Juniper.actualTests.jn0 350.v2008!07!15.by.ramon 1

8/8/2019 Juniper.actualTests.jn0 350.v2008!07!15.by.ramon 1

1/59

Juniper.ActualTests.JN0-350.v2008-07-15.by.Ramon.147q

Number: JN0-350Passing Score: 800Time Limit: 120 minFile Version: 1.0

JN0-350Exam :

Juniper Networks Certified InternetTitl e :Specialist (JNCIS-ER)

07.15.08Ver :JN0-350


2/59

Exam A

QUESTION 1Which statement is true about external BGP peering sessions?

A. A peer-group must be defined as type external.

B. A peer-as must be configured for each peering session.

C. You must specify a local-address for each peering session.

D. You must specify a ttl for each peering session.

Answer: BSection: (none)

Explanation/Reference:

QUESTION 2You want to determine what IP address and port number the router is using to NAT a particular connection.

Which command will display this information?

A. show services stateful-firewall flows

B. show services session-table

C. show services nat flows

D. show services nat conversations

Answer: ASection: (none)


QUESTION 3Which statement is true about the area-range command?

A. When the area-range command is used, the ABR generates a default route.

B. You can have only one area-range statement per OSPF area.

C. The area-range command can only be used to summarize internal routes.

D. The area-range statement can be configured under an NSSA area to summarize external routes.

Answer: DSection: (none)


QUESTION 4You need to transport non-IP traffic between a branch office and headquarters. What is a valid connectivityoption?

A. MPLS Layer 3 VPN


3/59

B. IPSec tunnel

C. MPLS Layer 2 VPN

D. IP in IP tunnel

Answer: CSection: (none)


QUESTION 5Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what willbe the result of a packet sourced from address 10.10.1.1 when the filter is applied?

A. The packet will be counted and then discarded.

B. The packet will be counted and then accepted.

C. The packet will be accepted with no other action.

D. The packet will be discarded with no other action.



QUESTION 6Which two features can you configure to optimize the processing of VoIP traffic? (Choose two.)

A. H.323 proxy

B. Compressed Real-Time Transport Protocol

C. Multiclass Multilink PPP

D. SIP compression

Answer: BCSection: (none)



4/59

QUESTION 7Which two statements are true with regard to outbound BGP policies in a dual homed scenario? (Choose two.)

A. To enforce strict primary/secondary outbound routing only default routes should be received from both yourISPs.

B. To enforce load-sharing between both ISPs, when multiple routers are used, configurations should not besynchronized between them.

C. To enforce strict primary/secondary outbound routing full BGP routes should be received from both yourISPs.

D. To enforce load-sharing between both ISPs, when multiple routers are used, configurations should besynchronized between them.

Answer: ADSection: (none)


QUESTION 8You are configuring a router under [edit services nat]. Which command will configure the router to performNetwork Address Port Translation (NAPT/PAT)?

A. set pool my-pool port automatic

B. set pool my-pool port overload

C. set rule my-rule term 1 then translated overload

D. set rule my-rule term 1 then translated port automatic

Answer: A

Section: (none)


QUESTION 9Which two statements are true about scheduler maps? (Choose two.)

A. A scheduler map controls the resources assigned to a specific queue.

B. A scheduler map is applied before a multifield firewall filter.

C. A default scheduler map is applied to each interface.

D. A scheduler map is only needed on low speed interfaces.

Answer: ACSection: (none)


QUESTION 10Exhibit:


5/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, R1'sloopback address is 192.168.100.100. There is a static route for 192.168.200.200/32 with a next-hop of se-1/0/0.0.Why is GRE communication failing?

A. There is no IP address configured on gr-0/0/0 unit 0.

B. The outbound GRE packets are being blocked by the restrict-traffic firewall filter.

C. The encapsulation gre statement is missing from gr-0/0/0 unit 0.

D. The inbound GRE packets are being blocked by the restrict-traffic firewall filter.



QUESTION 11

You have multiple routes to the same destination using default route preference values. Which source ofrouting information will be chosen?

A. direct

B. static

C. OSPF

D. RIP

Answer: A


6/59

Section: (none)


QUESTION 12

What are two important conf iguration steps for next-hop-style service sets? (Choose two.)

A. Configure the outside service interfaces in the stateful firewall, NAT and VPN rules.

B. Configure the outside service interfaces in the service set.

C. Configure service-domain outside on the ISP's interface.

D. Configure service-domain outside on the outside service interface.

Answer: BDSection: (none)


QUESTION 13What is a common use for CoS in a branch office?

A. to eliminate the need for congestion management

B. to implement congestion avoidance using DSCP

C. to ensure different classes of traffic receive allocated bandwidth

D. to prioritize network control traffic



QUESTION 14Which three actions can be performed in a routing policy? (Choose three.)

A. flow control action

B. forwarding action

C. terminating action

D. redistributing action

E. modifying action

Answer: ACESection: (none)


QUESTION 15Which statement about stateless firewall filters is true?


7/59

A. You must specify the action "then log" for the packets to be logged in the syslog file.

B. You must specify the action "then syslog" for packets to be logged in the firewall log.

C. All rejected or discarded packets are sent to the firewall log.

D. You must specify the action "then log" for packets to be logged to the firewall log.



QUESTION 16Using the command show system connections, you see the following result:tcp4 0 0 *.179 *.* LISTENWhat does this mean?

A. 179 packets have been received by the router.

B. Four TCP sessions are established.C. The BGP protocol has been activated on the router.

D. A BGP session is established.



QUESTION 17

What are two features of IPSec VPNs? (Choose two.)

A. data modification

B. data authentication

C. data integrity

D. data prioritization



QUESTION 18Exhibit:


8/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, R1'sloopback address is 192.168.100.100. There is a static route for 192.168.200.200/32 with a next-hop of se-1/0/0.0. Which step must you take to allow communications through the GRE tunnel?

A. Configure keepalives for the GRE tunnel.

B. Allow the outbound GRE packets in the restrict-traffic firewall filter.

C. Use the se-1/0/0 unit 0 IP address as the source address for the GRE tunnel.D. Configure an IP address on gr-0/0/0 unit 0.



QUESTION 19Which command will show you the number of packets secured within IPSec VPN tunnels for a given serviceset?

A. show services ipsec statistics

B. show services service-sets statistics

C. show ipsec statistics

D. show services ipsec-vpn ipsec statistics



9/59


QUESTION 20You set the syslog to log any warning messages. Which command allows you to monitor warning messages inreal time?

A. show system alarms

B. monitor start messages

C. show log messages

D. monitor traffic



QUESTION 21Which two commands would you use to list all active alarm on a router? (Choose two.)

A. request system alarms

B. show chassis alarms

C. show chassis environment

D. show system alarms



QUESTION 22All operations team members are authenticated and authorized by a TACACS+ server. All users are membersof the same login class with view permissions only. You want to give one user in the same login classpermission to also run the show configuration command. How do you accomplish this?

A. You must have the TACACS+ server return the Juniper-Allow-Commands attribute.

B. You cannot do this without assigning the user to a different login class.

C. You must have the TACACS+ server return the Juniper-Configure attribute.

D. You must have the TACACS+ server return the Juniper-Local-User-Name attribute.



QUESTION 23Exhibit:


10/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, assumingyou apply the firewall filter to the input of an interface, which two statements are true for incoming packets onthis interface? (Choose two.)

A. Packets destined to the BGP port with precedence 4 will be rate-limited.

B. Packets destined to the BGP port will never be rate-limited.

C. Packets destined to the BGP port will be classified to queue P3.

D. All packets in forwarding class P3 are rate-limited.

Answer: BC


11/59


12/59

QUESTION 27When would you use BGP as a routing protocol?

A. When you do not want to run other IGPs such as OSPF, RIP or IS-IS.

B. When you need internet access through an Internet Service Provider.

C. When you are dual-homed to multiple Internet Service Providers.

D. When you need a gateway out of your network.



QUESTION 28Your enterprise is dual homed to the same ISP using BGP. You want to influence the return traffic to alwayscome back to your network over one of the links. Which three BGP attributes can you modify in a policy toaccomplish this goal? (Choose three.)

A. local preference

B. AS path

C. next hop

D. origin

E. MED

Answer: BDESection: (none)


QUESTION 29Which statement describes where to apply a packet filter to protect the router?

A. Apply a firewall filter to the fxp0 interface.

B. Apply a firewall filter to the fxp1 interface.

C. Apply firewall filters to all physical interfaces on the router.

D. Apply a firewall filter to the lo0 interface.



QUESTION 30You want to configure the router to match all Telnet (tcp/23) connections. You are configuring the router in the[edit services stateful-firewall rule my-rule term my-term] hierarchy. Which command will cause this tohappen?


13/59

A. set from tcp-destination-port 23

B. set from destination-port 23

C. set from applications junos-telnet

D. set from application-set junos-telnet

Answer: C

Section: (none)


QUESTION 31You have set the OSPF reference bandwidth to 1 Gigabit. Which statement is true?

A. Fast Ethernet interfaces will all calculate a metric value of 100.

B. This setting will override any bandwidth setting in a routing policy.

C. This setting will override any static metric configured under the OSPF interface.

D. This setting will not override any static metric configured under the OSPF interface.



QUESTION 32Which statement is correct regarding policer use for CoS in the enterprise?

A. Traffic can only be policed once in ingress.

B. Traffic can only be policed once in egress.C. Policers are a tool to classify packets.

D. Policers are only useful in ingress.



QUESTION 33

Your Juniper WAN router is connected to an Ethernet switch that is configured to use 802.1p bits for classifyingtraffic. Which statement is correct about the configuration of CoS on the router?

A. Additional configuration is needed to use the 802.1 bits for classification.

B. You can only use multifield classifiers for this traffic.

C. By default the router will use the 802.1p bits for classification.

D. You can only use multifield rewrites for this traffic.



14/59


QUESTION 34What is the primary reason to configure CoS for branch office connectivity?

A. To provide differentiated services to network traffic.

B. You want to make the network faster.

C. You want to reduce congestion.

D. You want to treat all traffic transiting the router equally.



QUESTION 35Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. Router Certkiller 3 andRouter Certkiller 6 are peering using loopback addresses. In the exhibit, how will the link failure betweenRouter Certkiller 6 and Router Certkiller 3 affect the internal BGP session between Router Certkiller 6 andRouter Certkiller 3?

A. The internal BGP session will fail and will be re-established when the physical link between RouterCertkiller 6 and Router Certkiller 3 is repaired.

B. The internal BGP session will drop and a new session will be established through Router Certkiller 1.

C. The session will remain up, and packets crossing the network will be forwarded through Router Certkiller 1.

D. The session will remain up, but forwarding will be interrupted until the physical link between RouterCertkiller 6 and Router Certkiller 3 is repaired.



15/59


QUESTION 36What is the primary reason for configuring a multi area OSPF network?

A. to allow external OSPF routes to be advertised to all areas

B. to reduce the possibility of creating a routing loop

C. to allow scalability by reducing the size of the OSPF database

D. to reduce the number of routers in the backbone area



QUESTION 37The router is using the RED algorithm to selectively drop random packets before congestion becomes critical.Which two statements are correct? (Choose two)

A. Higher-bandwidth data streams are the least likely to be affected.

B. Lower-bandwidth streams are the most likely to be affected.

C. Higher-bandwidth data streams are the most likely to be affected.

D. Lower-bandwidth streams are the least likely to be affected.

Answer: CDSection: (none)


QUESTION 38Which statement is true for a DTE frame-relay interface on a Juniper Networks router?

A. point-to-point must be set on the logical unit.

B. keepalives must be disabled on the physical interface.

C. dte must be set on the physical interface.

D. A dlci value must be defined on the logical unit.



QUESTION 39You are at the [edit policy-options policy-statement my-policy term one] configuration hierarchy. Which twocommands are valid syntax? (Choose two.)


16/59

A. set then counter four

B. set then term three

C. set from metric 2

D. set from prefix-list five



QUESTION 40You are an ISP. Your backbone IP address space is 10.10.0.0/16. Your network management IP addressspace is 192.168.100.0/24. A firewall filter is applied to lo0 which allows management access using Telnet andFTP. Which firewall filter will also allow OSPF and BGP to function without blocking management access ?

A. [edit firewall family inet]

user@r2# showfilter management-access {term allow_telnet_ftp {from {source-address {192.168.100.0/24;}protocol tcp;destination-port [ telnet ftp ];}then accept;}

B. [edit firewall family inet]

user@r2# showfilter management-access {term allow_telnet_ftp {from {source-address {192.168.100.0/24;}then accept;}


17/59

C. [edit firewall family inet]user@r2# showfilter management-access {term allow_telnet_ftp {from {source-address {192.168.100.0/24;

}destination-port [ telnet ftp ];}then accept;}term 2 {from {source-address {10.10.0.0/16;}then accept;}

D. [edit firewall family inet]

user@r2# showfilter management-access {term allow_telnet_ftp {from {source-address {192.168.100.0/24;10.10.0.0/16;}destination-port [ telnet ftp ];}then accept;}term 2 {then {discard;}} }



QUESTION 41What are three types of NAT that Juniper Networks routers support? (Choose three.)

A. dynamic destination port translation

B. static destination address translation

C. static source address translation

D. dynamic source port translation

E. dynamic destination address translation

Answer: BCDSection: (none)


18/59


QUESTION 42You are using the route redistribution strategy to transition your network from RIP to OSPF. What must you do

to avoid routing loops?

A. Apply import policies to restrict routing exchange between protocols.

B. Decease the preference of OSPF.

C. Apply export policies to restrict routing exchange between protocols.

D. Increase the preference of RIP.



QUESTION 43Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, whichcommands will cause the router to use both ESP and AH to secure traffic in the IPSec tunnel?

A. [edit services ipsec-vpn ipsec]lab@R1# set policy my-policy protocol [ esp ah ]

B. [edit services ipsec-vpn ipsec]lab@R1# set proposal my-proposal protocol bundle

C. [edit services ipsec-vpn ipsec]lab@R1# set proposal my-proposal protocol [ esp ah ]

D. [edit services ipsec-vpn ipsec]

lab@R1# set policy my-policy protocol bundle



QUESTION 44


19/59

BGP communities can be used to influence your ingress traffic from the Internet. The communities signal theISP to change specific route attributes for this purpose. Which two attributes should be used for this? (Choosetwo.)

A. MED

B. local preference

C. next hop

D. AS path



QUESTION 45You are examining the output of the stateful firewall session table. Which state indicates that the router is usingan application-layer gateway (ALG) to forward traffic?

A. Forward

B. NAT

C. ALG

D. Watch



QUESTION 46You want to verify that traffic is being classified correctly and forwarded in the proper queue on interface fe-0/0/1. Which two commands would show you this information? (Choose two.)

A. show interfaces queue fe-0/0/1

B. show interfaces fe-0/0/1 detail

C. show class-of-service interface fe-0/0/1

D. show interfaces fe-0/0/1 statistics

Answer: ABSection: (none)


QUESTION 47Exhibit:


20/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. The re-protect f irewallfilter is applied as an input filter on the lo0.0 interface. You have a single BGP peering session with 10.0.0.1.Which statement is true?

A. term two has an incorrect match condition.

B. term three is necessary for the correct operation of BGP.

C. term one is necessary for the correct operation of BGP.

D. term one has an incorrect match condition.

Answer: C

Section: (none)


QUESTION 48Which statement is true?

A. Configuring a stateful firewall requires a stateless firewall filter to also be configured.

B. Stateful firewalls allow conditional acceptance of a packet based on compliance with protocol state.

C. Stateless firewall filters allow conditional acceptance of a packet based on compliance with protocol state.

D. Stateful firewalls and stateless firewall filters are mutually exclusive.



QUESTION 49You are troubleshooting a CoS problem for packets transitioning the router. What are two useful actions?


21/59

(Choose two.)

A. Use show interfaces queue to look for policed traffic.

B. Use monitor traffic to look for BA markings in the header of outgoing packets.

C. Use show interfaces queue to look for dropped traffic.

D. Use a firewall filter to check the IP precedence of incoming packets and the rewrite results for outgoingpackets.



QUESTION 50Which command will allow you to monitor the fan status on a router?

A. show chassis fan-status

B. show chassis systemC. show chassis cooling

D. show chassis environment



QUESTION 51

Which single command would you use to identify all protocols running on a router?

A. show system services

B. show system processes

C. show system statistics

D. show system connections



QUESTION 52You found a log message from your router as follows:Aug 9 19:16:51 radon-re0 chassisd[2622]: CHASSISD_FRU_EVENT:scb_recv_slot_attach: attached FPC 0Which part of the message code indicates the process that generated the message?

A. radon-re0

B. scb_recv_slot_attach


22/59

C. CHASSISD_FRU_EVENT

D. chassisd[2622]



QUESTION 53Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit ascheduler-map is applied to fe-0/0/0 interface of an M7i router.Which statement is correct?

