JN0 643 Q&A Troytec

JN0-643
Enterprise Routing and Switching,

Professional (JNCIP-ENT)
Exam: JN0-643
Edition: 3.0
© 2013 - 2014 Troy Tec, LTD All Rights Reserved
1 http://www.troytec.com
JN0-643
QUESTION: 1
Which connection method do OSPF routers use to communicate with each other?
A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6
Answer: C
QUESTION: 2
Which statement is true about default BGP route redistribution behavior?
A. IBGP-learned routes are advertised only to other IBGP peers.

B. EBGP-learned routes are redistributed into any IGPs.
C. EBGP-learned routes are advertised only to other EBGP peers.
D. EBGP-learned routes are advertised to other IBGP and EBGP peers.
Answer: B
QUESTION: 3
In a PIM-SM network, which type of node helps to build a tree towards an unknown
multicast source?
A. DIS
B. RP
C. DR
D. BSR
Answer: A
QUESTION: 4
Which statement is true about MVRP?
JN0-643
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maps multiple independent spanning-tree instances onto one physical topology.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Answer: A
QUESTION: 5
Which statement is true about LLDP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maintains a separate spanning-tree instance for each VLAN.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Answer: C
QUESTION: 6
Which CoS feature avoids congestion in a device by limiting traffic on ingress interfaces?
A. rewrite rule
B. scheduler
C. drop profile
D. policer
Answer: A
QUESTION: 7
-- Exhibit –
JN0-643
-- Exhibit --
Click the Exhibit button.
Which statement is true about the IPv6 network shown in the exhibit?
A. OSPFv2 must be configured to route IPv4 prefixes.

B. Areas 1 and 2 cannot be a stub or NSSA.
C. OSPFv3 can use MD5 authentication.
D. OSPFv3 can route IPv4 prefixes.
Answer: D
QUESTION: 8
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, what is the shortest path from R6 to R5?
A. R6, R4, R2, R1, R3, R5

B. R6, R4, R2, R3, R5
C. R6, R4, R5
D. R6, R5
Answer: D
QUESTION: 9
R1 and R2 are ASBRs in the same area, each with an equal cost external path to the same
external network prefix. R1 advertises an external route into OSPF with a Type 1 metric.
R2 advertises an external route into OSPF with a Type 2 metric Which route would be
preferred?
A. R1's route is preferred because Type 1 metrics take into account the external cost only.
B. R1's route is preferred because Type 1 metrics take into account the internal and
external cost.
C. R2's route is preferred because Type 2 metrics take into account the internal and
external cost.
D. R2's route is preferred because Type 2 metrics take into account the external cost only.
Answer: D
QUESTION: 10
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, which LSA type will Router R2 inject into Area 1?
A. Type 3 LSA
B. Type 4 LSA
C. Type 5 LSA
D. Type 7 LSA
Answer: A
QUESTION: 11
-- Exhibit --
[edit protocols ospf] user@R2# show area 0.0.0.6 { nssa {
default-lsa default-metric 10;
area-range 184.23.12.0/24;
}
interface ge-1/1/4;
}
[edit protocols ospf]
user@R2# show ospf database
OSPF database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *192.168.0.2 192.168.0.2 0x80000004 749 0x22 0x87c2 60
JN0-643
Router 192.168.0.3 192.168.0.3 0x80000004 399 0x22 0x94b5 60

Summary *10.0.0.0 192.168.0.2 0x80000003 19 0x22 0xe2e4 28
Summary *192.168.0.1 192.168.0.2 0x80000002 1100 0x22 0xbda7 28
Router 192.168.0.1 192.168.0.1 0x80000004 404 0x20 0x76db 60
Router *192.168.0.2 192.168.0.2 0x80000003 1802 0x20 0x319b 48
Summary *11.0.0.0 192.168.0.2 0x80000002 2504 0x20 0xf5d3 28
Summary *192.168.0.2 192.168.0.2 0x80000003 2153 0x20 0xc5a0 28
Summary *192.168.0.3 192.168.0.2 0x80000002 398 0x20 0xc79d 28
NSSA *0.0.0.0 192.168.0.2 0x80000001 11 0x20 0xcbf1 36
NSSA 184.23.12.0 192.168.0.1 0x80000002 447 0x28 0xb93f 36
OSPF AS SCOPE link state database
Extern *184.23.12.0 192.168.0.2 0x80000003 11 0x22 0x28d6 36
-- Exhibit --
Referring to the exhibit, which two statements are correct? (Choose two.)
A. R2 injects a Type 3 LSA for 184.23.12.0/24 into the backbone.

B. R2 is an ABR.
C. R2 injects a Type 5 LSA for 184.23.12.0/24 into the backbone.
D. R2 is an ASBR.
Answer: B, C
QUESTION: 12
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, which type of LSA will be seen on router A for routes originating
in Customer A's network?
A. Type 7 LSA
B. Type 2 LSA
C. Type 5 LSA
D. Type 1 LSA
Answer: C
QUESTION: 13
Which statement is true regarding OSPF multi-area adjacencies?
A. A type 3 (stub) link is advertised for a multi-area adjacency.

B. Configuring a multi-area adjacency allows the corresponding link to be considered an
interarea link, so it will be less preferred over an intra-area link.
C. One logical interface will be a primary link, and the other configured as a secondary
link; the secondary link will be established as an unnumbered point-to-point interface.
D. A DR and a BDR will be elected over the secondary interface, because it is not point-
to- point.
Answer: C
QUESTION: 14
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, which two statements are correct? (Choose two.)
A. Traffic destined for R2 will be blackholed.

B. Transit traffic will follow the R1-R2-R4 path.
C. Traffic destined for R2 will reach R2.
D. Transit traffic will follow the R1-R3-R4 path.
Answer: C, D
QUESTION: 15
Which statement is true about using an OSPF import policy?
A. Import policies are not allowed in OSPF, applying the policy will do nothing.
B. Applying an import policy to OSPF may block normal LSA flooding.
C. Import policies are allowed only for external route types.
D. Applying this policy will cause a commit failure.
Answer: C
QUESTION: 16
Which statement is true regarding the SPF algorithm?
JN0-643
A. The SPF algorithm is run on a per-domain basis.

B. If you apply an import policy to OSPF, it keeps LSAs from being flooded, and the SPF
calculation can be affected.
C. There are two databases used in the calculation, the link-state database and the tree
database.
D. The SPF calculation is run on a per-area basis on each router.
Answer: D
QUESTION: 17
You are asked to configure graceful restart in your network. Which OSPF LSA type would
you expect to see in the LSDB?
A. Type 8
B. Type 9
C. Type 10
D. Type 11
Answer: B
QUESTION: 18
-- Exhibit –
JN0-643
JN0-643
-- Exhibit --
Referring to the exhibit, which answer is correct?
A. R2 is the DR and R1 is the BDR.

B. R4 is the DR and R2 is the BDR.
C. R2 is the DR and R3 is the BDR.
D. R3 is the DR and R2 is the BDR.
Answer: C
QUESTION: 19
-- Exhibit --
user@router> show ospf database network extensive
OSPF link state database, area 0.0.0.1
Network 10.222.1.1 192.168.20.1 0x80000002 813 0x2 0x 32
mask 255.255.255.0 attached router 192.168.20.1 attached router 192.168.40.1
Aging timer 00:46:27
Installed 00:13:32 ago, expires in 00:46:27, sent 1w5d 01:07:09 ago
-- Exhibit --
Referring to the exhibit, which statement is true regarding the OSPF network LSA?
A. The ID field value shows the router ID of the advertising router.

B. The ID field is the local interface IP address from which the LSA will be advertised.
C. The options field indicates this is a Type 2 LSA.
D. The output shows that 192.168.20.1 is the designated router.
Answer: D
QUESTION: 20
-- Exhibit --
user@router> show log ospf
Sep 19 00:22:13.420315 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge-
0/0/2.0 area 0.0.0.0
Sep 19 00:22:14.475671 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area
JN0-643
0.0.0.0)
0.0.0.0)
Sep 19 00:22:14.857304 OSPF packet ignoreD. no matching interface from 12.0.0.1, IFL
85
0/0/2.0 area 0.0.0.0
Sep 19 00:22:20.855690 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge-
0/0/1.0 area 0.0.0.0
Sep 19 00:22:20.856108 OSPF rcvd Hello 10.0.0.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 75 area
0.0.0.0)
Sep 19 00:22:20.856177 Version 2, length 44, ID 10.0.0.2, area 0.0.0.0
Sep 19 00:22:20.856229 checksum 0x0, authtype 0
Sep 19 00:22:20.856299 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128
Sep 19 00:22:20.856352 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0
0/0/2.0 area 0.0.0.0
Sep 19 00:22:22.013285 OSPF packet ignoreD. area mismatch (0.0.0.1) from 12.0.0.2 on
intf ge-0/0/4.0 area 0.0.0.0
0.0.0.0)
Sep 19 00:22:22.013890 checksum 0xd51e, authtype 0
85
Sep 19 00:22:22.434956 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed
0.0.0.0)
85
0.0.0.0)
0.0.0.0)
0/0/2.0 area 0.0.0.0
Sep 19 00:22:29.950015 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed
0/0/2.0 area 0.0.0.0
Sep 19 00:22:30.713279 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge-
0/0/1.0 area 0.0.0.0
JN0-643
0.0.0.0)
Sep 19 00:22:30.713553 checksum 0x0, authtype 0
-- Exhibit --
Referring to the exhibit, what is preventing the OSPF adjacency on interface ge-0/0/4 from
forming?
A. area mismatch
B. subnet mismatch
C. MTU mismatch
D. authentication mismatch
Answer: A
QUESTION: 21
-- Exhibit --
[edit protocols ospf] user@R2# show area 0.0.0.3 {
stub default-metric 10 no-summaries;
interface ge-0/1/1.0;
}
-- Exhibit --
Referring to the output in the exhibit, which statement is true?
A. R2 is an ABR and will send a Type 7 LSA 0/0 route down into the nonbackbone area.
B. R2 is an ABR and will send a Type 3 LSA 0/0 route down into the nonbackbone area.
C. R2 will not send a Type 3 LSA 0/0 route into the nonbackbone area.
D. R2 will add a metric cost of 10 to the existing metric of a 0/0 route it receives from the
backbone area and then send it into the nonbackbone area in a Type 5 LSA.
Answer: B
QUESTION: 22
-- Exhibit --
user@router> show ospf route
JN0-643
Topology default Route Table:

Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface Address/LSP
192.168.1.0/24 Intra Network IP 10 ge-0/0/1.0
-- Exhibit --
Which two configurations result in the output shown in the exhibit? (Choose two.)
A. [edit protocols ospf] user@router# show reference-bandwidth 10g; area 0.0.0.0 {

}
B. [edit protocols ospf] user@router# show reference-bandwidth 1g; area 0.0.0.0 {
}
C. [edit protocols ospf] user@router# show reference-bandwidth 1m; area 0.0.0.0 {
interface ge-0/0/1.0 {
metric 10;
}
}
D. [edit protocols ospf] user@router# show reference-bandwidth 100m; area 0.0.0.0 {
}
Answer: A, C
QUESTION: 23
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, you are asked to prevent the 184.16.1.0/24 route from entering the
backbone. Which configuration statements would accomplish the task?
A. On router R1, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict
command.
B. On router R3, issue the set protocols ospf area 0 area-range 184.16.1.0/24 restrict
command.
C. On router R3, issue the set protocols ospf area 3 area-range 184.16.1.0/24 restrict
command.
D. On router R3, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict
command.
Answer: D
QUESTION: 24
-- Exhibit –
JN0-643
-- Exhibit --
You are asked to connect Area 2 to the backbone. Which configuration would be required
on R3?
A. [edit protocols ospf3]

user@R3# show area 0.0.0.0 {
virtual-link neighbor-id 10.0.10.1 transit-area 0.0.0.1;
}
B. [edit protocols ospf]
interface-type p2p;
}
}
C. [edit protocols ospf3]
}
D. [edit protocols ospf3]
JN0-643

}
Answer: C
QUESTION: 25
-- Exhibit --
[edit protocols ospf] user@area-1-abr# show area 0.0.0.1 { nssa {
default-lsa { default-metric 10; metric-type 2; type-7;
}
no-summaries;
}
interface so-0/1/1.0;
}
-- Exhibit --
Referring to the exhibit, which statement is true?
A. The ABR will generate a Type 3 summary default route into the NSSA.
B. The ASBR will generate a Type 7 default route into the NSSA.
C. The type-7 parameter allows interoperability with newer versions of the Junos OS.
D. The only LSA types allowed into the area are Type 1, Type 2, Type 3, and Type 7.
Answer: B
QUESTION: 26
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, you are asked to verify certain routing information within your
OSPFv3 routing domain. You must review the prefixes learned from R3. Which two LSA
types from the output shown in the exhibit must be reviewed? (Choose two.)
A. the Router LSAs from RID 10.0.0.2

B. the Extern LSAs from RID 10.0.0.2
C. the InterArPfx LSAs from RID 10.0.0.2
D. the Network LSAs from RID 10.0.0.2
Answer: B, C
QUESTION: 27
-- Exhibit –
JN0-643
-- Exhibit --
ISP-A is advertising the 200.0.3.0/24 route to R1. R1 is advertising this BGP route to R2
but the route is hidden on R2. Referring to the exhibit, which statement is correct about the
200.0.3.0/24 route?
A. The route is unusable because the next hop is not reachable from R2.
B. The route is unusable because it has not been verified.
C. The route is hidden because R1 is changing the next hop to 192.168.16.1.
D. The route is hidden because R2 has a more preferred route.
Answer: A
QUESTION: 28
-- Exhibit --
user@router> show route protocol bgp detail
inet6.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
4444:4444::/32 (1 entry, 1 announced)
*BGP PreferencE. 170/-101
Next hop typE. Router, Next hop index:
Address: 0x934c688
Next-hop reference count: 2
JN0-643
SourcE. 172.27.0.5
Next hop: ::172.27.0.5 via ge-0/0/1.0, selected
StatE.
Local AS: 3 Peer AS: 701
AgE. 3:22
Task: BGP_701.172.27.0.5+52965
Announcement bits (1): 0-KRT
AS path: 701 4 I Aggregator: 4 10.255.1.34
Accepted
LocalpreF. 100
Router ID. 10.255.1.31
-- Exhibit --
Referring to the exhibit, which two statements are true? (Choose two.)
A. The IPv6 route was learned from an IPv6 BGP neighbor.

B. The IPv6 route was learned from an IPv4 BGP neighbor.
C. The IPv6 destination will use IPv4 as the next hop.
D. The IPv6 destination will use IPv6 as the next hop.
Answer: B, D
QUESTION: 29
-- Exhibit --
user@router# run show route receive-protocol bgp 192.168.4.101 detail
inet.0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden)
* 10.16.1.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 111 I
* 10.16.2.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 222 312 I
* 10.16.3.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 231 222 I
JN0-643
* 10.16.4.0/24 (1 entry, 1 announced)

Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 333 111 I
-- Exhibit --
Referring to the exhibit, which AS path regular expression will match only the
10.16.1.0/24 and 10.16.2.0/24 routes?
A. .* (222|111) .*
B. .+ (222|111) .*
C. .(222|111) .*
D. . (.222|.111) .*
Answer: C
QUESTION: 30
-- Exhibit --
JN0-643
-- Exhibit --
Referring to the exhibit, you must ensure that traffic to the 2001:10:5::/64 network leaves
AS 2 through R3. Given that all BGP attributes are at their default, how would you
accomplish this task?
A. On R1, configure a MED of 50 for the 2001:10:5::/64 route.

B. On R2, configure a MED of 50 for the 2001:10:5::/64 route.
C. On R3, configure a MED of 50 for the 2001:10:5::/64 route.
D. On R4, configure a MED of 50 for the 2001:10:5::/64 route.
Answer: B
QUESTION: 31
-- Exhibit –
-- Exhibit --
JN0-643

On AS1, which two attributes are used to influence inbound traffic from the other ASs
shown in the exhibit? (Choose two.)
A. AS path
B. MED
C. local preference
D. origin
Answer: A, D
QUESTION: 32
-- Exhibit –
-- Exhibit --
Referring to the exhibit, R2 is sending a route to R1 with a community value. Which
statement is correct?
A. Routes will be accepted without change in the attributes.

B. All routes will be rejected.
C. Routes will be accepted with the community value removed.
D. Routes will be rejected with the community value removed.
Answer: C
JN0-643
QUESTION: 33
Which set of BGP attributes is preferred by the Junos OS?
A. MED. 100
AS path: 50 50 50
Local preferencE. 50
Origin: I
B. MED. 50
AS path: 50 50 50
Local preferencE. 1
Origin: E
C. MED. 100
AS path: 50 50 50 50
Origin: I
D. MED. 50
AS path: 50 50 50
Origin: E
Answer: A
QUESTION: 34
-- Exhibit –
-- Exhibit --
Referring to the exhibit and based on the output below from Sw-1 and Sw-2, which
statement is true?
Sw-1> show spanning-tree mstp configuration
MSTP information
Context identifier : 0
Region name : juniper
Revision : 1
Configuration digest : 0x9357ebb7a8d74dd5fef4f2bab50531aa
MSTI Member VLANs
0 0-9,11-19,21-4094
1 10
2 20
Sw-2# run show spanning-tree mstp configuration
MSTP information
JN0-643
Region name : juniper
Revision : 1
Configuration digest : 0x387b5f2ea2394b14e091f0921ee7b9a8
MSTI Member VLANs
0 0-9,11-14,16-19,21-4094
1 10,15
2 20
A. There will be only one MSTI 2 root bridge.

B. There will be only one CST root bridge.
C. Sw-1 and Sw-2 are in different MSTP regions.
D. There will be only one CIST root bridge.
Answer: C
QUESTION: 35
-- Exhibit –
-- Exhibit --
R4 receives BGP prefixes for AS 50 from both R2 and R3. You want to ensure that R4
chooses R3 as the preferred path to reach 50.50.50/24. Referring to the information shown
in the exhibit, where would you apply a policy containing the parameter local-preference
110 to accomplish this task?
A. on R3, as import from R1
JN0-643
B. on R3, as export towards R4

C. on R2, as import from R1
D. on R2, as export towards R4
Answer: D
QUESTION: 36
You want to provide reachability to your data center by advertising its subnet throughout
your upstream peer AS. However, you do not want this prefix advertised any further.
Which BGP community value would be used to meet this requirement?
A. no-advertise
B. no-export
C. no-export-subconfed
D. 65512 - 65535
Answer: B
QUESTION: 37
-- Exhibit –
-- Exhibit --
Referring to the exhibit, you want router A to have an EBGP peering with router C. They
are both connected through router B, which does not have BGP running, and has static
routes configured. What must be configured in the EBGP peer groups on routers A and C
to make this connection possible?
JN0-643
A. MED
B. multihop
C. multipath
D. next-hop
Answer: B
QUESTION: 38
-- Exhibit –
-- Exhibit --
Referring to the exhibit, your AS is connected to ISP-A and ISP-B using BGP. R1 and R2
are advertising your AS's 172.25/16 prefix upstream to both ISPs, and both ISPs are
providing a full BGP route table. You want to influence traffic flow so that traffic towards
your network enters through R1. Which action would meet the requirement? Apply the
following as an export policy towards ISP-B:
A. [edit policy-options]
user@R2# show
policy-statement prefer-for-inbound {
JN0-643
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
Apply the following as an export policy towards ISP-A:
B. [edit policy-options]
user@R1# show
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
Apply the following as an export policy towards R1 and R3:
C. [edit policy-options]
user@R2# show
term local-pref {
then {
local-preference 110;
accept;
}
}
}
Apply the following as an export policy towards R2 and R3:
D. [edit policy-options]
user@R1# show
term local-pref {
then {
local-preference 110;
accept;
}
}
}
Answer: A
JN0-643
QUESTION: 39
-- Exhibit –
-- Exhibit --
R1 is connected to both R2 and R3 and you want to load-balance outbound traffic. You
have provided the configuration shown in the exhibit; however, after checking the links
you notice that the traffic is not load-balancing. Which configuration must be added?
A. set protocols bgp group external multihop

B. set protocols bgp group external multipath
C. set protocols bgp group external advertise-external
D. set policy-options policy-statement loadbal then accept
Answer: B
QUESTION: 40
-- Exhibit --
[edit policy-options] user@router# show policy-statement LB { term 1 {
JN0-643
then {
load-balance per-packet;
}
}
}
-- Exhibit --
Two routers are joined by redundant BGP connections. You want to load-balance traffic
across these links, and have configured the policy shown in the exhibit on each device.
Which configuration, applied on each device, correctly applies the policy to accomplish
this task?
A. [edit protocols bgp group LB]

uesr@router# show type external; import LB;
peer-as <peer_as>;
neighbor <neighbor>;
B. [edit protocols bgp group LB]
uesr@router# show type external; export LB;
peer-as <peer_AS>; neighbor <neighbor>;
C. [edit]
user@router# show routing-options aggregate {
route 0.0.0.0/0 policy LB;
}
D. [edit]
user@router# show routing-options forwarding-table {
export LB;
}
Answer: D
QUESTION: 41
You are asked to create a BGP routing policy that will delete all communities and reject
routes with the community 64321:1234. Which policy will accomplish this task? A.
user@router# show policy-options policy-statement filter-on-community { term remove-
AS65001 {
from community AS65001-community;
then {
community delete AS65001-community;
}
}
term nothing-with-1234 {
JN0-643

then reject;
}
}
community AS64321-community members 64321:1234; community AS65001-community
members 65001:1001; B. user@router# show policy-options
policy-statement filter-on-community {
term remove-all-communities {
then {
community delete all-communities;
}
}
term nothing-with-1234 {
then reject;
}
}
community AS64321-community members 64321:1234;
community all-communities members *:*; C. user@router#show policy-options policy-
statement filter-on-community { term nothing-with-1234 {
then reject;
}
term remove-all-communities {
then {
community delete all-communities;
}
}
}
community all-communities members *:*;
D. user@router#show policy-options policy-statement filter-on-community { term
nothing-with-1234 {
then reject;
}
term remove-AS65001 {
then {
community delete AS65001-community;
}
}
}
JN0-643
Answer: C
QUESTION: 42
-- Exhibit --
user@router>show route advertising-protocol bgp 172.16.36.1 inet.0: 31 destinations, 31
routes (31 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref ASpath
* 10.200.17.0/24 Self I
* 10.200.19.0/24 Self I
-- Exhibit --
Referring to the exhibit, which three actions would summarize these routes to a BGP peer?
(Choose three.)
A. Create a policy that accepts the more specific contributing routes.

B. Create a route to 10.200.16.0/21 with a next hop of 172.16.36.1 under the [edit routing-
options static] hierarchy.
C. Create a policy that rejects the more specific contributing routes.
D. Create a policy to accept aggregate routes.
E. Create a 10.200.16.0/22 route under the [edit routing-options aggregate] hierarchy.
Answer: C, D, E
QUESTION: 43
-- Exhibit –
JN0-643
-- Exhibit --
AS4 is using the default path to get to AS1. This path is not modified by any of the ASs
shown in the exhibit. AS1 wants to influence this path so that traffic from AS4 comes
through AS3. Where do you apply the policy shown in the exhibit?
A. AS1
B. AS2
C. AS3
D. AS4
Answer: A
QUESTION: 44
-- Exhibit –
JN0-643
-- Exhibit --
Click the Exhibit button. You are the administrator for the network shown in the exhibit.
R1 receives the 196.15.4.0/24 route from routers R2, R3, and R4. Local preference values
have not been modified in this network. You are asked to ensure that R1 prefers the path
through AS 3149 for traffic destined to 196.15.4.0/24. Which two methods will
accomplish this task? (Choose two.)
A. Configure a lower local preference on R3.

B. Configure as-path-prepend on R2 and R4.
C. Configure local-as on R3.
D. Configure always-compare-med on R1.
Answer: B, D
QUESTION: 45
-- Exhibit --
JN0-643
user@R1> show pim join extensive

InstancE. PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 224.50.50.50
SourcE. *
RP: 10.100.100.10
Flags: sparse,rptree,wildcard
Upstream interfacE. ge-0/0/10.0
Upstream neighbor: 172.28.55.5
Upstream statE. Join to RP
UptimE. 00:00:10
Downstream neighbors:
InterfacE. ge-0/0/2.0
172.28.57.5 StatE. Join Flags: SRW Timeout: 209
Group: 224.50.50.50
SourcE. 10.100.10.10
Flags: sparse,spt
Upstream interfacE. ge-0/0/6.0
Upstream neighbor: 172.28.56.5
Upstream statE. Join to Source, Prune to RP
UptimE. 00:00:10
Keepalive timeout: 276
InterfacE. ge-0/0/2.0
172.18.57.5 StatE. Join Flags: S Timeout: 209
-- Exhibit --
Referring to the output shown in the exhibit, which three statements are true about the PIM
implementation on R1? (Choose three.)
A. R1 is receiving multicast traffic over the RPT.

B. R1 is receiving multicast traffic over the SPT.
C. Interface ge-0/0/10 provides the shortest path to the source.
D. The multicast stream flows from 10.100.10.10 to 172.18.57.5.
E. Interface ge-0/0/6 provides the shortest path to the source.
Answer: B, D, E
QUESTION: 46
-- Exhibit –
JN0-643
-- Exhibit --
Click the Exhibit button. Referring to the exhibit, the RPT from R3 towards R2 is
established. What happens if the multicast source connected to R1 starts sending multicast
traffic towards R1?
A. R1 encapsulates the multicast packets into a PIM register multicast packet.

B. R1 encapsulates the multicast packets into PIM join unicast messages.
C. R1 forwards the multicast packets on the (S,G) tree towards the RP.
D. R1 tunnels the multicast packets in PIM register messages towards the RP.
Answer: D
QUESTION: 47
Which two statements are true about the configuration shown below? (Choose two.)
[edit routing-options multicast]
user@router# show
ssm-groups 227.0.0.0/24;
asm-override-ssm;
JN0-643
A. It allows SSM operations in only the 227.0.0.0/24 range.

B. It allows SSM operations in the 227.0.0.0/24 range and the dedicated range.
C. It allows only ASM operations in the dedicated SSM range.
D. It allows both ASM and SSM operations in the dedicated SSM range.
Answer: B, D
QUESTION: 48
Which two statements are true about MSDP mesh groups? (Choose two.)
A. The MSDP mesh group was originally designed to limit SA flooding.

B. SA messages received from a mesh group member flood these messages to all peers
that are not members of this mesh group.
C. SA messages received from a peer not in any mesh group do not flood to all peers.
D. SA messages received from a peer not in any mesh group perform a peer-RPF check
and, if successful, flood to all peers (except the advertising router).
Answer: A, B
QUESTION: 49
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, the RPs are set up for anycast. Multicast traffic is currently
flowing from the source to the receivers. Which statement is true when RP2 goes down?
A. Multicast traffic is interrupted for receiver 2 until RP2 recovers.

B. Receiver 2 needs to rejoin RP1.
C. Multicast traffic flows uninterrupted.
D. RP1 starts sending multicast traffic to receiver 2.
Answer: C
QUESTION: 50
-- Exhibit –
-- Exhibit --
Referring to the exhibit, USER1 wants to only receive multicast traffic for group 225.0.0.1
and USER2 wants to only receive multicast traffic for group 225.0.0.2. Both users are
connected to an EX Series switch and are receiving unwanted multicast traffic. What will
resolve the problem?
A. Create IGMP static groups with the exclude parameter.

B. Enable the IGMP immediate-leave parameter.
C. Use PIM sparse mode instead of PIM dense mode.
D. Enable IGMP snooping.
JN0-643
Answer: D
QUESTION: 51
Which multicast group is used for all PIM routers?
A. 224.0.0.22
B. 224.0.0.13
C. 224.0.0.1
D. 224.0.0.2
Answer: B
QUESTION: 52
You are configuring PIM-SM for your network, and want to use a statically configured
RP. What are two ways to accomplish this task? (Choose two.)
A. [edit protocols pim]

uesr@router# show rp {
static {
address 10.10.10. ;
}
}
mode sparse;
}
mode sparse;
}
interface lo0.0 {
mode sparse;
}
B. [edit protocols pim]
user@router# show rp {
local {
address 223.0.0.1;
}
}
JN0-643
interface lo0.0;
C. [edit protocols pim]
static {
address 10.10.10. {
group-ranges {
224.0.0.0/4;
}
}
}
}
interface all {
mode sparse;
}
D. [edit protocols pim]
local {
address 10.10.10. ;
group-ranges {
233.0.0.0/8;
}
}
}
version 1;
}
version 1;
}
interface lo0.0 {
version 1;
}
Answer: B, D
QUESTION: 53
-- Exhibit –
JN0-643
-- Exhibit --
Your company has PIM running on some critical routers in your network, but another
engineer has requested that you configure a PIM policy to prevent R2 from becoming a
PIM neighbor of R1 by dropping the hello packets. Referring to the exhibit, which three
commands are necessary for preventing R2 from becoming a PIM neighbor of R1?
(Choose three.)
A. set protocols pim interface ge-0/0/1.0 neighbor-policy block-pim

B. set policy-options policy-statement block-pim term 1 from route-filter 227.2.2.2/32
exact
C. set policy-options policy-statement block-pim term 1 from route-filter 10.10.10.2/32
exact
D. set policy-options policy-statement block-pim term 1 then reject
E. set policy-options policy-statement block-pim term 1 from route-filter 10.10.10.1/32
exact
Answer: A, C, D
QUESTION: 54
Your company asks you to configure multicast routing on a Junos device. They tell you
that the router at IP address 192.168.1.4 is the root of the shared multicast delivery tree.
Which command allows you to configure the Junos device as a non-RP router for PIM?
A. set protocols pim rp local family inet disable
JN0-643
B. set protocols pim rp local address 192.168.1.4

C. set protocols pim rp static address 192.168.1.4
D. set protocols pim rp auto-rp announce
Answer: C
QUESTION: 55
-- Exhibit –
-- Exhibit --
Referring to the configuration shown in the exhibit, which statement is true?
A. RP2 stops sending all SA messages to its peer.

B. RP1 stops sending all SA messages to its peer.
C. RP2 stops sending SA messages for the group 224.7.7.7 from source 192.168.100.10 to
RP1.
D. RP1 stops sending SA messages for the group 224.7.7.7 from source 192.168.100.10 to
RP2.
Answer: C
QUESTION: 56
JN0-643
When enabling MVRP for dynamic VLAN registration, which three timers would be
configured on an interface? (Choose three.)
A. hello-interval
B. join-timer
C. leave-timer
D. max-age
E. leaveall-timer
Answer: B, C, E
QUESTION: 57
Which two statements are correct about L2PT? (Choose two.)
A. L2PT requires 802.1Q tunneling enablement to effectively tunnel L2 protocols.

B. 802.1Q tunnels all L2 protocols by default.
C. L2PT encapsulates L2 PDUs by enabling the ingress switch to rewrite the PDUs' source
MAC addresses before forwarding them onto the service provider network.
D. You cannot enable L2PT and VLAN translation on the same VLAN.
Answer: A, D
QUESTION: 58
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, a customer noticed that the 802.1Q-tunneled packets received on
SwitchB are being dropped. What is causing this problem?
A. There is an ether-type mismatch on SwitchA and SwitchB.

B. Customer VLANs are not configured on SwitchB.
C. The SwitchB interface connecting to SwitchA is not a trunk port.
D. Customer VLANs are mismatched on both switches.
Answer: A
QUESTION: 59
You are a service provider and have multiple customers in a building. You are installing a
new switch that can host all of your customers. However, you would like to ensure that
one customer cannot see or broadcast to another customer. You would also like to have
them use a common gateway IP address from the building. What should be used to provide
this access?
JN0-643
A. VLAN
B. private VLAN
C. filter-based VLAN
D. Layer 2 tunneling
Answer: B
QUESTION: 60
What are three types of PVLAN broadcast domains? (Choose three.)
A. primary VLAN
B. dynamic VLAN
C. isolated VLAN
D. community VLAN
E. S-VLAN
Answer: A, C, D
QUESTION: 61
Two PCs are attached to a hub, which is attached to port ge-0/0/0 on your EX Series
switch. You must separate the incoming traffic from the PCs into two VLANs. What
should you use to accomplish this task?
A. dynamic VLAN registration with MVRP

B. private VLAN
C. filter-based VLAN
D. guest VLAN
Answer: C
QUESTION: 62
-- Exhibit --
Mar 16 17:54:51.930726 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area
0.0.0.0) Mar 16 17:54:55.566920 ospf_trigger_build_telink_lsas : No peer found
Mar 16 17:54:56.152585 ospf_trigger_build_telink_lsas : No peer found
JN0-643
Mar 16 17:54:56.152721 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr

192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:54:56.153271 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id
192.168.2.1
192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:54:56.157971 OSPF built router LSA, area 0.0.0.0, link count 2
Mar 16 17:54:56.158300 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69
area 0.0.0.0)
Mar 16 17:54:56.158380 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0
Mar 16 17:54:56.158435 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
Mar 16 17:54:56.158485 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0
Mar 16 17:54:56.158949 OSPF DR is 192.168.2.1, BDR is 0.0.0.0
area 0.0.0.0)
Mar 16 17:54:58.237416 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69
area 0.0.0.0)
Mar 16 17:54:58.237623 checksum 0x0, authtype 0
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init
state?
A. There is an MTU mismatch.

B. There are duplicate router IDs.
C. The routers are in different areas.
D. No BDR has been elected.
Answer: B
QUESTION: 63
-- Exhibit --
{master:0}[edit] user@switch# show vlans v1 {
vlan-id 1; interface { ge-0/0/1.0;
JN0-643
}
}
v2 {
vlan-id 2;
interface {
ge-0/0/2.0;
}
}
v3 {
vlan-id 3; interface { ge-0/0/1.0 {
}
{master:0}[edit]
user@switch# show interfaces ge-0/0/3
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
{master:0}[edit]
user@switch# run show vlans
Name Tag Interfaces
default None v1 1
ge-0/0/1.0*, ge-0/0/3.0*
v2 2
ge-0/0/2.0*, ge-0/0/3.0*
v3 3
ge-0/0/1.0*, ge-0/0/3.0*
-- Exhibit --
Referring to the exhibit, what would explain interface ge-0/0/3.0 being active in VLANs
v1, v2, and v3?
A. You have enabled RSTP for interface ge-0/0/3.0.

B. You have enabled MVRP for interface ge-0/0/3.0.
C. You have enabled MSTP for interface ge-0/0/3.0.
D. You have enabled L2PT for interface ge-0/0/3.0.
Answer: B
QUESTION: 64
JN0-643
You are asked to implement a filter-based VLAN assignment. You have created the
firewall filter and must apply this filter to the incoming interface. Where must this filter be
applied?
A. to the access interface configuration

B. to the interface under the primary VLAN assignment
C. to the interface under the secondary VLAN assignment
D. to the trunk interface configuration
Answer: A
QUESTION: 65
-- Exhibit --
{master:0}[edit]
user@switch# show vlans v200 {
vlan-id 200; interface { ge-0/0/7.0; ge-0/0/8.0;
}
dot1q-tunneling { customer-vlans [ 11 12 ]; layer2-protocol-tunneling { all {
drop-threshold 800;
shutdown-threshold 700;
}
}
}
}
-- Exhibit --
Referring to the exhibit, you are attempting to configure L2PT for VLAN v200 but the
configuration will not commit. Which three configuration statements would resolve the
problem? (Choose three.)
A. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 600

B. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 600
C. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 900
D. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 700
E. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 900
Answer: A, C, D
JN0-643
QUESTION: 66
-- Exhibit –
-- Exhibit --
Referring to the exhibit, you are asked to ensure that CE1 can communicate with CE2
using VLAN 150. Which configuration meets this requirement on S1?
A. user@S1# show customer-a {

vlan-id 200;
dot1q-tunneling {
customer-vlans 150;
}
}
{master:0}[edit vlans]
B. user@S1# show customer-a {
}
dot1q-tunneling {
customer-vlans 200;
}
}
C. user@S1# show customer-a {
}
dot1q-tunneling {
customer-vlans 150;
}
}
D. user@S1# show customer-a {
JN0-643
}
}
v200 {
}
}
Answer: C
QUESTION: 67
-- Exhibit --
[edit]
user@switch# commit
error: Trunk interface <ge-0/0/10.0> can not be member of both dot1q-tunneling enabled
vlan <cust-1>, and a non dot1q-tunneled vlan <v11> when dot1q-tunneling ethernet-type
is not <0x8100>
error: configuration check-out failed
-- Exhibit --
When you try to commit your 802.1Q tunneling configuration, you receive the error shown
in the exhibit. Which configuration statement will allow the configuration to commit?
A. set vlans cust-1 interface ge-0/0/10 egress

B. set interfaces ge-0/0/10 ether-options mdi-mode auto
C. set vlans v11 dot1q-tunneling customer-vlans native
D. set ethernet-switching-options dot1q-tunneling ether-type 0x8100
Answer: D
QUESTION: 68
-- Exhibit –
JN0-643
-- Exhibit --
You are asked to separate the human resources group from the finance group on the
company network even though they share the same VLAN. You consider using PVLANs,
and you delegate the task to a junior engineer who submits the configuration shown in the
exhibit to accomplish this task. After review, you realize that the PVLAN implementation
will not work correctly. Referring to the exhibit, which three commands must be included
to resolve the problem? (Choose three.)
A. set vlans pvlan no-local-switching

B. set vlans hr-group no-local-switching
C. set vlans finance-group no-local-switching
D. set vlans hr-group primary-vlan pvlan
E. set vlans finance-group primary-vlan pvlan
Answer: A, D, E
QUESTION: 69
-- Exhibit –
JN0-643
-- Exhibit --
You have implemented a firewall-based VLAN filter to map traffic from subnet
192.168.40.0/24 to a VLAN named vlan_40. However, you have not been successful in
getting the traffic mapped correctly. In addition, all traffic must be passed to the Layer 2
network. Referring to the exhibit, which three commands are required to accomplish this
behavior? (Choose three.)
A. set interfaces ge-0/0/19.0 family ethernet-switching filter output assign_vlan

B. set interfaces ge-0/0/19.0 family ethernet-switching filter input assign_vlan
C. set vlans vlan_40 interface ge-0/0/19.0 mapping policy
D. set vlans vlan_30 interface ge-0/0/19.0 mapping policy
E. set interfaces ge-0/0/20 unit 0 family ethernet-switching port-mode trunk vlan members
all
Answer: B, C, E
QUESTION: 70
-- Exhibit --
JN0-643
[edit protocols vstp]

'vlan all'
Cannot configure VSTP on all VLANs when more than 253 VLANs are configured.
Configure vstp vlan-group along with STP or RSTP to cover all VLANs
[edit protocols]
'vstp'
Failed to configure vstp on all vlans
-- Exhibit --
What are two reasons for the commit error shown in the exhibit? (Choose two.)
A. The set protocols vstp vlan all configuration is not supported.

B. There are more than 253 VLANs configured on the switch.
C. MSTP is not configured with VSTP.
D. STP or RSTP is not configured along with VSTP on the switch.
Answer: B, D
QUESTION: 71
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, which two statements are true regarding the MSTP port role and
port state of ge-0/0/0 and ge-0/0/1 on SW1?
A. Port ge-0/0/0 is a root port and ge-0/0/1 is an alternate port.

B. Both ports are designated ports.
C. Both ports are in a forwarding state.
D. Port ge-0/0/0 is a root port and ge-0/0/1 is in a forwarding state.
Answer: B, C
QUESTION: 72
Which two statements are correct about MSTP? (Choose two.)
A. It allows you to preprovision VLAN IDs to spanning tree instances.

B. It provides a more scalable solution than VSTP.
C. It is not supported when using MVRP.
JN0-643
D. It allows you to use VLAN groups to simplify configuration tasks when groups of
VLANs use the same parameters.
Answer: A, B
QUESTION: 73
You are asked to implement MSTP on all devices in your Layer 2 network. Which three
parameters must match on all devices within the same region? (Choose three.)
A. region name
B. hello timer
C. maximum age
D. revision level
E. VLAN mapping table
Answer: A, D, E
QUESTION: 74
You are asked to implement VSTP on all devices in your Layer 2 network. Which three
statements are correct? (Choose three.)
A. VSTP supports up to 256 different spanning-tree topologies.

B. A BPDU is sent for each spanning-tree instance.
C. Each VLAN will be assigned to a unique spanning-tree instance.
D. MSTP can be used in addition to VSTP to account for VLANs outside of the supported
range.
E. VSTP can be used to load-balance Layer 2 traffic using VLANs.
Answer: B, C, E
QUESTION: 75
-- Exhibit --
user@switch> show spanning-tree bridge
STP bridge parameters
Context ID : 0
Enabled protocol : MSTP
JN0-643
STP bridge parameters for CIST

Root ID : 32768.00:19:e2:55:1a:01
Root cost : 0
Root port : ge-0/0/10.0
CIST regional root : 32768.00:19:e2:55:1a:01
CIST internal root cost : 20000
Hello time : 2 seconds Maximum age : 20 seconds Forward delay : 15 seconds Hop count :
19 Message age : 0
Number of topology changes : 2
Time since last topology change : seconds
Topology change initiator : ge-0/0/10.0
Topology change last recvd. from : 00:19:e2:55:24:8c
Local parameters
Bridge ID : 32768.b0:c6:9a:73:27:90
Extended system ID : 0
Internal instance ID : 0
STP bridge parameters for MSTI 1
MSTI regional root : 4097.b0:c6:9a:73:27:90
Hello time : 2 seconds Maximum age : 20 seconds Forward delay : 15 seconds
Topology change last recvd. from : b0:c6:9a:73:39:81
Local parameters
Bridge ID : 4097.b0:c6:9a:73:27:90
Root cost : 20000
Root port : ge-0/0/1.0
Hello time : 2 seconds Maximum age : 20 seconds Forward delay : 15 seconds Hop count :
19 Number of topology changes : 2
Local parameters
Bridge ID : 8194.b0:c6:9a:73:27:90
-- Exhibit --
Referring to the exhibit, which two statements are correct about the MSTP configuration?
(Choose two.)
JN0-643
A. The local switch is not the root bridge for MSTI 1.

B. The local switch is the root bridge for MSTI 1.
C. The local switch is the root bridge for MSTI 2.
D. The local switch is not the root bridge for MSTI 2.
Answer: B, D
QUESTION: 76
-- Exhibit --
user@switch-1> show spanning-tree bridge
Context ID : 0
...
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Time since last topology change : 42 seconds
Local parameters
Bridge ID : 4097.b0:c6:9a:73:27:90
Local parameters
Bridge ID : 8194.b0:c6:9a:73:27:90
user@switch-1> show spanning-tree mstp configuration
JN0-643
MSTP information
Region name : my-mstp-config
Revision : 1
Configuration digest : 0x91ee8012e6851d931adae71da4060690
MSTI Member VLANs
0 0,400-4094
1 1-199
2 200-399
user@switch-2> show spanning-tree bridge
Context ID : 0
...
Local parameters
Bridge ID : 8193.b0:c6:9a:73:39:90
Topology change last recvd. from : 00:19:e2:55:24:8d
Local parameters
Bridge ID : 4098.b0:c6:9a:73:39:90
user@switch-2> show spanning-tree mstp configuration
MSTP information
Region name : my-mstp-config
Revision : 10
Configuration digest : 0x91ee8012e6851d931adae71da4060690
MSTI Member VLANs
JN0-643
0 0,400-4094
1 1-199
2 200-399
-- Exhibit --
A colleague recently implemented MSTP in your Layer 2 network and is having trouble
determining why it is not working properly. You are asked to review the outputs provided
in the exhibit to determine the cause. Referring to the exhibit, what is causing the issue?
A. The region name is configured the same on both devices.

B. The VLAN mapping is configured incorrectly.
C. The MSTP revision is configured incorrectly.
D. The bridge priority has not been configured correctly.
Answer: C
QUESTION: 77
-- Exhibit --
MSTP information
Region name : Juniper
Revision : 1
Configuration digest : 0xfdbe318c0ae799ae6dfdae4c882c67ee
MSTI Member VLANs
0 0,4-4094
1 1-3
-- Exhibit --
A network engineer has configured MSTP on several switches for loop protection. You
must verify the work and ensure that the appropriate parameters match on all switches.
Which operational command provides the required output shown in the exhibit?
A. show spanning-tree interface

B. show spanning-tree mstp configuration
C. show spanning-tree bridge
D. show ethernet-switching interfaces
Answer: B
JN0-643
QUESTION: 78
-- Exhibit --
user@SwitchA# show protocols mstp
configuration-name region1;
bridge-priority 16k;
msti 1 {
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
user@SwitchB# show protocols mstp
bridge-priority 8k;
msti 1 {
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40 50];
}
-- Exhibit --
Referring to the exhibit, a customer observes that the MSTP instance between SwitchA
and SwitchB is not converging correctly. What is causing the problem?
A. The bridge priority values of MSTI 2 are the same.

B. There is a VLAN mismatch between the two switches for MSTI 2.
C. There is a bridge priority mismatch.
D. MSTI 1 and MSTI 2 are part of the same the MSTP region.
Answer: B
QUESTION: 79
Your company makes extensive use of VSTP in your network for loop protection. The
network is at the VSTP VLAN limit and must protect additional VLANs. Which command
allows you to protect additional VLANs?
JN0-643
A. set protocols mstp interface all

B. set protocols vstp vlan all
C. set protocols vstp vlan-group
D. set protocols rstp
Answer: D
QUESTION: 80
You are asked to set up 802.1X port authentication for all access ports on your EX Series
switch. You must ensure that only one user is allowed to authenticate per port and all other
attempts are denied. Which supplicant mode must be used?
A. single mode
B. single-secure mode
C. default mode
D. multiple mode
Answer: B
QUESTION: 81
You are asked to set up 802.1X port authentication for all access ports on your EX Series
switch. You have a device that does not support 802.1X supplicants and you must ensure
this device is authenticated. You must also ensure that no unnecessary delay occurs when
authenticating this device. Which statement is correct?
A. You should enable MAC RADIUS on the interface and use 802.1X multiple mode.
B. You should enable MAC RADIUS on the interface and statically add the MAC address
to the 802.1x configuration.
C. You should enable MAC RADIUS on the interface and include the restrict parameter.
D. You should enable MAC RADIUS on the interface and include the disable parameter.
Answer: C
QUESTION: 82
JN0-643
Your company uses 802.1X to authenticate your users. You want to provide access to the
Internet when users cannot authenticate on the RADIUS server or when the RADIUS
server becomes unreachable. Which two methods accomplish this goal? (Choose two.)
A. using a captive portal

B. using a server fail fallback
C. using MAC RADIUS
D. using a guest VLAN
Answer: B, D
QUESTION: 83
Your company recently implemented Layer 2 authentication and access control to secure
users accessing the corporate network. You implemented 802.1X, MAC RADIUS, and a
captive portal to support a variety of hosts on the network. Senior management is
concerned that valid users might be authenticated incorrectly on the network and they ask
you questions about how these different access technologies are used simultaneously.
Which three statements are correct? (Choose three.)
A. MAC addresses that are part of a MAC address whitelist or a static MAC list are
authenticated before any other authentication protocol is invoked.
B. Captive portal is a supported fallback option for 802.1X.
C. If the authentication server fails to respond to access requests and both a server-fail and
guest VLAN are configured correctly, the server-fail VLAN takes precedence over the
guest VLAN.
D. Captive portal can only be configured on Layer 3 interfaces.
E. If a port is configured with 802.1X and the host does not respond to EAP requests, no
other authentication protocol can authenticate the host.
Answer: A, B, C
QUESTION: 84
In your 802.1X-enabled network, a RADIUS server fails to respond or authenticate a
device. On an EX Series switch, what are three supported actions? (Choose three.)
A. Traffic can be allowed.

B. Traffic can be denied.
JN0-643
C. Traffic can be redirected to another subnet.

D. Traffic can be redirected to another VLAN.
E. Traffic can be redirected to another port.
Answer: A, B, D
QUESTION: 85
-- Exhibit –
-- Exhibit --
A contractor needs to connect a laptop to your company network, but your company has
no wireless access and each office has only a single network port for an employee laptop.
You have an IP phone with a data port available and you have access to the switch
connected to it. You can also add the contractor's MAC address to the RADIUS server
database. Referring to the exhibit, which three commands will allow access? (Choose
three.)
JN0-643
A. set protocols dot1x authenticator authentication-profile-name radius_profile interface

ge- 0/0/16.0 mac-radius
B. set interfaces ge-0/0/16.0 family ethernet-switching port-mode trunk
C. set interfaces ge-0/0/16.0 family ethernet-switching vlan members contractor
D. set protocols dot1x authenticator authentication-profile-name radius_profile interface
ge- 0/0/16.0 supplicant multiple
E. set interfaces ge-0/0/16.0 family ethernet-switching vlan members all
Answer: A, C, D
QUESTION: 86
-- Exhibit --
{master:0}
user@switch> show dot1x interface ge-0/0/15 detail
ge-0/0/15.0
RolE. Authenticator Administrative statE. Auto Supplicant modE. Multiple Number of
retries: 3
Quiet perioD. 60 seconds Transmit perioD. 30 seconds Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 120 seconds
Supplicant timeout: 30 seconds Server timeout: 30 seconds Maximum EAPOL requests: 2
Guest VLAN member: guest
Number of connected supplicants: 0
-- Exhibit --
802.1X authentication was recently configured on your ge-0/0/15 port. You issue the
command shown in the exhibit. Which two statements are correct? (Choose two.)
A. The reauthentication interval is using the default value.

B. Every user that attempts to connect using this port must be authenticated.
C. Only the first user that connects using this port will be authenticated.
D. Users will only be able to authenticate using MAC RADIUS.
Answer: B, D
QUESTION: 87
-- Exhibit --
user@switch> show configuration access
JN0-643
radius_server {
10.1.1.252 {
port 1812;
secret "$9$7gdwgGDkTz6oJz69A1INdb"; ## SECRET-DATA
}
profile radius_server {
authentication-order password;
radius {
authentication-server 10.1.1.252;
}
}
user@switch> show configuration protocols dot1x
authenticator {
ge-0/0/17.0 {
supplicant multiple;
}
}
}
user@switch> show configuration vlans
Sales_VLAN {
vlan-id 123;
}
user@switch> show configuration interfaces ge-0/0/17
unit 0 {
port-mode access;
}
}
-- Exhibit --
You are asked to place employees that are in the sales group into their own VLAN called
Sales_VLAN with a VLAN ID of 123 on port ge-0/0/17. The VLAN must be assigned
dynamically. After trying an initial configuration, you see that users in the sales group are
not assigned to the Sales_VLAN. Referring to the exhibit, which two configuration
statements are needed on the EX Series switch to resolve this problem? (Choose two.)
A. set access profile radius_server authentication-order radius

B. set vlans Sales_VLAN interface ge-0/0/17.0
C. set interfaces ge-0/0/17.0 family ethernet-switching vlan members Sales_VLAN
D. set protocols dot1x authenticator authentication-profile-name radius_server
Answer: A, D
JN0-643
QUESTION: 88
A non-802.1X printer is connected to ge-0/0/0 on an EX Series switch. Which
configuration statement will authenticate the device against an authentication server?
A. set protocols dot1x authenticator static 22:22:22:22:22:22 interface ge-0/0/0

B. set protocols dot1x authenticator interface ge-0/0/0 supplicant single
C. set protocols dot1x authenticator interface ge-0/0/0 mac-radius restrict
D. set protocols dot1x authenticator interface ge-0/0/0 disable
Answer: C
QUESTION: 89
-- Exhibit --
{master:0}[edit protocols dot1x] user@switch# show authenticator {
authentication-profile-name my-profile;
static {
00:21:cc:ba:c7:00/40 {
}
}
interface {
ge-0/0/12.0 { supplicant multiple; server-fail deny;
}
ge-1/0/14.0 {
reauthentication 120;
server-fail vlan-name local-only;
}
ge-1/0/15.0 { supplicant multiple; mac-radius { restrict;
}
reauthentication 120;
server-fail vlan-name guest;
}
}
}
-- Exhibit --
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All
access ports on this device are members of VLAN v20. The RADIUS server is currently
JN0-643
not reachable. Referring to the configuration shown in the exhibit, what happens to traffic
sent from this device?
A. The traffic is denied.

B. The traffic is accepted and uses the guest VLAN.
C. The traffic is accepted and uses the local-only VLAN.
D. The traffic is accepted and uses the v20 VLAN.
Answer: D
QUESTION: 90
An emergency Class 3 IP phone is connected to an EX Series switch. You want to ensure
that the IP phone does not have any problems if PoE power demands on the switch are
greater than the PoE power budget. What should you do to accomplish this task?
A. You must connect the IP phone into one of the ports from ge-0/0/0 to ge-0/0/7.
B. Set the power class on the PoE interface to 3.
C. Set the PoE priority to high.
D. Enable the guard-band parameter.
Answer: C
QUESTION: 91
You are implementing PoE on your EX Series switch to provide power to your VoIP
phones. You have a device that does not provide its class information to the switch. Which
power class is assigned for this device?
A. 0
B. 1
C. 2
D. 3
Answer: A
QUESTION: 92
JN0-643
Which two statements about the voice VLAN feature are correct? (Choose two.)
A. It can be used to separate untagged data and VLAN tagged VoIP traffic into different
VLANs on an access port.
B. It can be used to assign VoIP traffic into a CoS forwarding class.
C. It can be used to separate untagged data and VLAN tagged VoIP traffic into different
VLANs on a trunk port.
D. It can be used to apply a policer to VoIP traffic.
Answer: A, B
QUESTION: 93
NetBIOS snooping information is stored in which database on EX Series switches?
A. RADIUS database
B. LLDP neighbor database
C. MAC table database
D. routing table database
Answer: B
QUESTION: 94
Which three PoE power allocation methods are supported on EX Series switches? (Choose
three.)
A. dynamic PoE management mode

B. static PoE management mode
C. enhanced power negotiation
D. LLDP power negotiation
E. class PoE management mode
Answer: B, D, E
QUESTION: 95
JN0-643
A security camera is connected to an EX Series switch. You are asked to ensure power to
the PoE port is maintained if the power budget is exceeded. Which two actions will
accomplish this task? (Choose two.)
A. Set the PoE management mode to static.

B. Set the PoE management mode to class.
C. Set the PoE interface priority to high.
D. Ensure the camera is connected to port ge-0/0/0.
Answer: C, D
QUESTION: 96
-- Exhibit --
user@switch> show poe controller
Controller Maximum Power Guard Management Status Lldp
index power consumption band Priority
0 130.00W 121.00W 0W Class AT_MODE Disabled
-- Exhibit --
A new user's Class 3 IP phone is connected to port ge-0/0/7 on an EX Series switch;
however, it is not working. Referring to the exhibit, what is the cause?
A. The model of the EX Series switch being used supports PoE only on interfaces ge-0/0/0
through ge-0/0/6.
B. The PoE port is set to class 0.
C. The port has been shut down because the phone's power requirements exceed the PoE
power budget for the switch.
D. The guard-band is insufficient.
Answer: C
QUESTION: 97
You are troubleshooting an LLDP neighbor and cannot see the IP address of the
neighboring EX Series switch. What is causing the problem?
A. A VLAN interface must be configured under the [edit vlans] hierarchy.

B. IP addresses are not sent in any LLDP TLVs.
JN0-643
C. A management address must be configured under the [edit protocols lldp] hierarchy.
D. You must enable LLDP-MED.
Answer: C
QUESTION: 98
A network administrator is configuring CoS on a switch and assigns forwarding classes
shown below:
class-of-service {
forwarding-classes {
class best-effort queue-num 0; class bulk-data queue-num 1; class critical queue-num 3;
class voice queue-num 6;
class call-signal queue-num 3;
}
}
Based on the configuration, which action prioritizes call-signal traffic over critical traffic?
A. Assign call-signal traffic and critical traffic to different schedulers.

B. Assign call-signal traffic and critical traffic to different scheduler maps.
C. Assign a loss priority of high to the packets in the critical forwarding class and set
priority high in the scheduler configuration.
D. Assign a loss priority of high to the packets in the critical forwarding class and
configure drop profiles in the scheduler configuration.
Answer: D
QUESTION: 99
On SRX Series devices, in which order does CoS process ingress packets?
A. multifield classifier, policer, forwarding policy, behavior aggregate classifier

B. multifield classifier, forwarding policy, policer, behavior aggregate classifier
C. behavior aggregate classifier, policer, multifield classifier, forwarding policy
D. behavior aggregate classifier, multifield classifier, policer, forwarding policy
Answer: D
JN0-643
QUESTION: 100
You just configured an interface as an access port and it is up and passing traffic.
However, you notice that all traffic transiting this interface is being classified as best
effort. Which default BA classifier is causing this behavior?
A. ieee8021p-default
B. ieee8021p-untrust
C. dscp-default
D. dscp-ipv6-default
Answer: B
QUESTION: 101
You notice that an interface receiving traffic from multiple devices with no user-
configured CoS parameters has been assigned the ieee802.1p-default classifier. What is the
port type assigned to this interface?
A. access port
B. tagged access port
C. trunk port
D. designated port
Answer: C
QUESTION: 102
-- Exhibit --
[edit class-of-service]
drop-profiles {
test-drop {
fill-level 20 drop-probability 35; fill-level 55 drop-probability 60; fill-level 70 drop-
probability 80; fill-level 95 drop-probability 100;
}
}
-- Exhibit --
According to the configuration shown in the exhibit, what percentage of the traffic will be
dropped when the queue fill level reaches 65 percent?
JN0-643
A. 25
B. 50
C. 58
D. 60
Answer: D
QUESTION: 103
You are asked to implement CoS on an EX Series switch. You attempt to configure the
priority for the voice and data queue schedulers to medium-high and medium-low priority,
respectively. However, you notice that the only parameters available for the priority is
strict high and low. Why are strict high and low the only available parameters for
configuration?
A. The loss priority for the queues must first be set to medium-low and medium-high,
respectively.
B. The switch only supports the strict high and low queue priorities.
C. The shared buffer feature must be configured prior to configuring scheduler priority.
D. The scheduler must be applied to an interface prior to configuring scheduler priority.
Answer: B
QUESTION: 104
You are asked to configure a CoS weighted tail drop profile on your EX Series switch that
causes all traffic in the best effort queue to drop when the queue is 90 percent full. Which
configuration will accomplish this request?
A. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
drop-probability 100;
}
}
B. [edit class-of-service]
drop-profiles { be_dropp { interpolate { fill-level 90;
JN0-643
}
}
}
C. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
D. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
Answer: C
QUESTION: 105
You must configure a multifield classifier on ge-1/0/0. This classifier must match only
TCP traffic from port number 79, set the loss priority to high, and classify the traffic as
expedited- forwarding. The inbound traffic has no previous CoS markings. Which
configuration meets these requirements?
A. [edit firewall]
user@switch# show filter ef_classifier_mf term 1 {
from {
protocol tcp;
destination-port 79;
}
then {
loss-priority high;
forwarding-class expedited-forwarding;
}
[...]
}
B. [edit firewall]
from {
protocol tcp;
JN0-643
source-port 79;
}
then {
loss-priority high;
}
[...]
}
C. [edit firewall]
from {
protocol tcp;
destination-port 79;
}
then {
loss-priority low;
}
[...]
}
D. [edit firewall]
from {
protocol tcp; source-port 79; dscp ef;
}
then {
loss-priority high;
accept;
}
[...]
}
Answer: B
QUESTION: 106
You are asked to reconfigure a CoS scheduler to limit the assured forwarding queue to a
maximum of 75 percent of the available bandwidth. The assured forwarding queue uses a
strict high priority queue. Which configuration parameter accomplishes this task?
A. transmit-rate percent 75
B. buffer-size percent 75
JN0-643
C. shaping-rate percent 75
D. shared-buffer percent 75
Answer: C
QUESTION: 107
You are asked to configure an interface policer. You must ensure when the bandwidth
limit and burst size are exceeded, that the packet receives a CoS parameter which increases
the probability that the packet will be dropped if the queues are congested. Which policer
action will accomplish this requirement?
A. dscp 0
B. loss-priority high
C. ip-precedence 0
D. loss-priority low
Answer: B
QUESTION: 108
You must troubleshoot a CoS issue on an Ethernet interface which has been observed to
drop packets in the best effort queue. You must determine whether the dropped packets are
tail drops. Which CLI command output accomplishes this task?
A. show class-of-service interface

B. show interfaces queue <interface_name>
C. show interfaces <interface_name> extensive
D. show class-of-service forwarding-class best-effort
Answer: B
QUESTION: 109
What are two benefits of configuring OSPF database protection? (Choose two.)
A. Protects the LSDB from being flooded by excessive LSA flooding.

B. Provides intra-area route filtering and route summarization.
JN0-643
C. Allows the device to participate in OSPF routing but not be used for transit traffic.
D. Limits the number of LSAs in the LSDB (excluding those generated by the local
router).
Answer: A, D
QUESTION: 110
Area 1 is configured as an NSSA with no summaries. Which three types of LSAs are
allowed in Area 1's database? (Choose three.)
A. Type 1
B. Type 2
C. Type 3
D. Type 5
E. Type 7
Answer: A, B, E
QUESTION: 111
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, and given that no other BGP manipulation has been configured,
how is traffic influenced from R1 to R3?
A. Traffic is load-balanced across both paths.

B. Traffic is preferred through AS 2493.
C. Traffic is preferred through AS 8841.
D. Traffic prefers the path with the lowest local preference.
Answer: C
QUESTION: 112
You are asked to establish a single EBGP peering across two physical interfaces to your
ISP. Which BGP feature should you use?
JN0-643
A. multipath
B. multihop
C. accept-remote-nexthop
D. allow
Answer: B
QUESTION: 113
-- Exhibit –
-- Exhibit --
Referring to the exhibit, routers A, B, and C are in the same BGP AS 100. Router A
prefers to route traffic through Router C. Which BGP attribute would you configure to
ensure this behavior?
A. as-path-prepend
B. local-preference
C. metric
D. weight
Answer: B
JN0-643
QUESTION: 114
Which two statements are true about SSM implementations on Junos devices? (Choose
two.)
A. There is no need for an RP.

B. The multicast receiver's DR must have IGMPv3 enabled.
C. SSM traffic must use the 232/8 range.
D. ASM and SSM implementations can coexist in the same network.
Answer: A, D
QUESTION: 115
-- Exhibit –
-- Exhibit --
You are asked to allow a customer to tunnel STP BPDUs from Customer Switch1 to
Customer Switch2 for VLAN 300 on S-VLAN v500. You have administrative access to
SW1 and SW3, but not SW2. Referring to the exhibit, which three configuration
statements must be added to SW1 to allow ingress STP BPDUs on port ge-0/0/16 to pass
to SW3 for VLAN 300 only? (Choose three.)
JN0-643
A. set vlans v500 vlan-id 500 interface ge-0/0/16.0 mapping 300 swap
B. set vlans v500 vlan-id 500 dot1q-tunneling layer2-protocol-tunneling stp
C. set vlans v500 vlan-id 500 interface ge-0/0/16.0 mapping 300 push
D. set ethernet-switching-options dot1q-tunneling ether-type 0x8100
E. set vlans v500 vlan-id 500 interface ge-0/0/20.0 mapping 300 push
Answer: B, C, D
QUESTION: 116
-- Exhibit --
[edit protocols]
user@switch# commit
[edit protocols ]
'mstp'
Another xSTP protocol is enabled
error : Another xSTP protocol is enabled
-- Exhibit --
Referring to the exhibit, a customer is receiving an error while committing the operation
on the switch. What are two reasons for this problem? (Choose two.)
A. VSTP and RSTP are both configured.

B. MSTP and RSTP are both configured.
C. Only STP is configured.
D. MSTP and STP are both configured.
Answer: B, D
QUESTION: 117
-- Exhibit --
user@SwitchA# show protocols mstp
msti 1 {
vlan [10 20];
JN0-643
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
user@SwitchB# show protocols mstp
bridge-priority 8k;
msti 1 {
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
user@SwitchA>monitor traffic interface xe-0/0/0 no-resolve extensive
10:36:00.594220 Out STP 802.1s, Rapid STP, CIST Flags [Forward, Agreement], CIST
bridge-id
4000.5c:5e:ab:72:da:41.8215, length 118
message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
CIST root-id 4000.5c:5e:ab:72:da:41, ext-pathcost 0 int-pathcost 0, port-role Designated
CIST regional-root-id 4000.5c:5e:ab:72:da:41
MSTP Configuration Name regio-2, revision 0, digest
ca136a235706b316c8db8f921067a68f
CIST remaining-hops 20
MSTI 1, Flags [Proposal, Forward, Agreement], port-role Designated
MSTI regional-root-id 4001.5c:5e:ab:72:da:41, pathcost 0
MSTI bridge-prio 4, port-prio 8, hops 2010:36:00.594220
10:36:00.594223 Out 802.1s, Rapid STP, CIST Flags [Forward, Agreement], CIST bridge-
id
4000.5c:5e:ab:72:da:41.8215, length 118
message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
CIST root-id 4000.5c:5e:ab:72:da:41, ext-pathcost 0 int-pathcost 0, port-role Designated
CIST regional-root-id 4000.5c:5e:ab:72:da:41
MSTP Configuration Name regio-2, revision 0, digest
ca136a235706b316c8db8f921067a68f
CIST remaining-hops 20
MSTI 1, Flags [Proposal, Forward, Agreement], port-role Designated
MSTI regional-root-id 4001.5c:5e:ab:72:da:41, pathcost 0
MSTI bridge-prio 4, port-prio 8, hops 20
-- Exhibit --
JN0-643
Referring to the exhibit, a customer notices that MSTP is not converging on MSTI 2. To
troubleshoot the problem, the customer captured traffic on the link (xe-0/0/0) of SwitchA
connecting to SwitchB. Which two situations would cause the problem? (Choose two.)
A. MSTI 1 and MSTI 2 are part of the same MSTP region.

B. The bridge priority value of the MSTI 2 is the same on SwitchA and SwitchB.
C. VLAN 30 and VLAN 40 are not configured on SwitchA.
D. VLAN 30 and VLAN 40 are not members of trunk link xe-0/0/0 on SwitchA.
Answer: C, D
QUESTION: 118
You are asked to implement a captive portal on your EX Series switches. What are three
required steps? (Choose three.)
A. You must create the captive portal login page.

B. You must ensure the Web service is turned on.
C. You must specify the interfaces participating in the captive portal.
D. You must create and apply an authentication profile.
E. You must create an authentication whitelist.
Answer: B, C, D
QUESTION: 119
-- Exhibit --
Controller Maximum Power Guard Management Status Lldp
index power consumption band Priority
0 792.00W 603.50W 0W Class AT_MODE Disabled
-- Exhibit --
A. The switch supports PoE+.

B. The switch is protected against spikes in power demand.
C. The switch supports a maximum power draw per PoE port of 15.4 watts.
D. The switch can manually assign priorities per interface.
JN0-643
Answer: A
QUESTION: 120
You are configuring port ge-0/0/0 on an EX Series switch connected to an IP phone that
does not support LLDP-MED. Which three configuration statements do you need to
accomplish this task? (Choose three.)
A. set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id voice-vlan

B. set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members voice-vlan
C. set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members data-vlan
D. set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id data-vlan
E. set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
Answer: B, D, E
QUESTION: 121
You are configuring CoS classifiers and want to use both BA and MF classification. After
applying the configuration, you realize that the classifiers have a conflict. Which statement
is true?
A. BA classification overrides MF classification.

B. MF classification overrides BA classification.
C. Neither classification method is applied.
D. Both classifications are applied randomly.
Answer: B
QUESTION: 122
On your EX Series switch you must configure a delay buffer for the best effort queue
scheduler named BE-sch which restricts the buffer usage to only 25 percent of the
available buffer size. Which configuration statement will accomplish this task?
A. [edit class-of-service schedulers BE-sch] user@switch# set buffer-size buffer-size

temporal 25
B. [edit class-of-service schedulers BE-sch]
JN0-643
user@switch# set buffer-size buffer-size temporal 25 exact

C. [edit class-of-service schedulers BE-sch]
user@switch# set buffer-size percent 25
D. [edit class-of-service schedulers BE-sch]
user@switch# set buffer-size exact percent 25
Answer: D
QUESTION: 123
A user complains about connectivity problems from their IP address (10.1.1.87) to a server
(10.65.1.100). Which Junos command can help verify connectivity in the network?
A. mroute
B. traceoptions
C. ping
D. clear bgp neighbor
Answer: A
QUESTION: 124
Port authentication falls back to Captive Portal. In which two scenarios would the port
authentication move back to 802.1X? (Choose two.)
A. if any MAC RADIUS request packet is received on the interface and if there are no
sessions in authenticated/authenticating state
B. if Captive Portal is deactivated on the interface
C. if the user gets logged out
D. if the EAP packet is received on the interface and if there are no sessions in
authenticated/authenticating state
Answer: B, D
QUESTION: 125
A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use
a single IGP for both IPv4 and IPv6 traffic. Which protocol meets this requirement?
JN0-643
A. OSPFv2
B. BGPv4
C. ES-ISv1
D. OSPFv3
Answer: D
QUESTION: 126
A Layer 2 forwarding loop occurred on your network during a scheduled maintenance
period. You must prevent this behavior in the future. Which protocol should you enable on
the EX Series switch to address this condition in the future?
A. DVMRP
B. L2TPv3
C. STP
D. RSVP
Answer: D
QUESTION: 127
You have implemented 802.1X authentication in your Layer 2 network and you have only
a single RADIUS server. You are asked to ensure that if the RADIUS server becomes
unreachable or fails, users connected to the ge-0/0/0 port are still able to reach the Internet
using a predefined guest VLAN. Which command allows this access?
A. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest
B. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name
guest
C. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan
guest
D. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign
guest
JN0-643
Answer: B
QUESTION: 128
Which option is a valid IPv6 multicast address?
A. fe80::205:8640:471:3200/64
B. ::172.16.0.5/126
C. ff03:365:ba::23
D. ff01:cgfc:345::226:8ff:fee4:bf6f
Answer: C
QUESTION: 129
A company is deploying a new 802.1X port-based security infrastructure to allow users to
access resources through wired Ethernet ports. However they recently deployed an RSA
token-based system for users to connect remotely. The network administrator wants to
reuse the same security database for 802.1X port-based security. Which 802.1X
authentication protocol is required?
A. EAP-TLS
B. LAN-PEAP
C. RSA-EAP
D. EAP-TTLS
Answer: D
QUESTION: 130
Which protocol reachability is advertised by OSPFv2?
A. IPv4
B. IPv5
C. IPv6
D. ISO
JN0-643
Answer: D
QUESTION: 131
Which AS path regular expression matches only routes originated in your AS?
A. "6573.*"
B. ".*"
C. "{"
D. "^$"
Answer: D
QUESTION: 132
Voice traffic is coming in on UDP port 17689. This traffic must be classified into the
expedited-forwarding forwarding class. Which type of classifier is needed?
A. code point alias

B. rewrite marker
C. multifield
D. behavior aggregate
Answer: C
QUESTION: 133
Which three attributes must a BGP update contain? (Choose three.)
A. next-hop
B. MED
C. origin
D. AS-path
E. local preference
Answer: A, C, D
JN0-643
QUESTION: 134
You must configure your access switch with more than 3000 VLANs and you want the
ability to load-balance across them. Which spanning-tree approach has the least impact on
control-plane performance?
A. Configure your access switch with a load-balancing policy and apply it under [edit
protocols rstp].
B. Configure your access switch for Rapid-PVST+.
C. Configure your access switch for MSTP, incorporating the use of MSTIs.
D. Configure your access switch for both VSTP and RSTP.
Answer: C
QUESTION: 135
You are implementing MSTP in your network. Which three values must match on all
switches within the MST region? (Choose three)
A. Context identifier
B. Region name
C. VLANs
D. Revision
E. Configuration manifest
Answer: B, C, D
QUESTION: 136
You have been asked to implement a private VLAN with two community VLANs. This
private VLAN will be confined to a single switch in your Layer 2 network. This private
VLAN, along with other VLANs configured on the switch, will require gateway services
provided through a connected router. Which statement about this deployment is true?
A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.
C. Both community VLANs must have an assigned VLAN IDs.
D. A minimum of one private VLAN trunk port is required.
JN0-643
Answer: B
QUESTION: 137
During the BGP route-resolution process, the Junos OS must calculate the appropriate
next-hop based on the BGP protocol next-hop attribute. Which two routing tables are
checked during this process in a default Junos configuration? (Choose two.)
A. inet.0
B. inet.1
C. inet.2
D. inet.3
Answer: A, D
QUESTION: 138
You have a requirement for a device to provide 20 W of power over Ethernet. What meets
this requirement?
A. Bond two standard PoE ports together to achieve 30.8 W of power.

B. Install an external redundant power supply in the switch to increase the total power
load.
C. Select a switch that has PoE+ support.
D. Enable LLDP-MED to transfer power from other switches.
Answer: C
QUESTION: 139
R1 has an OSPF adjacency with R2 over a point-to-point link. Which three statements
about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are
true? (Choose three.)
A. It has a value in the link ID field with R2's interface IP address.

B. It has a value in the link ID field with R2's router ID.
C. It has a link-type of point-to-point (Type 1).
D. It has a link-type of Transit (Type 2).
E. It has a link-type of stub (Type 3).
JN0-643
Answer: B, D, E
QUESTION: 140
What is the significance of the multicast address range 224.0.0.1 through 224.0.0.254?
A. They have link-local scope.

B. They have administrative region scope.
C. They are reserved for future use.
D. They have a scope of two or more hops from a router.
Answer: A
QUESTION: 141
You must prioritize VoIP packets on your network. Which feature will accomplish this
goal?
A. RSVP
B. Multicast Routing
C. VPLS
D. Class of Service
Answer: C
QUESTION: 142
You notice that a number of IGMP leave group messages are passing through a BMA
network and are impacting the network's performance. What would you do to resolve this
issue without affecting multicast traffic?
A. Apply an import policy to control leave group messages.

B. Suppress group-specific queries.
C. Suppress generic IGMP queries.
D. Enable promiscuous-mode in IGMP.
JN0-643
Answer: B
QUESTION: 143
A network administrator is configuring CoS on a switch and assigns forwarding classes
call-sig and critical to the same queue number per the configuration below: class-of-
service {
forwarding-classes {
class best-effort queue-num 0; class bulk-data queue-num 1; class critical queue-num 3;
class voice queue-num 6; class call-sig queue-num 3;
}
}
Based on the configuration, which option prioritizes call-sig traffic over critical traffic?
A. Assign call-sig and critical to different schedulers.

B. Assign call-sig and critical to different scheduler maps.
C. Assign a loss priority of high to the packets in the critical forwarding class and
configure drop profiles in the scheduler configuration.
D. Assign a loss priority of high to the packets in the critical forwarding class and set
priority high in the scheduler configuration.
Answer: C
QUESTION: 144
A Layer 2 transparent firewall separates two OSPFv3 routers. For the two OSPFv3 routers
to form an adjacency, which protocol must be permitted on the firewall?
A. IPv4 protocol 89
B. IPv6 protocol 89
C. TCP port 89
D. UDP port 89
Answer: B
QUESTION: 145
In MSTP, which two factors determine the root bridge in each region? (Choose two.)
JN0-643
A. The switch with the higher priority becomes the root bridge.
B. The switch with the lower priority becomes the root bridge.
C. The switch with the lower MAC address becomes the root bridge when priorities are
tied.
D. The switch with the higher MAC address becomes the root bridge when priorities are
tied.
Answer: B, C
QUESTION: 146
Which two LSA types are only generated by an ABR router? (Choose two.)
A. ASBR summary LSA (Type 4)

B. ASBR LSA (Type 5)
C. Summary LSA (Type 3)
D. Router LSA (Type 1)
Answer: A, C
QUESTION: 147
Which two statements about MVRP on EX Series switches are true? (Choose two.)
A. MVRP can add VLANs on access interfaces.

B. MVRP can add VLANs on trunk interfaces.
C. MVRP adds VLANs on MVRP-enabled interfaces by default.
D. MVRP is in transparent mode on MVRP-enabled interfaces by default.
Answer: B, C
QUESTION: 148
A company's security policy does not allow outside computers or smart phones into their
work areas. All company-provided computers are strictly controlled using 802.1X
authentication on all of their switches. All computers obtain DHCP IP addresses from
centralized servers and all switches have IP spoofing enabled. However, one of the
computers was able to send IP spoofed packets. Why did the IP spoof feature fail to
prevent the spoofed packets from being forwarded?
JN0-643
A. The IP source guard database timeout was set too low.

B. The DHCP snooping feature was not enabled on any of the switches.
C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic
ARP Inspection feature.
D. 802.1X feature was not enabled on the port that was directly connected to the infected
computer.
Answer: B
QUESTION: 149
What is a valid router ID configuration for OSPFv3 in the Junos OS?
A. set routing-options router-id 2001:1:2::1

B. set protocols ospf3 router-id fe80:223:2887:ab31::1
C. set routing-options router-id 224.1.0.1
D. set protocols ospf3 router-id 10.8.3.9
Answer: C
QUESTION: 150
You are setting up a new switch in your network that is using MSTP. You have configured
all access ports as edge ports, and you want to make sure that the access ports can never
transition to nonedge ports. How can you meet this requirement?
A. Configure the interfaces as shared.

B. Configure the hello-time option as zero.
C. Configure the interfaces as a no-root-port.
D. Configure bpdu-block-on-edge.
Answer: D
QUESTION: 151
When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-
path tree? (Choose two.)
JN0-643
A. Multicast traffic received at the receiver's designated router (DR).

B. PIM join received at the receiver's designated router (DR).
C. PIM join received at the source designated router (DR).
D. PIM registers received by the rendezvous point (RP).
Answer: A, D
QUESTION: 152
A coffee shop offering free Internet service to customers wants to implement the following
security policies:
1. Every customer must agree to a set of terms and conditions before accessing the
Internet.
2. Log out customers that are logged in for more than one hour.
3. Log out customers that are idle for more than 5 minutes.
4. Authenticate employee desktop computers with known hardware addresses in the office
of the coffee shop to access the Internet without the above restrictions.
The following configuration has been applied to the switch:
set access radius-server 172.16.14.26 port 1812
set access radius-server 172.16.14.26 secret Am@zingC00f33
set access profile dot1x authentication-order radius
set access profile dot1x radius authentication-server 172.27.14.226
What would you add to implement these policies?
A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols
dot1x authenticator interface ge-0/0/12.0 mac-radius
set protocols dot1x authenticator authentication-profile-name dot1x set services captive-
portal authentication-profile-name dot1x
set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https
set services captive-portal custom-options header-message “Welcome to Our Coffee
Shop” set services captive-portal custom-options banner-message “Terms and Conditions
of Use"
B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator authentication-profile-name dot1x set services captive-
portal authentication-profile-name dot1x
JN0-643

of Use"
C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x
authenticator authentication-profile-name dot1x set services captive-portal authentication-
profile-name dot1x
set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal
interface ge-0/0/12.0 user-timeout 3600 set services captive-portal secure-authentication
https
of Use"
D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius
set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x
authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator
authentication-profile-name dot1x
set services captive-portal authentication-profile-name dot1x set services captive-portal
interface ge-0/0/12.0
Shop”set services captive-portal custom-options banner-message “Terms and Conditions
of Use"
Answer: A
QUESTION: 153
What is an IP multicast routing protocol?
A. RSVP
B. OSPF
C. PIM
D. CDP
Answer: A
QUESTION: 154
JN0-643
Which version of BGP would an enterprise use to peer with an ISP?
A. Confederation BGP
B. External BGP
C. Internal BGP
D. Labeled-Unicast
Answer: C
QUESTION: 155
You are setting up a new switch in your network that is using MSTP. You want to make
sure that any port connected to a host starts forwarding traffic immediately. How can you
meet this requirement?
A. Configure the interfaces as point-to-point.

B. Configure the interfaces as edge.
C. Configure the forward-delay option as zero.
D. Configure the interfaces as shared.
Answer: B
QUESTION: 156
You have been asked to implement 802.1X in your network and to ensure that all
authorized users continue to be permitted should the RADIUS server fail. Which solution
will satisfy this requirement?
A. Implement the persistent MAC feature with the override option.

B. Implement the server fail fallback feature with the use-cache option.
C. Implement the persistent MAC feature with the use-cache option.
D. Implement the server fail fallback feature with the override option.
Answer: B
QUESTION: 157
How does an administrator block IGMP reports for the 239.0.0.0/8 group range?
JN0-643
A. Create a routing policy and apply it to IGMP using the group-policy feature.
B. Create a routing policy and apply it to IGMP using the report-policy feature.
C. Create a routing policy and apply it to IGMP as export.
D. Create a routing policy and apply it to IGMP as import.
Answer: A
QUESTION: 158
You have been asked to implement a private VLAN with two community VLANs. This
private VLAN must span multiple switches in your Layer 2 network. Which two
statements about this deployment are true? (Choose two.)
A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.
C. Both community VLANs must have assigned VLAN IDs.
D. A minimum of one private VLAN trunk port is required.
Answer: C, D
QUESTION: 159
Which configuration parameter causes a router to ignore router ID and peer ID from the
BGP route selection algorithm?
A. multihop
B. as-path loops
C. multipath
D. next-hop self
Answer: C
QUESTION: 160
If your WAN-edge router is multihomed to different ISPs, which two BGP attributes
would you modify to affect outbound traffic? (Choose two.)
JN0-643
A. MED
B. origin
C. local preference
D. community
Answer: B, C
QUESTION: 161
A medium-sized enterprise has some devices that are 802.1X capable and some that are
not. Any device that fails authentication must be provided limited access through a VLAN
called NONAUTH. How do you provide this access?
A. Configure NONAUTH VLAN as the guest VLAN.

B. Configure NONAUTH VLAN as the server-reject VLAN.
C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN.
D. Configure a separate VLAN for each type of user: 802.1X and non-802.1X.
Answer: C
QUESTION: 162
When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path
tree?
A. Multicast traffic received at the receiver's designated router (DR).

B. An IGMPv3 report received at the receiver's designated router (DR).
C. Multicast traffic received at the rendezvous point (RP).
D. An IGMPv3 report received at the source's designated router (DR).
Answer: B
QUESTION: 163
Which statement regarding LLDP update messages is correct?
A. Updates can be secured using the MD5 algorithm.
JN0-643
B. Updates are advertised every 60 seconds by default.

C. Updates require bidirectional communication.
D. Updates can be triggered by local changes.
Answer: D
QUESTION: 164
When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which
authentication sequence occurs?
A. The authentication sequence is based on the order of the configuration.

B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out,
802.1X will start.
C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by
the RADIUS server, then Captive Portal will start.
D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the
RADIUS server, then Captive Portal will start.
Answer: D
QUESTION: 165
You are troubleshooting a problem on interface ge-0/0/3. Which command shows statistics
in real time?
A. show interfaces statistics

B. monitor interface statistics ge-0/0/3
C. monitor interface traffic
D. monitor traffic interface ge-0/0/3
Answer: C
QUESTION: 166
Which CoS component helps with TCP global synchronization problems?
A. WRR with rewrite rules
JN0-643
B. WRED with drop profiles

C. tail drop profiles with a behavior aggregate classifier
D. exact term with a scheduler
Answer: B
QUESTION: 167
You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support
varying requirements, interfaces ge-0/0/0 through ge-0/0/3 should each be rate-limited
separately, using the same parameters. What is the correct way to meet these
requirements?
A. Configure a single policer and apply it directly on the appropriate interfaces.

B. Configure four policers and apply each one directly on the appropriate interface.
C. Configure a policer and reference it in a firewall filter that uses the interface-specific
option; apply the filter to the appropriate interfaces.
D. Configure four policers and reference them all in a firewall filter; apply the filter to the
appropriate interfaces.
Answer: C
QUESTION: 168
You are configuring BGP peering with a neighboring AS. Multiple physical links exist
between your edge router and the neighboring edge router, and you want a configuration
that supports the highest degree of redundancy. How can you implement this scenario?
A. Configure multiple peerings between the routers’ physical interfaces.

B. Use the multipath feature.
C. Configure multiple peerings between the routers’ logical interfaces.
D. Use the multihop feature.
Answer: D
QUESTION: 169
An OSPF router is an ABR but not an ASBR. Which three types of LSAs would you
expect this router to generate? (Choose three.)
JN0-643
A. Type 1 LSA
B. Type 3 LSA
C. Type 4 LSA
D. Type 5 LSA
E. Type 6 LSA
Answer: A, B, C
QUESTION: 170
-- Exhibit --
user@R1> show configuration protocols pim rp
local {
address 192.168.3.1;
}
auto-rp discovery;
static {
address 192.168.5.1;
}
user@R1> show route 192.168.0.0/16
+ = Active Route, - = Last Active, * = Both
192.168.2.1/32 *[Direct/0] 3w4d 04:58:14
> via lo0.0
192.168.5.1/32 *[OSPF/10] 00:52:25, metric 1
> via lt-0/0/0.0
192.168.10.1/32 *[OSPF/10] 00:48:06, metric 1
> via lt-0/0/0.2
192.168.50.1/32 *[OSPF/10] 00:48:06, metric 1
> via lt-0/0/0.4
-- Exhibit --
Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of
192.168.10.1 and BSR messages specifying an RP-set with an RP of 192.168.50.1. Which
address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?
A. 192.168.3.1
B. 192.168.5.1
C. 192.168.10.1
D. 192.168.50.1
JN0-643
Answer: D
QUESTION: 171
-- Exhibit –
-- Exhibit --
In the exhibit, customers connected to Area 3 must have access to external prefixes
received from the data center connected to the router in Area 1. These configurations are
currently applied to the routers in Area 1: {master:0}[edit]
user@Area-1-ABR# show protocols ospf
no-nssa-abr; area 0.0.0.1 { nssa;
}
{master:0}[edit]
user@Area-1-External# show protocols ospf
JN0-643
area 0.0.0.1 {
stub no-summaries;
}
What must you change for these configurations to work?
A. Configure the ABR router in Area 1 to support a virtual link.

B. Delete no-summary-lsa from the ABR router in Area 1.
C. Configure the external router in Area 1 for NSSA.
D. Configure the ABR in Area 1 for a default LSA with a default-metric of 10 and no-
summaries.
Answer: C
QUESTION: 172
-- Exhibit --
20.0.0.0/8 *[BGP/170] 01:10:38, localpref 100, from 10.0.0.1
AS path: 100 I
> to 15.0.0.2 via ge-0/0/0.0
[BGP/170] 00:00:59, localpref 100
AS path: 100 ?
> to 35.0.0.2 via ge-0/0/1.0
-- Exhibit --
Referring to the output in the exhibit, why does the router prefer the path toward interface
ge-0/0/0.0 for the 20.0.0.0/8 route?
A. The origin is IGP.

B. The origin is unknown.
C. The AS path is longer.
D. Multihop is enabled.
Answer: A
QUESTION: 173
-- Exhibit --
Interface State Area DR ID BDR ID Nbrs
em2.0 DR 0.0.0.2 10.94.164.116 10.1.1.1 1
JN0-643
TypE. LAN, Address: 11.1.1.2, Mask: 255.255.255.252, MTU: 1500, Cost: 1

DR addr: 11.1.1.2, BDR addr: 11.1.1.1, Priority: 128
Adj count: 1
Hello: 10, DeaD. 40, ReXmit: 5, Stub
Auth typE. None
Protection typE. None
Topology default (ID 0) -> Cost: 1
-- Exhibit --
A. The OSPF cost of the interface is 128.

B. The authentication type of the area is MD5.
C. This interface is part of a stub area.
D. This router is the BDR.
Answer: C
QUESTION: 174
-- Exhibit --
user@switch# run show spanning-tree statistics interface ge-0/0/0
STP interface statistics for VLAN 10
Interface BPDUs sent BPDUs received Next BPDU
transmission
ge-0/0/0.0 170 3 0
STP interface statistics for VLAN 20
Interface BPDUs sent BPDUs received Next BPDU
transmission
ge-0/0/0.0 171 3 0
-- Exhibit --
Based on the exhibit, which spanning-tree protocol is running on ge-0/0/0?
A. VSTP
B. MSTP
C. RSTP
D. PVST
Answer: A
JN0-643
QUESTION: 175
-- Exhibit –
-- Exhibit --
Click the Exhibit button
Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling
implementation are true? (Choose two.)
A. The ge-0/0/0 interface on Provider Bridge A must be configured as an access port.

B. The ge-0/0/0 interface on Provider Bridge A must be configured as a trunk port.
C. Provider Bridge B will make forwarding decisions using a MAC table associated with
VLAN ID 100.
D. Provider Bridge B will make forwarding decisions using a MAC table associated with
VLAN ID 200.
Answer: A, D
QUESTION: 176
-- Exhibit –
JN0-643
-- Exhibit --
You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations
shown in the exhibit. What must be changed on Switch_A to allow both Dot1q-tunneling
VLANs and non-Dot1q- tunneling VLANs on the same trunk interface?
A. Change the Dot1q-tunneling Ethertype to 0x9100.

B. Change the Dot1q-tunneling Ethertype to 0x88a8.
C. Change the Dot1q-tunneling Ethertype to 0x8100.
D. Change the Dot1q-tunneling Ethertype to 0x98a8.
Answer: C
QUESTION: 177
-- Exhibit –
JN0-643
-- Exhibit --
In the exhibit, Host2 is the only host currently joining group 231.1.1.1, but S1 is still
flooding the traffic to all hosts on VLAN 100. What feature can be configured on S1 to
limit the multicast flooding of traffic to only interested hosts on VLAN 100?
A. Multicast scoping
B. IGMP snooping
C. Multicast VLAN registration
D. IGMP immediate leave
Answer: B
QUESTION: 178
-- Exhibit --
{master:0}[edit]
user@switch# show protocols vstp
vlan 100;
{master:0}[edit]
ser@switch# run show spanning-tree bridge
Context ID : 1
Enabled protocol : RSTP
STP bridge parameters for VLAN 100
Root ID : 32868.50:c5:8d:ae:94:80
Hello time : 2 seconds Maximum age : 20 seconds Forward delay : 15 seconds Message
age : 0
JN0-643
Local parameters
Bridge ID : 32868.50:c5:8d:ae:94:80
{master:0}[edit]
user@switch# run show spanning-tree interface
{master:0}[edit]
user@switch#
-- Exhibit --
Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?
A. No interfaces are assigned to VLAN 100.

B. Your MSTI is misconfigured.
C. RSTP is configured in addition to VSTP.
D. No native VLAN is configured.
Answer: A
QUESTION: 179
-- Exhibit –
JN0-643
-- Exhibit --
Referring to the exhibit, what is the correct RPF path toward the multicast source from
R6?
A. R6-R5
B. R6-R7-R4-R5
C. R6-R4-R5
D. R6-R4-R3-R2-R5
Answer: A
QUESTION: 180
-- Exhibit --
{master:0}[edit]
user@switch# show ethernet-switching-options voip
vlan phones;
}
{master:0}[edit]
unit 0 {
port-mode access;
vlan {
members internet;
}
}
}
{master:0}[edit] user@switch# show vlans hr {
vlan-id 513;
}
internet {
vlan-id 15;
}
phones {
vlan-id 25;
}
JN0-643
servers {
vlan-id 30;
}
{master:0}[edit]
description uplink;
unit 0 {
port-mode trunk;
vlan {
members [ hr internet ];
}
}
}
-- Exhibit --
You have recently implemented a Layer 2 network designed to support VoIP. Users have
reported that they cannot use their IP phones to make calls. Based on the switch
configuration shown in the exhibit, which command will resolve this issue?
A. set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members phones

B. set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode trunk
C. set ethernet-switching-options voip interface ge-0/0/23 vlan phones
D. set vlans phones vlan-id 513
Answer: A
QUESTION: 181
-- Exhibit –
JN0-643
-- Exhibit --
Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?
A. R2-R3
B. R2-R5-R4
C. R3
D. R2-R4
Answer: C
QUESTION: 182
-- Exhibit --
Mar 16 18:39:15.800390 BGP RECV 172.14.10.2+57785 -> 172.14.10.1+179
Mar 16 18:39:15.800932 BGP RECV message type 1 (Open) length 59
Mar 16 18:39:15.800995 BGP RECV version 4 as 2 holdtime 90 id 192.168.5.1 parmlen
30
Mar 16 18:39:15.801064 BGP RECV MP capability AFI=2, SAFI=1
Mar 16 18:39:15.801112 BGP RECV Refresh capability, code=128
Mar 16 18:39:15.801224 BGP RECV Restart capability, code=64, time=120, flags=
Mar 16 18:39:15.801289 BGP RECV 4 Byte AS-Path capability (65), as_num 2
Mar 16 18:39:15.801705 advertising receiving-speaker only capabilty to neighbor
172.14.10.2 (External AS 2)
Mar 16 18:39:15.801787 bgp_senD. sending 59 bytes to 172.14.10.2 (External AS 2)
Mar 16 18:39:15.801845
Mar 16 18:39:15.801845 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785
JN0-643
Mar 16 18:39:15.801933 BGP SEND message type 1 (Open) length 59

Mar 16 18:39:15.801991 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen
30
Mar 16 18:39:15.802054 BGP SEND MP capability AFI=1, SAFI=1
Mar 16 18:39:15.802115 BGP SEND Refresh capability, code=128
Mar 16 18:39:15.802227 BGP SEND Restart capability, code=64, time=120, flags=
Mar 16 18:39:15.802292 BGP SEND 4 Byte AS-Path capability (65), as_num 1
Mar 16 18:39:15.802615 bgp_process_caps: mismatch NLRI with 172.14.10.2 (External
AS 2): peer: <inet6-unicast>(16) us: <inet-unicast>(1)
Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2
(External AS 2): code 2 (Open Message Error) subcode 7 (unsupported capability) value 1
Mar 16 18:39:15.802969
Mar 16 18:39:15.802969 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785
Mar 16 18:39:15.803057 BGP SEND message type 3 (Notification) length 23
Mar 16 18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7
(unsupported capability)
Mar 16 18:39:15.803179 BGP SEND Data (2 bytes): 00 01
-- Exhibit --
Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in
Established state?
A. BGP refresh is not supported.

B. There is a router ID mismatch.
C. IPv6 is not supported on the local peer.
D. The peer AS number is misconfigured.
Answer: C
QUESTION: 183
-- Exhibit –
JN0-643
-- Exhibit --
In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?
A. The router has connectivity to all areas.

B. The router has connectivity to Area 8 only.
C. The router has connectivity to Area 2 only.
D. The router has connectivity to all routers in Area 8 and Area 2.
Answer: D
QUESTION: 184
-- Exhibit --
user@router> show class-of-service scheduler-map two
Scheduler map: two, Index: 56974
Scheduler: sch-best-effort, Forwarding class: best-effort, Index: 26057
Transmit ratE. 1 percent, Rate Limit: exact, Buffer sizE. remainder,
Buffer Limit: exact, Priority: low Excess Priority: unspecified Drop profiles:
JN0-643
Loss priority Protocol Index Name

Low any 1 <default-drop-profile>
Medium low any 1 <default-drop-profile>
Medium high any 1 <default-drop-profile>
High any 1 <default-drop-profile>
Scheduler: sch-expedited-forwarding, Forwarding class:
expedited-forwarding, Index: 10026
Transmit ratE. 1 percent, Rate Limit: none, Buffer sizE. 1 percent,
Buffer Limit: none, Priority: high Excess Priority: unspecified Drop profiles:
Loss priority Protocol Index Name
Low any 1 <default-drop-profile>
Medium low any 1 <default-drop-profile>
Medium high any 1 <default-drop-profile>
High any 1 <default-drop-profile>
user@router> show interfaces ge-0/0/1 extensive | find "CoS Information"
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer
Priority Limit
% bps % usec
0 best-effort 1 10000000 r 0
low exact
1 expedited-forwarding 1 10000000 1 0
high none
Logical interface ge-0/0/1.823 (Index 74) (SNMP ifIndex 506) (Generation 139)
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.823 ] Encapsulation: ENET2
Traffic statistics:
Input bytes : 1820224529
Output bytes : 6505980
Input packets: 1436371
Output packets: 75905
(... output truncated ...)
user@router> show interfaces ge-0/0/1 extensive | find "Queue Counters"
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 1343970 1343970 7105
1 expedited-fo 53987 53987
0
2 assured-forw 0 0
0
3 network-cont 0 0
0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
JN0-643
2 assured-forwarding
3 network-control Active alarms : None Active defects : None
(... output truncated ...)
-- Exhibit --
Based on the configuration in the exhibit, why are you seeing drops in the best-effort
queue on the SRX Series platform?
A. The drop-profile fill level is set too low.

B. Packets are dropped by a firewall policy.
C. The best-effort queue is being shaped.
D. The scheduler is not being applied correctly.
Answer: C
QUESTION: 185
-- Exhibit --
[edit protocols bgp] user@router# show group ext-peer2 { type external;
peer-as 1;
neighbor 192.168.2.1;
}
[edit protocols bgp]
user@router# run show route 192.168.2.1
192.168.2.1/32 *[Static/5] 00:01:56
> to 172.14.10.1 via ge-0/0/1.0
[edit protocols bgp]
user@router# run show bgp summary
Groups: 1 Peers: 1 Down peers: 1
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
inet6.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
192.168.2.1 1 0 0 0 0 14 Idle
-- Exhibit --
JN0-643
Looking at the output in the exhibit, why is the BGP neighbor not in Established state?
A. BGP Refresh is not supported.

B. Multihop is not configured.
C. The peer address is not reachable.
D. Authentication is configured.
Answer: B
QUESTION: 186
-- Exhibit --
user@SwitchA# show protocols dot1x
authenticator {
JN0-643
authentication-profile-name dot1x;
interface {
ge-0/0/0.0 {
supplicant single;
}
ge-0/0/1.0 {
supplicant single-secure;
}
ge-0/0/2.0 {
supplicant multiple;
}
}
}
{master:0}[edit] user@SwitchA# show access radius-server {
172.27.14.226 {
port 1812;
secret "$9$vqs8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA
}
}
profile dot1x { authentication-order radius; radius {
authentication-server 172.27.14.226;
accounting-server 172.27.14.226;
}
accounting {
order radius;
immediate-update;
}
}
{master:0}[edit]
user@SwitchA#
-- Exhibit --
Referring to the exhibit, which three statements describe correct behavior of Switch A?
(Choose three.)
A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with
their correct user credentials.
B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with
their correct user credentials.
C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with
its correct credentials only after the first user logs out.
D. Switch A allows complete access to all users connected to port ge-0/0/0 without
authentication after the first user has logged in with its correct user credentials.
JN0-643
E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely
log in using HTTPS with their correct user credentials.
Answer: A, C, D
QUESTION: 187
-- Exhibit --
Mar 16 17:48:06.145257 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area
0.0.0.1)
192.168.2.1
state QUIET->GEN_PENDING
Mar 16 17:48:13.013661 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.1 lsa-id
192.168.2.1
192.168.2.1
state GEN_PENDING->QUIET
Mar 16 17:48:13.017636 OSPF built router LSA, area 0.0.0.1, link count 2
area
0.0.0.1)
area 0.0.0.1)
Mar 16 17:48:13.432025 OSPF packet ignoreD. area mismatch (0.0.0.0) from 172.14.10.2
on intf ge-0/0/1.0 area 0.0.0.1
Mar 16 17:48:13.432135 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69
area 0.0.0.1)
Mar 16 17:48:13.432274 checksum 0x8065, authtype 0
commit complete
JN0-643
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init
state?
A. There is an MTU mismatch.

B. There is a network mask mismatch.
C. The routers are in different areas.
D. No BDR has been elected.
Answer: C
QUESTION: 188
-- Exhibit –
-- Exhibit --
A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in
the exhibit, two links are being used for this configuration. The goal of this configuration
is to load-balance traffic across both EBGP links. Which configuration accomplishes this
goal?
A. {master:0}[edit]
user@router# show protocols bgp group External {
JN0-643
multihop;
local-address 192.168.2.1;
peer-as 65532; neighbor 10.10.2.2; neighbor 10.20.2.2;
}
{master:0}[edit]
user@router# show routing-options static {
route 192.168.5.1/32 next-hop 192.168.2.1;
}
autonomous-system 65432;
B. {master:0}[edit]
multihop;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ];
}
forwarding-table {
export load-balance;
}
{master:0}[edit]
user@router# show policy-options policy-statement load-balance term balance {
then {
load-balance per-packet;
accept;
}
}
C. {master:0}[edit]
multi-path;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ];
}
D. {master:0}[edit]
JN0-643

multipath;
}
{master:0}[edit]
route 192.168.5.1/32 next-hop 192.168.2.1;
}
Answer: B
QUESTION: 189
-- Exhibit –
-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising
them into Area 1 using an export policy. You do not want any of the RIP routes to be in
the routing table of R1. Which two solutions meet this requirement? (Choose two.)
A. On R1, configure an export policy to reject the routes.

B. On R1, configure an import policy to reject the routes.
C. On R1, configure each address as a martian route.
D. On R1, configure the no-nssa-abr option.
JN0-643
Answer: B, C
QUESTION: 190
-- Exhibit –
-- Exhibit --
In the exhibit, a customer wants to configure an EBGP connection to two different routers
in a neighboring autonomous system. The goal of this configuration is to use per-prefix
load balancing across both EBGP links. Which configuration accomplishes this goal?
A. {master:0}[edit]
multihop;
}
B. {master:0}[edit]
multipath;
}
C. {master:0}[edit]
multihop;
}
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
JN0-643
}
D. {master:0}[edit]
multihop;
peer-as 65532;
multipath;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
}
Answer: B
QUESTION: 191
-- Exhibit –
-- Exhibit --
Referring to the exhibit, R4 in AS 100 is sending routes 20.0.0.0/8 and 10.0.0.0/8. R3 sees
the routes but R5 does not. What must be configured on the R3 router for the R5 router to
install the routes?
JN0-643
A. a next-hop self policy

B. as-override toward the R5 router
C. as-loops 2
D. local-as 100
Answer: B
QUESTION: 192
-- Exhibit –
-- Exhibit --
You are asked to configure an OSPF virtual link that connects remote Area 4 to the
backbone. Referring to the exhibit, what are two requirements for an OSPF virtual link to
operate correctly? (Choose two.)
JN0-643
A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit
area 1.
B. The interface of the transit area must be of type vt.
C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface
address of the neighbor on the far end.
D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID
(RID) of the neighbor on the far end.
Answer: A, D
QUESTION: 193
-- Exhibit –
-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising
them into Area 1 using an export policy. You want to summarize the RIP routes into Area
0 with the most specific prefix. Which configuration will accomplish goal?
A. [edit protocols] user@R1# show ospf {

area 0.0.0.0 {
area-range 200.1.1.0/29; interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
JN0-643
}
}
B. [edit protocols] user@R1# show ospf {
area 0.0.0.0 { interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/28;
}
}
}
C. [edit protocols] user@R1# show ospf {
area 0.0.0.0 { interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/29;
}
}
}
D. [edit protocols] user@R1# show ospf {
area 0.0.0.0 {
area-range 200.1.1.0/28; interface ge-0/0/1.0; interface ge-0/0/2.0; interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
}
}
Answer: C
QUESTION: 194
-- Exhibit --
user@router> show bgp summary
JN0-643

inet.0 10 8 0 0 0 0
inet6.0 4 3 0 0 0 0
10.0.3.5 65550 41 52 0 2 17:45 5/5/5/0 0/0/0/0
172.16.0.6 65010 52 42 0 2 31 Establ
inet.0: 3/5/5/0
inet6.0: 3/4/4/0
2001:ffff::3:5 65550 43 44 0 4 17:53 Establ
inet6.0: 0/0/0/0
user@router>
-- Exhibit --
Examine the output of the show bgp summary command shown in the exhibit. From which
BGP peer is the router receiving IPv6 routes?
A. 10.0.3.5
B. 172.16.0.6
C. 2001:ffff::3:5
D. 2001:ffff:3:5
Answer: B
QUESTION: 195
-- Exhibit --
user@SwitchA> show dot1x interface detail ge-0/0/2.0
ge-0/0/2.0
RolE. Authenticator Administrative statE. Auto Supplicant modE. Multiple Number of
retries: 3
Quiet perioD. 60 seconds Transmit perioD. 30 seconds Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 3600 seconds
Supplicant timeout: 30 seconds Server timeout: 30 seconds Maximum EAPOL requests: 2
Guest VLAN member: <not configured>
Number of connected supplicants: 2
user@SwitchA>
-- Exhibit --
JN0-643
Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and
Host 2 do not support 802.1X. They can authenticate and connect to the Internet. Host 3
was added and it supports 802.1X; however, it is unable to authenticate.
Referring to the exhibit, how do you allow Host 3 to authenticate to the network but
maintain secure access?
A. Enable fallback authentication for 802.1X.

B. Disable MAC RADIUS Restrict option on ge-0/0/2.
C. Disable MAC RADIUS option on ge-0/0/2.
D. Enable Administrative mode for 802.1X.
Answer: B
QUESTION: 196
-- Exhibit --
user@RP> show pim join extensive
InstancE. PIM.master Family: INET
Group: 224.1.1.1
SourcE. *
RP: 192.168.1.1
Flags: sparse,rptree,wildcard
Upstream interfacE. Local
Upstream neighbor: Local Upstream statE. Local RP Downstream neighbors: InterfacE.
so-0/0/0.0
10.0.1.2 StatE. Join Flags: SRW Timeout: 176
Group: 224.1.1.1
SourcE. 10.0.5.2
Flags: sparse,spt
Upstream interfacE. unknown (no nexthop)
Upstream neighbor: unknown Upstream statE. Local RP Keepalive timeout: 106
InterfacE. so-0/0/0.0
10.0.1.2 StatE. Join Flags: S Timeout: 176
InstancE. PIM.master Family: INET6
-- Exhibit --
The CLI output shown in the exhibit was taken from the RP in a PIM-SM network Which
statement explains the output shown in the exhibit?
JN0-643
A. No tunnel PIC is installed on the RP router.

