on the router:
authentication-order [ radius tacplus password ]; Which statement is true?
Answer: A
Section: (none)
Explanation/Reference:
QUESTION 131
You are configuring schedulers for VoIP, business critical data and best effort data traffic which are classified
in different forwarding classes. Which two statements are true? (Choose two.)
A. You should assign a large buffer to business critical data traffic to decrease packet loss as much as
possible.
B. You should assign to VoIP traffic the same priority as that of business critical data traffic.
C. You should assign high priority and a large buffer to VoIP traffic to prevent packet loss.
D. You should assign high priority and a reasonably small buffer to VoIP traffic to minimize delay.
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 132
In stateful firewall or NAT rules, what are two functions performed by an application-layer gateway? (Choose
two.)
Answer: AB
Section: (none)
Explanation/Reference:
QUESTION 133
Which two parameters of a scheduler can control the resources assigned to a queue? (Choose two.)
A. priority
B. period to visit a queue
C. buffer-size
D. delay
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 134
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. Your enterprise is dual
homed to two different ISPs (A and B). Your AS number is 2001. You want to make sure you will not be a
transit AS between the two ISPs. In the exhibit you see a partial configuration.
Which AS-path regular expressions complete the configuration to accomplish this goal?
A. [edit policy-options]
set as-path no_transit ".*";
B. [edit policy-options]
set as-path no_transit ".* 2001 .*";
C. [edit policy-options]
set as-path no_transit "2001";
D. [edit policy-options]
set as-path no_transit "()";
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 135
Which three can be used for matching in a stateless firewall filter from statement? (Choose three.)
A. port
B. source-address
C. next-hop
D. application-set
E. source-port
Answer: ABE
Section: (none)
Explanation/Reference:
QUESTION 136
Which statement is true for a DTE frame-relay interface on a Juniper Networks router?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 137
What information can be gathered using traceoptions? (Choose two.)
Answer: AD
Section: (none)
Explanation/Reference:
QUESTION 138
Which statement is true when using BGP with a provider?
A. You should advertise all of your internal routes so your provider can return traffic to your network.
B. Your provider should send you the full BGP route table to ensure external reachability.
C. You should try to summarize your routes into the least number of routes possible.
D. You should only run BGP on your edge device and redistribute the BGP routes into your IGP.
Answer: C
Section: (none)
Explanation/Reference:
QUESTION 139
Which two statements are correct? (Choose two.)
A. A BA classifier can be applied to egress packets to set the ToS bits in the IPv4 header.
B. If a BA classifier puts a packet into a forwarding class, a firewall filter can override it and put the packet into
a different forwarding class.
C. A BA classifer can put the incoming packets into different queues based on their destination addresses.
D. Both an IPv4 BA classifier and a firewall can classify packets based on their ToS bits.
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 140
Which two statements are correct? (Choose two.)
A. By default, traffic can only use the best effort queue and assured-forwarding queues.
B. You can configure traffic to the same destination to use multiple queues.
C. You can not configure traffic to the same destination to use multiple queues.
D. By default, traffic can only use the best effort and network control queues.
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 141
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, you have
an external BGP neighbor that is not receiving the route 192.168.20.0/24 in your BGP updates. You have
applied the policy "example" as an export policy to your BGP neighbor. You ran the "test policy" command on
the prefix and received the results in the exhibit.
Which statement would explain why the route is not being sent to your BGP neighbor?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 142
Your enterprise is dual homed to two different ISPs (A and B) using BGP. You want to influence traffic entering
your network to prefer ISP
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 143
You have a next-hop-style service set. You want to use sp-0/0/0.1 as the outside service interface and use sp-
0/0/0.2 as the inside service interface. Which two statements regarding next-hop style service sets are true?
(Choose two.)
Answer: BD
Section: (none)
Explanation/Reference:
QUESTION 144
You make changes to an existing NAT rule and commit the configuration. Which two statements are true?
(Choose two.)
A. The change affects existing flows only after you clear the flow table.
B. The change affects existing flows immediately.
C. The change affects new flows immediately.
D. The change affects new flows only after you clear the flow table.
Answer: AC
Section: (none)
Explanation/Reference:
QUESTION 145
Exhibit:
You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, which
export policy or policies will be applied to BGP neighbor 1.1.1.1?
A. customer-filter
B. customer-filter, local-routes and block-privates
C. local-routes and block-privates
D. local-routes
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 146
Your router is under distributed denial-of-service (DDoS) attack, which tool should you use to protect your
Routing Engine (RE)?
Answer: D
Section: (none)
Explanation/Reference:
QUESTION 147
Which statement about next-hop-style and interface-style service sets is correct?
Answer: D
Section: (none)
Explanation/Reference: