JN0-643-Enterprise Routing and Switching, Professional ... ... 2012/06/20 ¢  A. The authentication sequence

  • View
    0

  • Download
    0

Embed Size (px)

Text of JN0-643-Enterprise Routing and Switching, Professional ... ... 2012/06/20 ¢  A. The...

  • JN0-643-Enterprise Routing and Switching, Professional

    Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0

    http://www.gratisexam.com/

    Juniper JN0-643

    Enterprise Routing and Switching, Professional

    (JNCIP-ENT) PREPARED BY ZAMAN

    Practice Test Version: 14.20

  • Exam A

    QUESTION 1 Click the Exhibit button.

    A user on port ge-0/0/12 fails an 802.1x authentication attempt.

    What is the next action of Switch A?

    A. It puts the Authenticator in the HELD status where all EAPOL packets are discarded until the default hold timer expires.

    B. It communicates with the RADIUS server to confirm the user's password. C. It transmits an EAP-Identity-Request packet immediately after it sends out EAP-Failure. D. It tries to authenticate the user using MAC radius authentication.

    Correct Answer: C Section: (none) Explanation

    Explanation/Reference:

    QUESTION 2 Click the Exhibit button.

  • Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?

    A. The drop-profile fill level is set too low.

  • B. Packets are dropped by a firewall policy. C. The best-effort queue is being shaped. D. The scheduler is not being applied correctly.

    Correct Answer: C Section: (none) Explanation

    Explanation/Reference:

    QUESTION 3 Click the Exhibit button.

    Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?

    A. No interfaces are assigned to VLAN 100. B. Your MSTI is misconfigured. C. RSTP is configured in addition to VSTP. D. No native VLAN is configured.

    Correct Answer: A Section: (none) Explanation

    Explanation/Reference:

    QUESTION 4

  • If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.)

    http://www.gratisexam.com/

    A. MED B. origin C. local preference D. community

    Correct Answer: BC Section: (none) Explanation

    Explanation/Reference:

    QUESTION 5 When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs?

    A. The authentication sequence is based on the order of the configuration. B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out, 802.1X will start. C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by the RADIUS server, then

    Captive Portal will start. D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the RADIUS server, then

    Captive Portal will start.

    Correct Answer: D Section: (none) Explanation

    Explanation/Reference:

    QUESTION 6

    A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any device that fails authentication must be provided limited access through a VLAN called NONAUTH. How do you provide this access?

    A. Configure NONAUTH VLAN as the guest VLAN. B. Configure NONAUTH VLAN as the server-reject VLAN. C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN D. Configure a separate VLAN for each type of user: 802.1X and non-802.1X.

    Correct Answer: C Section: (none) Explanation

  • Explanation/Reference:

    QUESTION 7 Click the Exhibit button.

    Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 have been authenticated through 802.1X, however Host 3 does not have an 802.1X supplicant.

    Referring to the configuration in the exhibit, how can Host 3 be authenticated?

    A. secure-authentication option of HTTP or HTTPS must be configured for Captive Portal. B. MAC RADIUS authentication must be configured for Host 3 instead of Captive Portal. C. A new authentication-profile must be configured because 802.1X and Captive Portal cannot have the same

    authentication-profile. D. The 802.1X server failback feature must be configured for Host 3 to allow non-802.1X clients to

    authenticate.

    Correct Answer: B Section: (none) Explanation

    Explanation/Reference:

  • QUESTION 8 A user complains about connectivity problems from their IP address (10.1.1.87) to a server (10.65.1.100).Which Junos command can help verify connectivity in the network? (Choose two.)

    A. mroute B. traceoptions C. ping D. clear bgp neighbor

    Correct Answer: BC Section: (none) Explanation

    Explanation/Reference:

    QUESTION 9 Click the Exhibit button.

    The exhibit shows the output of an OSPF router LSA.

    Which interface ID represents the router's loopback address?

    A. ID 10.1.1.0

  • B. ID 10.0.3.4 C. ID 10.0.3.3 D. ID 10.0.2.4

    Correct Answer: B Section: (none) Explanation

    Explanation/Reference:

    QUESTION 10 Click the Exhibit button.

    Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the 20.0.0.0/8 route?

    A. The origin is IGP. B. The origin is unknown. C. The AS path is longer. D. Multihop is enabled.

    Correct Answer: A Section: (none) Explanation

    Explanation/Reference:

    QUESTION 11 Click the Exhibit button.

  • Based on the output shown in the exhibit, which protocol is configured?

    A. MSTP B. RSTP C. STP D. VSTP

    Correct Answer: D Section: (none) Explanation

    Explanation/Reference:

    QUESTION 12 What is the default LLDP timeout?

    A. 60 seconds B. 90 seconds C. 120 seconds D. infinite

    Correct Answer: C Section: (none) Explanation

  • Explanation/Reference:

    QUESTION 13 Click the Exhibit button.

    In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?

    A. The router has connectivity to all areas. B. The router has connectivity to Area 8 only. C. The router has connectivity to Area 2 only. D. The router has connectivity to all routers in Area 8 and Area 2.

    Correct Answer: D Section: (none) Explanation

    Explanation/Reference:

    QUESTION 14 Which two LSA types are only generated by an ABR router? (Choose two.)

    A. ASBR summary LSA (Type 4) B. ASBR LSA (Type 5) C. Summary LSA (Type 3) D. Router LSA (Type 1)

    Correct Answer: AC Section: (none) Explanation

    Explanation/Reference:

  • QUESTION 15 Port authentication falls back to Captive Portal. In which two scenarios would the port authentication move back to 802.1X? (Choose two.)

    A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state

    B. if Captive Portal is deactivated on the interface C. if the user gets logged out D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating

    state

    Correct Answer: BD Section: (none) Explanation

    Explanation/Reference:

    QUESTION 16 Which command prevents Layer 2 loops if the switch stops receiving spanning-tree keepalives on port ge- 1/0/1?

    A. [edit protocols rstp] user@switch# show interface ge-1/0/1 { bpdu-block; }

    B. [edit protocols layer2-control] user@switch# show interface ge-1/0/1 { bpdu-time-out-action { block; alarm; } }

    C. [edit protocols layer2-control] user@switch# show bpdu-block { interface ge-1/0/1; }

    D. [edit protocols rstp] interface ge-1/0/1 { no-root-port; }

    Correct Answer: D Section: (none) Explanation

    Explanation/Reference:

    QUESTION 17 Click the Exhibit button.

  • You are attaching into an EX Series switch-1a legacy IP phone that does not support LLDP-MED, but does allow configuration using DHCP, as shown in the exhibit. Your existing network QoS policies dictate that VoIP traffic must traverse over VLAN 10.Which two actions put VoIP traffic onto VLAN 10? (Choose two.)

    A. Configure protocols cdp on switch-1. B. Manually configure the voice VLAN on the IP phone. C. Configure vlan 1 under forwarding-options bootp. D. Configure interface ge-0/0/5 under forwarding-options bootp.

    Correct Answer: BD Section: (none) Explanation

    Explanation/Reference:

    QUESTION 18 What are three types of port designation specific to Private VLANs? (Choose three.)

    A. Promiscuous ports B. Transparent ports C. PVLAN trunk ports D. Designated ports E. Isolated ports

    Correct Answer: ACE Section: (none) Explanation

    Explanation/Reference:

    QUESTION 19 Click the Exhibit button.

  • Looking at the output in the exhibit, why is the BGP neighbor not in Established state?

    A. BGP Refresh is not supported. B. Multihop is not configured. C. The peer address is not reachable. D. Authentication is configured.

    Correct Answer: B Section: (none) Explanation

    Explanation/Reference:

    QUESTION 20 Which component comes first on ingress CoS processing?

    A. behavior aggregate classification B. multifield classification C. firewall policing D. rewrite marking

    Correct Answer: A Section: (none) Explanation

    Explanation/Reference:

    QUESTION 21 R1 has an OSPF adjacency with R2 over a point-to-point link. Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.)

    A. It has a value in the link ID field with R2's interface IP address. B. It has a value in the link ID field with R2's router ID.

  • C. It has a link-type of point-to-point (Type 1). D. It has a link-type of Tran