Embed Size (px)
Citation preview
Wednesday, December 12, 2007
JUNIPER JNCIS-ER preassessment exam Q&A
Yesturday night I've cleared two preassesment test from Juniper.
Copying here all the questions with answers. I scored 96% with these answers
Juniper Networks Certified Internet Associate
Q. Which attributes are automatically updated when a BGP update is sent to an EBGPneighbor? (choose 2) A,D
A. BGP Next-hop attributeB. Local Preference attributeC. Multi Exit Descriminator (MED) attributeD. AS-Path attributeE. Origin attribute
Q. Which statements are true about post-service-filters? (choose 3) A,C,D
A. A post-service-filter can only be used on inputB. A post-service-filter can be used on input, output or bothC. A post-service-filter is only applied to packets that are processed by a service-setD. A post-service-filter is a standard stateless firewall-filter
Q. For a given prefix 10.10.10.0/23 learned as an OSPF Internal Intra-Area, an OSPFInternal Inter-Area and an OSPF AS External type 1, which route will be preferred? A
A. OSPF Internal Intra-Area routeB. OSPF Internal Inter-Area routeC. OSPF AS External type 1D. Equal cost load sharing will occur if equal cost paths exist
Q. Your enterprise is dual-homed to the same Service Provider using BGP, with two linkshaving bandwidth of STM1/OC3 and STM4/OC12 respectively. You want to influence all trafficleaving your autonomous-system to use the STM/OC12 link.Which BGP attributes can you modify to accomplish this goal? (choose 2) B,D
A. Set Local Preference in an import policy for routes learned from the neighbor on theSTM4/OC12 link to be 80B. Set Local Preference in an import policy for routes learned from the neighbor on theSTM4/OC12 link to be 180
C. Configure the import-policy for the STM4/OC12 neighbor to set the ORIGIN attribute tobe INCOMPLETED. Configure the import-policy for the STM1/OC3 neighbor to as-path prepend theneighbors autonomous-system twiceE. Configure the import-policy for the STM4/OC12 neighbor to as-path prepend theneighbors autonomous-system twice
Q.
In the exhibit, which export policy or policies will be applied to BGP neighbor 10.10.10.1? CCategory
A. global-policyB. group-policyC. nbr-policyD. all three policiesE. none of the policies
Q. Which steps are required to configure an interface-style service set? (choose 5) A,B,C,D,F
A. Configure the service interfaceB. Configure the service rules and rule-setsC. Configure the service-set to include the service rules and/or rule-setsD. Configure the service-set to be interface-style and which service interface to useE. Configure routing to the service interfaceF. Apply the service-set to the required interfaces
Q. Which step is not recommended as part of a seamless RIP to OSPF IGP transition usingthe overlay method? C
A. Configure all routers to ensure the existing RIP IGP has a better route preference thanthe new OSPF IGPB. Configure all routers to run OSPFC. Redistribute all RIP routes into OSPF and vise versaD. Ensure all routers have learned all networks via OSPFE. Gracefully transition to OSPF by changing the route-preference of RIP to be higher thanOSPF
Q. Which configuration step is required when configuring an OSPF NSSA area? C
A. You must configure nssa on all routers in the networkB. You must configure nssa under [ edit protocols ospf ]C. You must configure nssa under [ edit protocols ospf area ]D. You must configure nssa only on the Area Border Routers (ABR's)
Q. Which statements below are valid JUNOS stateful-firewall rule match types? (choose 3) A,B,D
A. destination-address-rangeB. source-prefix-listC. esp-spiD. applicationsE. interface-set
Q. In the exhibit, which statement is true for the static route 11.11.11.0/24 that is evaluatedagainst the BGP export policy chain? D
A. The 11.11.11.0/24 prefix is accepted by policy P1 and advertised to neighbor10.10.10.1B. The 11.11.11.0/24 prefix is rejected by policy P1 and not advertised to neighbor10.10.10.1C. The 11.11.11.0/24 prefix is rejected by the policy P2D. The 11.11.11.0/24 prefix is rejected by the BGP default policyE. The 11.11.11.0/24 prefix is accepted by the BGP default policy
Q You want to determine which NAT pools have been configured on the router.Which command will display this information (choose 1) D
A. show services nat available poolsB. show services poolsC. show services nat-pool-tableD. show services nat pools
Q Which statements best describe Enterprise connections to Service Providers? (choose 2) C,D
A. Enterprises should always run BGP with their Service Providers when their CPE routerhas parallel multiple links to the ISP routerB. When BGP is run in an enterprise network, all routers need to run BGPC. Enterprises should use a static default route when there is only one entry/exit point outof their networkD. Enterprises should use BGP when they are multi-homed and have a need to exercisepolicy controls
Q Assuming the requirements for the establishment of an EBGP session between theloopback0 interfaces of both routers. The local autonomous-system is defined as AS100 andthe neighbors autonomous-system is AS200.The local autonomous-system is configured under [ routing-options autonomous-system100 ]Which statement is not true about Multihop External BGP peering sessions? A
A. Both peer-as 200 and type external parameters are requiredB. Only peer-as 200 is requiredC. You must configure the local-address parameterD. You must configure the ttl for the multi-hop neighbor(s)E. The local router must have a route to the eBGP neighbors configured address
Q In the exhibit, which statements are true for the NAT translation? (choose 2) B,C
A. The private/internal IP address that will be changed is 192.168.11.4B. The private/internal IP addresses that will be changed are 10.222/16C. The public/external IP address is 192.168.11.4D. The private/internal IP addresses can be anythingE. The public/external IP address is 10.222.44.1
Q While monitoring the systems messages file, you encounter an entry that is frequentlyrepeated, but seems somewhat crypticJun 8 14:12:28 R1 chassisd[2737]: CHASSISD_IFDEV_DETACH_PIC: ifdev_detach_pic(0/3)Which command can you use to better understand the significance of this message? C
A. show syslog message CHASSISD_IFDEV_DETACH_PICB. show system message CHASSISD_IFDEV_DETACH_PICC. help syslog CHASSISD_IFDEV_DETACH_PICD. show system error log CHASSISD_IFDEV_DETACH_PIC
Q In the exhibit, which statements are valid entries for the "State" field? (choose 3) B,D,E
A. MonitorB. WatchC. ListenD. DropE. Forward
Q The security policy for your company specify that access for all operations staff to networkdevices will migrate to the TACACS+ protocol. The RADIUS protocol is currently deployed andwill be the preferred method for authenticationWhat configuration is required on the JUNOS routers to ensure that only when networkconnectivity issues resulting in the TACACS+ and RADIUS being inaccessible allow locallydefined users to login to the routers? C
A. set system authentication-order [radius tacplus password]B. set system authentication-order [tacplus radius password]C. set system authentication-order [radius tacplus]D. set system authentication-order [tacplus radius]
Q Which statements are true about Queuing on M-Series and J-Series routers (choose 3) B,C,E
A. All M-Series routers support up to 8 hardware queuesB. All J-Series routers support up to 8 queuesC. Forwarding-classes map to queuesD. Voice Traffic is automatically classified as expedited-forwarding (EF) and sent to queue1E. The default queue/forwarding class associations area. Queue 0 - best-effortb. Queue 1 - expedited-forwardingc. Queue 2 - assured-forwardingd. Queue 3 - network-control
Q You need to determine which VPN technology is best suited to provide enterprise branchoffice connectivity. The requirements are that the solution should be:cost-effective does not have stringent security requirements need not support legacy protocolsshould be simple to manage for the customershould also provide Internet access on the same physical interface Which technologies/solutions are best suited? D
A. Traditional overlay L2VPN based on Frame-Relay, ATM or Leased linesB. MPLS based L2VPNC. IPSec VPND. MPLS based L3VPNE. GRE tunnel VPN
Q You need to ensure that a branch office which is connected to the Service Provider with alink speed of 128K does not get overwhelmed with traffic from the head office which has a linkspeed of 2Mbps. Juniper Networks J-Series routers are deployed as CPE devices in bothlocations.Which mechanism is best suited? D
A. Police traffic exceeding 128Kbps to the branch site at the head officeB. Upgrade the branch sites bandwidth to 2 Mbps to ensure traffic limits are not exceededC. Apply Class of Service to ensure that the most important traffic is prioritized
D. Apply JUNOS Virtual Channels at the head office to ensure branch office sites are notoverwhelmed with too much traffic
Q Which statements are true regarding Class of Service configuration in JUNOS? (choose 4)A,C,D,E
A. Behavior Aggregate (BA) classifiers are configured under[edit class-of-service classifiers]B. Behavior Aggregate (BA) classifiers are applied under[edit interfaces class-of-service]C. scheduler-maps are needed to link forwarding-classes to schedulersD. RED/WRED profiles configured under [edit class-of-service drop-profiles] must bereferenced in schedulers to take effectE. Rewrite-rules are configured under [edit class-of-service rewrite-rules] and must beapplied to the logical interfaces defined under [edit class-of-service interfaces]F. Schedulers are configured under [edit class-of-service schedulers] and may includea. forwarding-classb. transmit-ratec. priorityd. buffer-size
Q Which statements are true about Policing/Rate Limiting (choose 2) A,C
A. Policing is a useful tool for protecting the network from non-compliant sourcesB. Token-bucket policers can not be used on all interface typesC. Policers can be used to protect the network against DoS/DDoS attacksD. Policers can only be configured on ingress
Q Which command can be used to determine which sockets the router has in either a listenor established state? B
A. show netstat socketsB. show system connectionsC. show running protocolsD. show connections up
Q During the establishment of an IPSec VPN, the routers negotiate which parameters will beused for the establishment of the IPSec Security Association (SA) using proposals that definethese parameters.Which statements are true about configuring IPSec proposals? (choose 3) C,D,F[edit services ipsec-vpn ipsec proposal p1]luser@Junos-router#
A. set authentication algorithm blowfishB. set encryption algorithm rsaC. set encryption algorithm aes-256-cbcD. set protocol espE. set protocol ip
F. set lifetime 86400
Q You need to verify that the IPSec VPN that you have just configured on a J-Series router isoperating correctly.Which commands could be used to verify this? (choose 2) C,D
A. show ike security-associationsB. show ipsec security-associationsC. show services ipsec-vpn ike security-associationsD. show services ipsec-vpn ipsec security-associations
Q Which statements are true for Class of Service ingress processing (choose 2) B,E
A. Rewrite codepointsB. Multifield classificationC. SchedulingD. ShapingE. RateLimiting/Policing
Q. Which three commands are valid syntax?' A,C,D
A. set then rejectB. set then discardC. set then acceptD. set then next-policyE. set then metric2 20 accept
Q. Which configuration step is required when configuring an OSPF NSSA area? C
A. You must configure nssa on all routers in the networkB. You must configure nssa under [ edit protocols ospf ]C. You must configure nssa under [ edit protocols ospf area ]D. You must configure nssa only on the Area Border Routers (ABR's)
Q. Which statement is true about prefix-lists? (choose 2) B,C
A. They are always exact matches when used in firewall-filtersB. They are always orlonger matches when used in firewall-filtersC. They are always exact matches when used in routing policiesD. They are always orlonger matches when used in routing policies
Q. You are at the [ firewall family inet filter actions term u-decide] Yoiurconfigurationhierarchy.Which three commands are valid syntax? A,C,E
A. set then reject tcp-reset
B. set then source-class C. set then accept log syslog sample count PKTSD. set then next-policyE. set then forwarding-class
Q. Which statement is true if a route does not match any terms in a policy chain? D
A. The route is automatically acceptedB. The route is automatically rejected',falseC. The accept/reject decision must be specified in the final policy',falseD. The accept/reject decision is based on the protocols default policy
Q. Which OSPF LSA is not flooded in an OSPF Stub Area? D
A. Router LSA\'s (Type 1)B. Network LSA\'s (Type 2)C. Summary LSA\'s (Type 3)D. ASBR Summary LSA\'s (Type 4)Q. Which statement is true for the order of the selection of the BGP active route? DA. AS-Path -> Local-Preference -> Origin -> MEDB. MED -> Origin -> AS-Path -> Local-PreferenceC. Local-Preference -> Origin -> AS-Path -> MEDD. Local-Preference -> AS-Path -> Origin -> MED
Q. Which statements are true about Internal BGP configurations? (choose 3) B,C,D
A. Only directly connected neighbors need be configuredB. Usually the IP address of the loopback0 interface is used for the IBGP sessionsC. Use of the local-address configuration statement is requiredD. The IGP is used to route packets between remote neighborsE. When multiple links exist between neighbors, there needs to be multiple neighborsconfigured
Q. In a network which does not use Route Reflectors, which statements are true about BGPreadvertisement rules? (choose 2) B,E
A. When learned from External BGP, readvertise to only IBGP neighborsB. When learned from External BGP, readvertise to both IBGP and other EBGP neighborsC. When learned from Internal BGP, readvertise to only IBGPD. When learned from Internal BGP, readvertise to both IBGP and EBGP neighborsE. When learned from Internal BGP, readvertise to only EBGP
Q.You have multiple routes to the same destination using the default route preference.Which source of routing information will be selected? A
A. OSPF InternalB. RIP
C. OSPF ExternalD. Internal BGPE. External BGP
Q. Which of the following configuration statements must be added to the sample configurationto redistribute RIP prefixes into all OSPF areas? A
A. set export rip-2-ospfB. set area 0 export rip-2-ospfset area 10 export rip-2-ospset area 20 export rip-2-ospfC. set area 20 nssa default-lsa default-metric 1D. set area all export rip-2-ospf
Q. Which statements are true about service-filters? (choose 3) B,C,E
A. A service-filter can only be used on inputB. A service-filter can be used on input, output or bothC. A service-filter cannot match multicast trafficD. A service-filter is a standard stateless firewall-filterE. A service-filter can only be used with interface-style service-sets
Q. Which statements are true about the Networks Address Translations (NAT) options thatJUNOS supports? (choose 3) A,C,DA. Source DynamicB. Destination DynamicC. Source StaticD. Destination Static
Q. Which statements are true about the Networks Address Translations (NAT) types thatJUNOS supports? (choose 4) A,B,C,E
A. Source Static 1:1 translationB. Destination Static 1:1 translationC. Source Dynamic many:1 translation (PAT)D. Destination Dynamic 1:1 translationE. Source Dynamic 1:1 translationQ. Which statements below are valid JUNOS stateful-firewall rule actions and action modifiers?(choose 2) C
A. discardB. logC. syslogD. sample
Q. Which statements are true about the IPSec VPN implementation for protecting transit dataon M-Series and J-Series routers? (choose 2) C,D
A. Only data integrity is supported with Authentication Header (AH)B. Only data privacy is supported with Encapsulating Security Payload (ESP)C. Both data integrity with Authentication Header (AH) and data privacy with EncapsulatingSecurity Paylpoad (ESP) are supportedD. Only tunnel mode is supportedE. Only transport mode is supported
Q. Which statements are true about Application Layer Gateways (ALG\'s)? (choose 3) A,B,E
A. ALG\'s allow the router to interact with protocols at layer 4 and aboveB. ALG\'s allow the router to inspect the payload of connectionsC. ALG\'s allow the router to translate protocolsD. ALG\'s are required for all connectionsE. Custom ALG definitions can be configured
Q. Which statements below are valid JUNOS nat rule match types and actions? (choose 3) A,D,F
A. from source-addressB. from destination-address-rangeC. from source-prefix-listD. then translated translation-type source dynamicE. then count F. then no-translation
Q. Which statements below best describe the role of Class of Service (choose 2) B,D
A. CoS is designed to make the network fasterB. CoS provides mechanisms for categorizing trafficC. CoS is designed to reduce congestionD. CoS allows network devices to prioritize traffic based on categoryE. CoS always improves network performance
Q. Which statements are true for Class of Service traffic classification (choose 3) B,D,E
A. Behavior Aggregate (BA) classification is based on examining various fields in the IP headerB. Multifield (MF) classification is based on examining various fields in the IP headerC. Behavior Aggregate (BA) classifiers are most commonly used at the edge of the networkD. Behavior Aggregate (BA) classifiers are most commonly used in the network coreE. Behavior Aggregate (BA) classification is based on examining codepoints
Q. The components of scheduling include priority, transmission-rate, buffer-size andcongestion avoidance (RED).
Which statements are true about Scheduling on MSeriesand J-Series routers (choose 4) A,B,C,D
A. Priority defines the order of which queues will be servicedB. By default all queues are low priorityC. The queue priorities on J-Series routers area. Highb. Medium-highc.Medium-lowd. LowD. By default the buffer-size is distributed equally amongst available queuesE. Congestion avoidance with RED by default results in 50% drop when the correspondingqueue is 50% full
Q. You need to verify that packets are being correctly classified and sent to the appropriatequeue on a J-Series router with interface se-3/0/0.
Which commands or tools couldbe used to verify this information? (choose 2) A,D
A. how interfaces queue se-3/0/0B. show class-of-service interface se-3/0/0C. show interfaces se-3/0/0 queue-statisticsD. show interfaces detail se-3/0/0
Q. Which statements are true regarding Multilink Frame Relay (MLFR)? (choose 2) A,D
A. FRF.15 is similar to Multilink PPP (MLPPP) and operates end-to-endB. FRF.16 is similar to Multilink PPP (MLPPP) and operates end-to-endC. FRF.15 makes it possible to connect a Customer Premise Equipment (CPE) device withmultiple connections to the Provider Edge (PE) device as a single logical connectionD. FRF.16 makes it possible to connect a Customer Premise Equipment (CPE) device withmultiple connections to the Provider Edge (PE) device as a single logical connection
Q. The enterprise network you manage is tightening security of all network devices. You aretasked to ensure that optimum security of the routers is achieved without interruption to anylegitimate protocols or services that are required to run and manage this network.
Which commands should be run to ensure all services and protocols are included inthe router protection filters? (choose 4) A,B,D,F
A. Configuration mode show systemB. Configuration mode show snmpC. Configuration mode show servicesD. Configuration mode show protocolsE. Configuration mode show firewallF. Operation mode show system connectionsG. Operation mode show system statistics
Q. Which statements are true about the use of next-hop style service sets over interface-styleservice sets when using IPSec VPNs? B
A. Supports securing traffic to remote endpointB. Supports routing protocols directly over IPSecC. Supports multiple remote endpointsD. Supports having multiple local endpoints in the same service-set
Q. M-Series and J-Series routers? (choose 2) C,D
A. Only data integrity is supported with Authentication Header (AH)B. Only data privacy is supported with Encapsulating Security Payload (ESP)C. Both data integrity with Authentication Header (AH) and data privacy with EncapsulatingSecurity Paylpoad (ESP) are supportedD. Only tunnel mode is supported
Q. Which statements are true about IPSec-over-GRE Tunnels? (choose 2) A,D
A. ipsec-over-gre are GRE tunnels that are secured by IPSecB. ipsec-over-gre are IPSec tunnels that are routed over GREC. If the GRE and IPSec endpoints are the same, you should use a next-hop style service-setD. If the GRE and IPSec endpoints are the same, you should use a interface style service-set
Q. The IPSec VPN you have just configured is not establishing. To troubleshoot this you haveconfigured the router with traceoptions as below.
[edit services ipsec-vpn]
user@Junos-router# show traceoptionsfile size 1m files 5;flag ike;[editservices ipsec-vpn]
Which commands could be used to monitor this? (choose 2) C,F
A. show log ipsec-vpnB. show log messagesC. show log kmdD. monitor start ipsec-vpnE. monitor start messagesF. monitor start kmd
Q. Which command can be used to determine whether the SNMP process is running? C
A. show process snmpB. show snmp daemon
C. show system processesD. show task snmp
Q. Which command can be used monitor the temperature of the components in a JuniperNetworks enterprise router? C
A. show chassis temperatureB. show system temperatureC. show chassis environmentD. show temperature
Q. Which statements are true about multilink-ppp? Which mechanism is best suited? B
A. multilink-ppp can only be configured on ISDN interfaces on a J-Series routerB. multilink-ppp allows for the increase in overall throughput by combining the bandwidth oftwo or more physical linksC. multilink-ppp can only be configured in combination with a valid CRTP configurationD. multilink-ppp requires multiple IP pt-to-pt links over PPP to provide redundancy
Q. Which statements are true about Compressed Real-Time Transport Protocol? (choose 2) A,C
A. CRTP is intended to reduce serialization delayB. CRTP must be configured with multiple linksC. CRTP can be configured with a single linkD. CRTP compresses both UDP and TCP headers
Q. The routers configuration in the exhibit does not have the router-id configured. Which areawill the loopback interface of the router be included in the Router LSA (Type 1)? D
A. Area 0.0.0.0B. Area 0.0.0.20C. No AreasD. Area 0.0.0.0 and Area 0.0.0.20Posted by Iqbal Sajid at 1:04 AM
1 comments:
Anonymous said...
Hello,
This helped me so I decided to add some more that I got:
- Which statements are true about prefix-lists? (select all true) A C D E
A) Prefix-lists may be referenced in the "from" clause of routing policies.
B) Prefix-lists may be referenced in the "then" clause of routing policies.C) Prefix-lists may be referenced in firewall-filters.D) Prefix-lists may be referenced in stateful-firewall rules.E) Prefix-lists may be referenced in service-filters.
- You have configured an OSPF NSSA area, where the requirement is to summarize all the external routes using the nssa no-summaries configuration command.
On which routers should this be configured? C
A) The Autonomous System Border Routers (ASBRs)B) All routers in the NSSA areac) The Area Border Routers (ABRs)D) All routers in the backbone