A. With the exception of the assigned bandwidth, all queues will share the remaining bandwidth.

B. Packets in queue P0 and P2 will be dropped because there is no bandwidth assigned to them.

C. Traffic in queue P3 will use all bandwidth if there is enough traffic in the queue .

D. Traffic in P1 and P3 will share the remaining bandwidth.

Answer: A


23/59

Section: (none)


QUESTION 54

What are three functions associated with the JUNOS software class of service? (Choose three.)

A. Manage congestion by intelligently dropping traffic.

B. Manage outbound bandwidth.

C. Map each forwarding class to a different ATM VC.

D. Classify incoming packets.

E. Manage ingress bandwidth.

Answer: ABDSection: (none)


QUESTION 55Which two statements are correct when configuring an IBGP peering session? (Choose two.)

A. You do not need to define a "peer-as" if you specify "type internal"

B. You must define the session as "type internal" if you specify a "peer-as".

C. You should peer to loopback interfaces.

D. The source address of your updates will be your loopback interface by default.

Answer: AC

Section: (none)


QUESTION 56You need to transport sensitive financial data between a branch office and headquarters. Which connectivityoption provides optimum security?

A. GRE tunnel

B. Frame Relay

C. IPSec tunnelD. MPLS Layer 2 VPN



QUESTION 57


24/59

Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, the BAclassifiers are applied to an interface. The packets incoming to this interface will be classified accordingly.Which forwarding class will the router assign to an IP packet with precedence bits 101?

A. P0

B. P3

C. P2

D. P1

Answer: A

Section: (none)


QUESTION 58Which statement is true when configuring CoS?

A. Priority and transmission rate define how packets are stored and dropped.


25/59

B. Buffer size and RED configuration define how packets are stored and dropped.

C. Buffer size and RED configuration define the priority and transmission rate.

D. You define the transmit rate and buffer size in the scheduler map.



QUESTION 59How can you perform a debug on a Juniper enterprise router?

A. Use the debug command.

B. JUNOS does not have a debug command.

C. Use the show debug information.

D. Use traceoptions.



QUESTION 60You want to run RIPv2 as the IGP in your network. Which two statements are true? (Choose two.)

A. RIP multicasts updates to neighbors by default.

B. You must apply an export policy to RIP in order to send RIP routes to neighbors.

C. RIP broadcasts updates to neighbors by default.D. RIP routers automatically discover neighbors on an interface and send RIP routes to them.



QUESTION 61Which three statements are correct with respect to stateful and stateless firewalls? (Choose three.)

A. Stateless firewalls provide packet level protection.

B. Stateless firewalls provide application level protection.

C. Stateful firewalls provide application level protection.

D. Stateless firewalls provide session level protection.

E. Stateful firewalls provide session level protection.

Answer: ACESection: (none)


26/59


QUESTION 62Which step is required to conf igure an FRF.16 Multilink Frame Relay interface on a J-series router?

A. Configure a logical unit between 1000 and 1022.B. Configure multiple DLCIs on a logical unit.

C. Configure the number of bundles at the [edit chassis fpc 0 pic 0] hierarchy.

D. Set encapsulation frame-relay at the [edit interfaces ls-0/0/0] hierarchy.



QUESTION 63Where are CoS multifield classifiers configured?

A. firewall filter

B. routing policy

C. rewrite marker

D. scheduler



QUESTION 64Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, whatwould the result be when the prefix 192.168.192.0/18 is evaluated by the term?

A. The route would be accepted with no modifications.

B. The route would be accepted with the metric set to 10.


27/59

C. The route would be rejected.

D. No match is found.



QUESTION 65Which two commands would you use to verify the Routing Engine memory utilization? (Choose two.)

A. show system processes extensive

B. show system memory

C. show process memory

D. show chassis routing-engine

Answer: AD

Section: (none)


QUESTION 66Which two commands will show you the effects of an import policy applied to BGP neighbor 1.1.1.1? (Choosetwo.)

A. show bgp neighbor 1.1.1.1 received-routes

B. show route protocol bgp

C. show route receive-protocol bgp 1.1.1.1D. show bgp neighbor 1.1.1.1 detail



QUESTION 67Which two statements about policers are correct? (Choose two.)

A. Policers can only be configured using firewall filters.

B. Traffic exceeding the policer can be dropped or reclassified.

C. You can only police traffic once per direction.

D. Policers are useful against Denial of Service (DoS) attacks.




28/59

QUESTION 68Which command would you use to display the stateful f irewall session table?

A. show services stateful-firewall session-table

B. show services session-tableC. show services flows

D. show services stateful-firewall flows



QUESTION 69

Which statement is true about stateless packet filters?

A. Multiple input and output filters can be applied to each logical interface.

B. A firewall filter applied to a physical port affects all logical ports on that physical port.

C. One input and one output filter can be applied to each logical interface.

D. Firewall filters applied to an interface can track session information for statistical analysis.



QUESTION 70What is the purpose of an ASBR summary LSA?

A. to reach networks that are outside of your area

B. to summarize all ASBR routes into a single route

C. to reach ASBR routers that are outside of your area

D. to reach ASBR routers in your area when used in a multi area OSPF network



QUESTION 71You have configured an IPSec-over-GRE tunnel to a non-Juniper router with different IPSec and GREendpoints. The tunnel interface is gr-0/0/0.0, the inside service interface is sp-0/0/0.2, and the outside serviceinterface is sp-0/0/0.1. How do you enable OSPF in area 0 for this tunnel?

A. set protocols ospf area 0 interface sp-0/0/0.1


29/59

B. set protocols ospf area 0 interface gr-0/0/0.0

C. set protocols ospf area 0 interface sp-0/0/0.0

D. set protocols ospf area 0 interface sp-0/0/0.2



QUESTION 72Firewall filters are processed by which component in the router?

A. The routing protocols.

B. The Routing Process Daemon (rpd).

C. The Packet Forwarding Engine.

D. The master routing table.



QUESTION 73You are configuring an IPSec VPN on a J-series router. Which two statements are true? (Choose two.)

A. An IPSec proposal can reference multiple encryption algorithms.

B. An IPSec rule can reference multiple IPSec policies in a single term.

C. An IPSec policy can reference multiple IPSec proposals.D. An IKE policy can reference multiple IKE proposals.



QUESTION 74When you contact JTAC for a troubleshooting problem, which two commands will provide importantinformation about the router's hardware and software? (Choose two.)

A. show version

B. show chassis hardware

C. show system coredump

D. show system statistics



30/59


QUESTION 75Which form of Multilink Frame Relay allows multiple DLCIs to be bound to a single logical unit?

A. FRF.15B. FRF.26

C. FRF.16

D. FRF.25



QUESTION 76Which statement is true if a packet does not match any terms in a firewall filter?

A. The packet is forwarded and no other action is taken.

B. The packet is forwarded and the "no-match" counter is incremented in the firewall statistics.

C. The packet is rejected and an "administratively-prohibited" message is sent back to the source.

D. The packet is silently discarded.



QUESTION 77Which two statements about the Compressed Real-Time Transport Protocol (CRTP) are correct regarding theJ-series router? (Choose two.)

A. CRTP can only be configured on non-multilink interfaces.

B. CRTP can only be configured on multilink interfaces.

C. CRTP options are configured on an ls- interface.

D. CRTP operates between two directly-connected routers.



QUESTION 78Exhibit:


31/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit you see apolicy that filters routes based on their community value.Which route will be accepted by the policy?

A. 200.2.0.0/24 community 65002:10

B. 200.3.0.0/24 community 65001:11

C. 200.1.0.0/24 community 65001:10

D. 200.4.0.0/24 community 65002:11



QUESTION 79Exhibit:

Network Topology Exhibit:


32/59


33/59


34/59

many internal BGP sessions are needed on Router 6 if all routers are running BGP and no route reflection orconfederations are being used?

A. 6

B. 5

C. 3

D. 1



QUESTION 85Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. Referring to the exhibit,which two statements are true? (Choose two.)

A. The "input" match direction for the service-set is from the "Trusted" network towards the FTP server.

B. A route pointing to the service interface must be configured.

C. The "input" match direction for the service-set is from the FTP server towards the "Trusted" network.

D. The service-set is applied directly to the interface.



QUESTION 86Which statement is true about next-hop-style and interface-style service sets for IPSec VPNs?

A. Only interface-style supports IPSec-over-GRE with the same tunnel endpoints.

B. Both sets support routing protocols directly over IPSec.

C. Only interface-style supports multicast traffic directly over IPSec.

D. For data encryption you must use interface-style sets.

Answer: A


35/59

Section: (none)


QUESTION 87

Which two statements are true regarding IPSec VPN service rules configured at the [edit services ipsec-vpn]hierarchy? (Choose two.)

A. Each term can specify a different IPSec policy.

B. Each term can match multiple source and destination prefixes.

C. Each term can specify a different local gateway.

D. Each term can specify a different remote gateway.



QUESTION 88Which two statements are true about setting the MED attribute? (Choose two.)

A. MED can only be set using a policy.

B. MED cannot be set by using a policy.

C. MED can be set to equal the IGP metric.

D. MED can be set to equal the IGP metric + offset value.

Answer: CD

Section: (none)


QUESTION 89Exhibit:


36/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what isthe correct internal BGP configuration for router 192.168.1.6 in order to peer with 192.168.1.3 using loopbackaddresses?

A. [edit protocols]User@Router6#showbgp {group internal-peers {type internal;local-address 192.168.1.6;neighbor 192.168.1.3;}

B. [edit protocols]User@Router6#showbgp {group internal-peers {local-address 192.168.1.6;neighbor 192.168.1.3;}

C. [edit protocols]User@Router6#showbgp {group internal-peers {type internal;local-address 192.168.1.6;neighbor 192.168.1.3 {multihop {ttl 2;}

D. [edit protocols]User@Router6#showbgp {group internal-peers {type internal;peer-as 65000;neighbor 192.168.1.3;}



37/59


QUESTION 90Which statement is true when applying policies to BGP?

A. Global policies override group and neighbor policies.

B. You must apply a policy directly to a neighbor if you want to filter routes to or from that neighbor.

C. Neighbor policies override group and global policies.

D. A route must pass through all global, group, and neighbor policies before it can be accepted.



QUESTION 91Which configuration step is required when configuring an OSPF stub area?

A. You must configure the command stub under [edit protocols ospf] on the ASBR.

B. You must configure the command stub on all routers under [edit protocols ospf].

C. You must configure the command stub under [edit protocols ospf area] on the ABR.

D. You must configure the command stub on all routers under [edit protocols opsf area].



QUESTION 92Which path attribute is automatically updated when a route is sent to an external BGP neighbor on a point-to-point link?

A. originator ID attribute

B. aggregator ID attribute

C. BGP next-hop attribute

D. route preference attribute



QUESTION 93Assume the router is currently using default route preferences. Which command would cause the router toselect different active routes?


38/59

A. set protocols bgp preference 170

B. set protocols ospf preference 500

C. set protocols direct preference 20

D. set protocols rip group my-group preference 90



QUESTION 94You want to configure the router to match all FTP connections to 172.30.30.30/32. You are configuring therouter in the [edit services stateful-firewall rule my-rule term my-term] hierarchy. Which commands will causethis to happen?

A. set from applications junos-ftp

set from destination-address 172.30.30.30/32B. set from applications junos-ftp

set to destination-address 172.30.30.30/32

C. set to applications junos-ftpset to destination-address 172.30.30.30/32

D. set to applications junos-ftpset from destination-address 172.30.30.30/32



QUESTION 95Which two statements are true about Port Address Translation (PAT) on J-series routers? (Choose two.)

A. It supports dynamic destination PAT.

B. It supports TCP and UDP.

C. It supports dynamic source PAT.

D. It does not support ICMP as it has no port numbers.

Answer: BC

Section: (none)


QUESTION 96Exhibit:


39/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, whatwould the result be when the prefix 10.0.67.43/32 is evaluated by the term?

A. The route would be rejected.

B. The route would be accepted with no modifications.

C. No match is found.

D. The route would be accepted with the metric set to 10.



QUESTION 97You have configured an OSPF stub area. What does adding the no-summaries command do?

A. It blocks summaries out of the stub area, and blocks summaries coming in from the backbone.

B. It allows summaries out of the stub area, but blocks summaries coming in from the backbone.

C. It allows summaries out of the stub area, and allows summaries coming in from the backbone.

D. It blocks summaries out of the stub area, and allows summaries coming in from the backbone.



QUESTION 98Exhibit:


40/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, what willthe router do when it receives a packet from source address 10.10.10.10 on an interface where the my-service-set service set is applied?

A. Accept the packet.

B. Send an ICMP error message.

C. Silently discard the packet.

D. Send a TCP RST.



QUESTION 99Which statement is correct about the use of BA classifiers for incoming packets?

A. Custom classifiers are needed in some cases.

B. No custom classifiers are possible.

C. All BA classifiers are enabled by default.

D. Only Layer 3 BA classifiers are available.




41/59

QUESTION 100Which two statements are true about RIPv2? (Choose two.)

A. RIP routers can update individual prefixes to provide incremental route updates.

B. A RIP router acknowledges updates it receives.

C. RIP metrics are based on hop count.

D. A RIP router can send up to 25 prefixes in a single update.



QUESTION 101Which two statements about AH and ESP are correct? (Choose two.)

A. ESP provides data privacy, data integrity, and data correction.

B. AH provides data integrity and data authentication.

C. ESP provides data privacy, data authentication, and data integrity.

D. AH provides data privacy, data authentication, and data integrity.



QUESTION 102Network Topology Exhibit:

Show firewall Exhibit:


42/59

Show interfaces Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, afterapplying the firewall f ilter to the router, you notices that some unwanted ICMP traffic is still passing through therouter. Which two reasons would be the cause? (Choose two.)

A. The filter does not have a reject or discard at the end.

B. The filter does not specify which protocol to allow.C. The filter is not applied to the interface correctly.

D. The filter is performing as configured.



QUESTION 103

What is the most preferred route preference value?

A. 255

B. 4294967295

C. 1

D. 0



43/59


QUESTION 104Which benefit do IPSec VPNs provide compared to MPLS-based VPNs?

A. performanceB. security

C. control

D. Internet connectivity



QUESTION 105You are configuring the router at the [edit services stateful-firewall rule my-rule term my-term] hierarchy. Youwant to match connections from all source addresses except 10.10.10.17 through 10.10.10.32. Whichcommand will cause the router to match this traffic?

A. set from source-address-range-except 10.10.10.17 through 10.10.10.32

B. set from source-address-range-except low 10.10.10.17 high 10.10.10.32

C. set from source-address-range 10.10.10.17 through 10.10.10.32 except

D. set from source-address-range low 10.10.10.17 high 10.10.10.32 except



QUESTION 106Which two statements are true regarding BA classifiers? (Choose two.)

A. They are more flexible than multifield classifiers.

B. They are most useful when using multiple routers.

C. They are most useful when using one router.

D. They are less flexible than multifield classifiers.



QUESTION 107A stateful firewall is configured on a Juniper router. Which command displays the number of connections thatthe router has rejected due to errors with the IP headers?


44/59

A. show services statistics

B. show services stateful-firewall statistics errors

C. show services stateful-firewall errors

D. show services stateful-firewall statistics extensive



QUESTION 108You are configuring a router at the [edit] hierarchy. Which command will configure the router to log informationregarding IKE sessions?

A. set services ipsec-vpn traceoptions flag ike

B. set services ipsec-vpn ike traceoptions flag all

C. set security ipsec traceoptions flag ike

D. set system syslog file messages ike



QUESTION 109Exhibit:

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, whichconfiguration hierarchy may my-policy be defined?

A. [edit services stateful-firewall]

B. [edit firewall]

C. [edit policy-options]

D. [edit access-list]




45/59


You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, youconfigure R1 and R2 to export RIP routes to OSPF and OSPF routes to RIP. Users in the RIP network arecomplaining about connectivity to users in the OSPF network.What are two possible causes of the problem? (Choose two.)

A. Export policy is allowing a routing loop to form.

B. RIP is not a link-state protocol.

C. The correct RIP routes are not exported to OSPF.

D. RIP has a lower preference than OSPF.



QUESTION 111You have configured the router to use an interface-style service set on an interface.

Which two statements are true? (Choose two.)

A. The router will use the interface-style service set to process multicast traffic if you have configured aservice filter that selects the traffic.

B. If you do not configure a service set to use any stateful firewall rules, the AS PIC allows all connections.

C. The router will use the interface-style service set to process all multicast traffic by default.

D. If you use at least one stateful firewall rule, the AS PIC discards all connections that fail to match.



46/59


QUESTION 112Which two statements are correct about IPSec-over-GRE tunnels? (Choose two.)

A. You can use the same endpoint IP addresses for both the IPSec and GRE tunnels.

B. You must use a next-hop-style service set when configuring an IPSec-over-GRE tunnel.

C. You must use a next-hop-style service set in order to send multicast traffic over an IPSec-over-GRE tunnel.

D. You can send multicast traffic over an IPsec-over-GRE tunnel.



QUESTION 113Which two statements are correct about CoS processing on enterprise routers? (Choose two.)

A. On the J-series platform, CoS functions are performed in the software and their availability and limitationsare not dependent on the interface type.

B. On the M-series platform, CoS functions are performed in the hardware and have limitations that aredependent on the interface type.

C. On the J-series platform, CoS functions are performed in the hardware and have limitations that aredependent on the interface type.

D. On the M-series platform, CoS functions are performed in the software and their availability and limitationsare not dependent on the interface type.



QUESTION 114Given OSPF AS external, RIP, EBGP, and IBGP learned routes to the same destination, which route ispreferred?

A. the EBGP route

B. the RIP routeC. the IBGP route

D. the OSPF AS external route




47/59

QUESTION 115Which statement is true about external BGP sessions?

A. You normally filter the routes sent to you by your provider using policy.

B. Your provider normally does not allow you to filter routes sent to or received from your provider.

C. You normally should not filter any routes sent to or received from your provider.

D. You normally filter the routes you send to your provider using policy.



QUESTION 116You have a BGP peer that goes up and down repeatedly. How would you gather log messages to troubleshootthe problem?

A. Use the monitor interface command.

B. Change the syslog level to debug.

C. Use the request support information command.

D. Set the traceoptions for the BGP neighbor.



QUESTION 117Your router is under a denial-of-service attack, you apply a firewall filter to lo0 to silently drop the packets.Which firewall filter action enables you to achieve this?

A. blackhole

B. reject

C. deny

D. discard



QUESTION 118Which BGP path attribute is automatically updated when a route is sent to an external BGP peer?

A. originator ID attribute

B. AS path attribute


48/59

C. local preference attribute

D. MED attribute



QUESTION 119Which two statements are true about BGP peering sessions? (Choose two.)

A. IBGP peers should peer between loopback interfaces.

B. EBGP peers must be directly connected to each other.

C. EBGP peering sessions to loopbacks may require static routes.

D. IBGP peering sessions require the configuration of a peer-as.

Answer: AC

Section: (none)




49/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, which

statement is true of a BGP-learned route to 10.1.0.0/24 that is evaluated against the BGP export policy chain?

A. It is accepted and the metric is not modified.

B. It is accepted and the metric is set to 5.

C. It is accepted and the metric is set to 10.

D. It is rejected.



QUESTION 121A router is configured to use source NAT with a next-hop-style service set. Which statement is true?

A. The router automatically adds a route for the NAT pool with a next hop of the inside service interface.

B. You must manually configure a route for the NAT pool with a next hop of the inside service interface.

C. The router automatically adds a route for the NAT pool with a next hop of the outside service interface.

D. You must manually configure a route for the NAT pool with a next hop of the outside service interface.


50/59



QUESTION 122You have policy-statement my-policy configured at the [edit policy-options] configuration hierarchy. At whichtwo configuration hierarchies could you reference this policy? (Choose two.)

A. [edit routing-options forwarding-table]

B. [edit services service-set my-service-set]

C. [edit interfaces lo0 family inet filter]

D. [edit protocols bgp]



QUESTION 123What is a proper encapsulation setting for MLPPP?

A. encapsulation mlppp on an se- interface

B. encapsulation mlppp on an ls- interface

C. encapsulation multilink-ppp on a logical unit of a t1- interface

D. encapsulation multilink-ppp on a logical unit of an ls- interface



QUESTION 124Which two statements about AH and ESP are correct? (Choose two.)

A. AH protects the complete packet except mutable fields from being modified in transit

B. AH protects only the original packet from being modified in transit

C. ESP protects only the original packet from being modified in transit

D. ESP protects the complete packet except mutable fields from being viewed in transit



QUESTION 125


51/59

Which command will allow you to see the encryption and/or authentication algorithms that the router is using toencrypt user data on a given IPSec tunnel?

A. show services ipsec-vpn tunnel detail

B. show services ipsec-vpn ipsec security-associations extensive

C. show services ipsec-vpn ipsec statistics detail

D. show services ipsec-vpn ike security-associations detail



QUESTION 126Which interface type is used to configure MLPPP on a J-series router?

A. as-

B. lt-C. ls-

D. ml-



QUESTION 127

Which two statements are true regarding NAT and PAT support on J-series routers? (Choose two.)

A. You may translate source addresses using a smaller NAT pool.

B. You may configure NAT only for source translations.

C. You may configure dynamic PAT only for source translations.

D. You may use an interface address in a NAT pool with a next-hop-style service set.



QUESTION 128You are configuring an IPSec tunnel between two devices. Which two statements are true? (Choose two.)

A. You define your transit data encryption algorithms under the [services ipsec-vpn ike] configurationhierarchy.

B. You must configure IKE to establish the tunnel.

C. You define your transit data encryption algorithms under the [services ipsec-vpn ipsec] configurationhierarchy.


52/59

D. You can configure manual or dynamic security associations.



QUESTION 129Which command do you use to collect necessary information for JTAC assistance?

A. show tech-support

B. request support information

C. request system support information

D. show configuration



QUESTION 130You have the following configuration on the router:authentication-order [ radius tacplus password ]; Which statement is true?

A. Each authentication method is tried in order until the password is accepted.

B. If all configured methods fail to reply, local authentication will not be tried.

C. The user will only be authenticated through RADIUS if local user password fails.

D. If a password is rejected, the next method on the list will not be tried.



QUESTION 131You are configuring schedulers for VoIP, business critical data and best effort data traffic which are classifiedin different forwarding classes. Which two statements are true? (Choose two.)

A. You should assign a large buffer to business critical data traffic to decrease packet loss as much aspossible.

B. You should assign to VoIP traffic the same priority as that of business critical data traffic.

C. You should assign high priority and a large buffer to VoIP traffic to prevent packet loss.

D. You should assign high priority and a reasonably small buffer to VoIP traffic to minimize delay.




53/59

QUESTION 132In stateful firewall or NAT rules, what are two functions performed by an application-layer gateway? (Choosetwo.)

A. Allows the router to perform NAT properly for an application.B. Allows the router to properly accept traffic for an application when using a stateful firewall without NAT.

C. Allows the router to authenticate user credentials to determine whether to allow traffic to an applicationserver.

D. Allows the router to act as a proxy device for an application.



QUESTION 133Which two parameters of a scheduler can control the resources assigned to a queue? (Choose two.)

A. priority

B. period to visit a queue

C. buffer-size

D. delay





54/59

You work as a network administrator at Certkiller .com. You study the exhibit carefully. Your enterprise is dualhomed to two different ISPs (A and B). Your AS number is 2001. You want to make sure you will not be atransit AS between the two ISPs. In the exhibit you see a partial configuration.Which AS-path regular expressions complete the configuration to accomplish this goal?

A. [edit policy-options]set as-path no_transit ".*";

B. [edit policy-options]set as-path no_transit ".* 2001 .*";

C. [edit policy-options]set as-path no_transit "2001";

D. [edit policy-options]set as-path no_transit "()";



QUESTION 135Which three can be used for matching in a stateless firewall filter from statement? (Choose three.)

A. portB. source-address

C. next-hop

D. application-set

E. source-port

Answer: ABESection: (none)


55/59


QUESTION 136Which statement is true for a DTE frame-relay interface on a Juniper Networks router?

A. dte must be set on the physical interface.B. multipoint must be set on the physical interface.

C. The dlci and logical unit values must match.

D. Encapsulation frame-relay must be configured on the physical interface.



QUESTION 137What information can be gathered using traceoptions? (Choose two.)

A. interface operational information

B. firewall counters

C. chassis status

D. routing protocol information



QUESTION 138Which statement is true when using BGP with a provider?

A. You should advertise all of your internal routes so your provider can return traffic to your network.

B. Your provider should send you the full BGP route table to ensure external reachability.

C. You should try to summarize your routes into the least number of routes possible.

D. You should only run BGP on your edge device and redistribute the BGP routes into your IGP.

Answer: C

Section: (none)


QUESTION 139Which two statements are correct? (Choose two.)

A. A BA classifier can be applied to egress packets to set the ToS bits in the IPv4 header.


56/59

B. If a BA classifier puts a packet into a forwarding class, a firewall filter can override it and put the packet intoa different forwarding class.

C. A BA classifer can put the incoming packets into different queues based on their destination addresses.

D. Both an IPv4 BA classifier and a firewall can classify packets based on their ToS bits.



QUESTION 140Which two statements are correct? (Choose two.)

A. By default, traffic can only use the best effort queue and assured-forwarding queues.

B. You can configure traffic to the same destination to use multiple queues.

C. You can not configure traffic to the same destination to use multiple queues.

D. By default, traffic can only use the best effort and network control queues.




You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, you havean external BGP neighbor that is not receiving the route 192.168.20.0/24 in your BGP updates. You haveapplied the policy "example" as an export policy to your BGP neighbor. You ran the "test policy" command onthe prefix and received the results in the exhibit.

Which statement would explain why the route is not being sent to your BGP neighbor?

A. The prefix 192.168.20.0/24 was accepted by a term in the example policy.

B. Policy example should be applied as an import policy, not an export policy.

C. The prefix 192.168.20.0/24 was rejected by a term in the example policy.

D. The prefix 192.168.20.0/24 was not accepted or rejected by any terms in the example policy.



57/59


QUESTION 142Your enterprise is dual homed to two different ISPs (A and B) using BGP. You want to inf luence traffic entering

your network to prefer ISP

A. Which two BGP attributes canyou manipulate in a policy to accomplish this goal? (Choose two.)

B. origin

C. local preference

D. AS path

E. route preference



QUESTION 143You have a next-hop-style service set. You want to use sp-0/0/0.1 as the outside service interface and use sp-0/0/0.2 as the inside service interface. Which two statements regarding next-hop style service sets are true?(Choose two.)

A. You must configure next-hop-style on the sp-0/0/0 interface.

B. You must configure family inet on the sp-0/0/0.1 interface.

C. You may configure a service filter on the sp-0/0/0.1 interface.

D. You must configure service-domain outside on the sp-0/0/0.1 interface.



QUESTION 144You make changes to an existing NAT rule and commit the configuration. Which two statements are true?(Choose two.)

A. The change affects existing flows only after you clear the flow table.B. The change affects existing flows immediately.

C. The change affects new flows immediately.

D. The change affects new flows only after you clear the flow table.




58/59


You work as a network administrator at Certkiller .com. You study the exhibit carefully. In the exhibit, whichexport policy or policies will be applied to BGP neighbor 1.1.1.1?

A. customer-filter

B. customer-filter, local-routes and block-privates

C. local-routes and block-privates

D. local-routes



QUESTION 146Your router is under distributed denial-of-service (DDoS) attack, which tool should you use to protect yourRouting Engine (RE)?

A. a policer applied to the input of fe-0/0/0.0

B. a firewall filter applied to the input of fe-0/0/0.0

C. a policy-statement to discard all routes to source addresses of DoS packets

D. a firewall filter applied to the input of lo0.0

Answer: D

Section: (none)


QUESTION 147Which statement about next-hop-style and interface-style service sets is correct?

A. Both styles support multicast traffic.

B. Both styles require multiple routing instances.


59/59

C. Only interface-style service sets can use multiple routing instances.

D. Only next-hop-style service sets support multicast traffic.



Documents

Juniper.actualTests.jn0 350.v2008!07!15.by.ramon 1