B. 192.168.1.1 is not a local IP address on the RP router.
C. Multicast traffic is arriving on the so-0/0/0.0 interface.
D. The router does not have a unicast route to 10.0.5.2.
Answer: D
QUESTION: 197
-- Exhibit --
Router *10.0.3.4 10.0.3.4 0x8000000d 30 0x22 0x8d11 132
bits 0x0, link count 9
id 10.1.1.0, data 255.255.255.0, Type Stub (3)
Topology count: 0, Default metriC. 1
id 10.0.4.8, data 255.255.255.252, Type Stub (3)
id 10.0.2.10, data 10.0.2.10, Type Transit (2)
id 172.16.0.6, data 172.16.0.5, Type Transit (2)
id 10.0.3.4, data 255.255.255.255, Type Stub (3)
id 10.0.9.7, data 10.0.2.18, Type PointToPoint (1)
id 10.0.2.16, data 255.255.255.252, Type Stub (3)
id 10.0.3.3, data 10.0.2.6, Type PointToPoint (1)
id 10.0.2.4, data 255.255.255.252, Type Stub (3)
Topology default (ID 0)
TypE. PointToPoint, Node ID. 10.0.3.3
MetriC. 2, Bidirectional
TypE. PointToPoint, Node ID. 10.0.9.7
TypE. Transit, Node ID. 172.16.0.6
TypE. Transit, Node ID. 10.0.2.10
MetriC. 1, Bidirectiona
-- Exhibit --
JN0-643

The exhibit shows the output of an OSPF router LSA.
Which interface ID represents the router's loopback address?
A. ID 10.1.1.0
B. ID 10.0.3.4
C. ID 10.0.3.3
D. ID 10.0.2.4
Answer: B
QUESTION: 198
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
}
}
}
code-point-aliases { inet-precedence { my1 000;
my2 001; cs1 010; cs2 011; cs3 100; cs4 101; cs5 111; cs6 111;
}
}
-- Exhibit --
In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP
precedence bits should be mapped to a forwarding class named best-effort. A classifier
named normal- traffic is defined. What must you add to complete this configuration?
A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the
new code points.
B. Apply classifier normal traffic to the interface hierarchy under the class-of-service
stanza.
C. Configure a rewrite marker on the ingress Gigabit Ethernet interface.
D. Add code point values for the expedited-forwarding forwarding class as well as the
best- effort forwarding class.
JN0-643
Answer: B
QUESTION: 199
-- Exhibit --
user@router> show configuration routing-options autonomous-system
65550;
user@router> show configuration protocols bgp
group ibgp {
type internal;
neighbor 10.0.3.5;
}
group ibgpv6 {
type internal;
local-address 2001:ffff::3:4;
neighbor 2001:ffff::3:5;
}
group as65010 { family inet { unicast;
}
family inet6
unicast;
}
export as65010-out; peer-as 65010; neighbor 172.16.0.6;
}
user@router> show configuration policy-options
policy-statement as65010-out {
term locally-originated { from as-path local-only; then {
metric 7000;
}
}
term from-as65222 {
from as-path as65222-orig;
then as-path-prepend "65550 65550 65550 65550";
}
term transit-as701 {
from as-path transit-as701;
then {
metric 6;
}
}
then accept;
}
as-path local-only "(.*)";
JN0-643
as-path as65222-orig ".* 65222";

as-path transit-as701 ".* 701 .*";
user@router> show route advertising-protocol bgp 172.16.0.6
Prefix Nexthop MED Lclpref AS path
* 10.0.2.0/30 Self 7000 I
* 10.0.2.4/30 Self 7000 I
* 10.0.2.8/30 Self 7000 I
* 10.0.2.16/30 Self 7000 I
* 10.0.3.3/32 Self 7000 I
* 10.0.3.4/32 Self 7000 I
* 10.0.3.5/32 Self 7000 I
* 10.0.4.8/30 Self 7000 I
* 10.0.8.8/30 Self 7000 I
* 10.0.9.9/32 Self 7000 I
* 10.255.255.1/32 Self 7000 I
* 64.142.88.0/24 Self 7000 I
* 130.130.0.0/16 Self 6 65222 46375 701 14203 I
* 131.131.131.0/24 Self 6 65222 46375 701 14203 I
* 132.132.0.0/25 Self 6 65222 46375 701 32934 I
* 133.133.0.0/25 Self 6 65222 46375 701 32934 I
* 134.134.0.0/25 Self 65222 46375 14203 I
* 135.135.0.0/25 Self 65222 46375 14203 14203 I
* 172.16.0.4/30 Self 7000 I
* 172.16.0.12/30 Self 7000 I
* 172.16.200.0/30 172.16.0.6 7000 I
* 192.0.2.0/24 172.16.0.6 7000 I
* 192.168.50.0/24 Self 7000 I
* 192.168.253.0/24 Self 7000 I
* 200.200.0.0/16 172.16.0.6 7000 I
* 200.200.0.1/32 172.16.0.6 7000 I
* 200.200.1.1/32 172.16.0.6 7000 I
* 200.200.200.200/32 172.16.0.6 7000 I
* ::172.16.0.4/126 Self 7000 I
* 2001:1:1::/64 Self 7000 I
* 2001:1:2::/64 Self 7000 I
* 2001:ffff::3:3/128 Self 7000 I
* 2001:ffff::3:4/128 Self 7000 I
* 2001:ffff::3:5/128 Self 7000 I
* 2001:ffff::9:7/128 Self 7000 I
user@router>
-- Exhibit --
JN0-643

You are configuring an EBGP peer in a transit environment. You must advertise routes
learned from other EBGP peers in your AS. Any routes originated from within your AS
should have a MED of 7000 set. Any routes that originate in AS65222 should be
prepended four times. Any routes that transit AS701 should have a MED set to 6. This
scenario results in the unintended advertisement of internal 10.0.0.0/8 networks to your
peer. What caused the accidental advertisement of internal networks to your EBGP peer?
A. Your AS number of 65550 is a private AS number.

B. The BGP group as65010 is configured for both family inet unicast and family inet6
unicast protocol families.
C. The export policy as65010-out is misconfigured.
D. The as-path local-only includes a misconfigured regular expression.
Answer: C
QUESTION: 200
-- Exhibit --
[edit]
user@router# run show ospf database external lsa-id 71.23.48.0 extensive
OSPF AS SCOPE link state database
Extern 71.23.48.0 67.176.255.5 0x80000001 114 0x22 0x171b 36
mask 255.255.248.0
TypE. 2, MetriC. 0, Fwd addr: 0.0.0.0, TaG. 0.0.0.0
Installed 00:01:53 ago, expires in 00:58:06, sent 00:01:53 ago
Last changed 00:01:53 ago, Change count: 1
Extern 71.23.48.0 67.176.255.7 0x8000005a 487 0x22 0x587e 36
mask 255.255.248.0
Last changed 2d 19:33:58 ago, Change count: 1
Extern 71.23.48.0 67.176.255.8 0x8000005c 540 0x22 0xf73e 36
mask 255.255.248.0
JN0-643

Last changed 00:08:59 ago, Change count: 3
-- Exhibit --
As shown in the exhibit, a router is receiving three external LSAs for the prefix 71.23.48.0.
Which path is preferred?
A. The path through 67.176.255.5 is preferred.

B. The path through 67.176.255.7 is preferred.
C. The path through 67.176.255.8 is preferred.
D. The paths through 67.176.255.7 and 67.176.255.8 become active to allow load-
balancing.
Answer: C
QUESTION: 201
-- Exhibit –
JN0-643
- Exhibit --
In the exhibit, the 10.100/16 prefix is introduced at autonomous system 1 (AS1) and
propagated through to AS3. Router A in AS3 receives two different paths to these prefixes,
one through AS2 and the other through AS4. No BGP attributes have been altered. Which
path would router A prefer for the 10.100/16 prefix?
A. the route with the lowest interface address for the EBGP peering session
B. the route with the lowest local preference
C. the route to the EBGP peer that has the lowest RID
D. the route from the EBGP peer that arrived first
Answer: D
JN0-643
QUESTION: 202
-- Exhibit --
[edit]
user@R1# show routing-options router-id
router-id 1.1.1.1;
[edit]
user@R1# show protocols ospf
area 0.0.0.0 {
}
[edit]
router-id 2.2.2.2;
[edit]
area 0.0.0.0 { interface ge-0/0/8.0 { priority 200;
}
}
[edit]
router-id 222.255.255.255;
[edit]
area 0.0.0.0 {
}
[edit]
router-id 239.255.255.255;
[edit]
area 0.0.0.0 { interface ge-0/0/6.0 { priority 0;
}
}
-- Exhibit --
All four routers in the exhibit are in the same broadcast domain. The routers were powered
on at the same time. Based on the configurations, which devices are the DR and the BDR
A. R4 is the DR and R2 is the BDR.

B. R2 is the DR and R3 is the BDR.
C. R2 is the DR and R1 is the BDR.
JN0-643
D. R3 is the DR and R2 is the BDR.
Answer: B
QUESTION: 203
-- Exhibit --
user@router> show interfaces ge-0/0/0 extensive | find "Queue counters"
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 35244 35244 0
1 expedited-fo 258963 59852 199111
2 assured-forw 0 0 0
3 network-cont 1625847 1625847 0
…
-- Exhibit --
You recently deployed an SRX Series Gateway in your network. It uses the default class of
service configuration.
Based on the output in the exhibit, what reason explains the packet drops in Queue 1?
A. Interface ge-0/0/0 should be used only for management network operations.

B. Queue 0 has higher priority than Queue 1.
C. A policer is reclassifying all traffic into Queue 1.
D. No bandwidth reservation exists on Queue 1.
Answer: D
QUESTION: 204
-- Exhibit --
ar 16 19:12:58.291474 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.291624 BGP RECV message type 1 (Open) length 59
Mar 16 19:12:58.291688 BGP RECV version 4 as 2 holdtime 90 id 192.168.2.1 parmlen
30
Mar 16 19:12:58.291752 BGP RECV MP capability AFI=1, SAFI=1
Mar 16 19:12:58.291915 BGP RECV Restart capability, code=64, time=120, flags=
Mar 16 19:12:58.291969 BGP RECV 4 Byte AS-Path capability (65), as_num 2
Mar 16 19:12:58.292385 advertising receiving-speaker only capabilty to neighbor
172.14.10.2 (External AS 2)
JN0-643

Mar 16 19:12:58.292522
Mar 16 19:12:58.292522 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.292601 BGP SEND message type 1 (Open) length 59
Mar 16 19:12:58.293053 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen
30
Mar 16 19:12:58.293124 BGP SEND MP capability AFI=1, SAFI=1
Mar 16 19:12:58.293284 BGP SEND Restart capability, code=64, time=120, flags=
Mar 16 19:12:58.293336 BGP SEND 4 Byte AS-Path capability (65), as_num 1
Mar 16 19:12:58.293573
Mar 16 19:12:58.293573 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.293665 BGP SEND message type 4 (KeepAlive) length 19
Mar 16 19:12:58.296781
Mar 16 19:12:58.296781 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.296897 BGP RECV message type 4 (KeepAlive) length 19
Mar 16 19:12:58.297528
Mar 16 19:12:58.297528 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.298185
Mar 16 19:12:58.298185 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.298273 BGP SEND message type 2 (Update) length 23
Mar 16 19:12:58.298322 BGP SEND End of RIB. AFI 1 SAFI 1
Mar 16 19:12:58.301834
Mar 16 19:12:58.301834 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.302034 bgp_read_v4_messagE. done with 172.14.10.2 (External AS 2)
received 19 octets 0 updates 0 routes
Mar 16 19:12:58.304594
Mar 16 19:12:58.304594 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.304702 BGP RECV message type 2 (Update) length 23
Mar 16 19:12:58.304765 BGP RECV End of RIB. AFI 1 SAFI 1
received 23 octets 1 update 0 routes
Mar 16 19:13:22.968586
Mar 16 19:13:22.968586 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:13:26.901339
Mar 16 19:13:26.901339 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
JN0-643

Mar 16 19:13:51.348180
Mar 16 19:13:51.348180 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:13:53.844160
Mar 16 19:13:53.844160 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
-- Exhibit --
Looking at the traceoptions output, what is the current keepalive timer set for in BGP?
A. 1 second
B. 10 seconds
C. 30 seconds
D. 90 seconds
Answer: C
QUESTION: 205
-- Exhibit –
-- Exhibit --
As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not
support LLDP-MED, but does allow configuration using DHCP. Existing network CoS
JN0-643
policies dictate that VoIP traffic must use VLAN 10. Which two actions put VoIP traffic
onto VLAN 10? (Choose two.)
A. Configure protocols cdp on Switch-1.

B. Manually configure the voice VLAN on the IP phone.
C. Configure vlan 1 under forwarding-options bootp.
D. Configure interface ge-0/0/5 under forwarding-options bootp.
Answer: B, D
QUESTION: 206
-- Exhibit –
-- Exhibit --
Which statement about the non-ABR router in Area 2 in the exhibit is true?
A. The router has connectivity to all areas.
JN0-643
B. The router has connectivity to Area 2 only.

C. The router has connectivity to Area 2 and Area 0.
D. The router has connectivity to Area 2 and Area 8.
Answer: D
QUESTION: 207
-- Exhibit –
-- Exhibit --
Click the Exhibit button. Referring to the exhibit, you want to configure Switch-1 to allow
a user on interface ge- 0/0/10 to accommodate both voice and data traffic. Your phones
and your switches are LLDP-MED capable. What is the minimal configuration that allows
LLDP-MED to autoconfigure your phone's voice VLAN?
A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk

set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set
interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-
switching-options voip interface ge-0/0/10.0 vlan voice_vlan
set protocols lldp-med interface ge-0/0/10.0
B. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set
interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-
switching-options voip interface ge-0/0/10.0 vlan voice_vlan
set protocols lldp interface ge-0/0/10.0
C. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 forwarding-class assured-
forwarding
D. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan
JN0-643
Answer: D
QUESTION: 208
-- Exhibit –
-- Exhibit --
Click the Exhibit button. Site A is sending voice traffic marked with DSCP code EF. SRX
A has the default CoS classifier. Into which forwarding class is SRX A classifying traffic?
A. best-effort
B. expedited-forwarding
C. network-control
D. assured-forwarding
Answer: A
QUESTION: 209
-- Exhibit –
JN0-643
-- Exhibit --
In the exhibit, the routers in the network have a default PIM sparse mode configuration.
R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF next hop for the
RP. Host1 is currently receiving multicast traffic for group 231.1.1.1. Host2 has come
online and is attempting to join group 232.1.1.1. R2 has just received an IGMP message
with the source and group addresses. Which step happens next so that Host2 can join the
multicast group?
A. R2 sends a PIM join upstream towards R3 to join the shared tree.

B. R2 sends a PIM join upstream towards R3 to join the source tree.
C. R2 sends a PIM join upstream towards R1 to join the shared tree.
D. R2 sends a PIM join upstream towards R1 to join the source tree.
Answer: D
QUESTION: 210
-- Exhibit –
-- Exhibit --
JN0-643

In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic
over VLAN 200. What is the correct VLAN configuration for Q-in-Q tunneling on
Provider Bridge A?
A. interfaces {
ge-0/0/0 {
unit 0 {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
B. interfaces {
ge-0/0/0 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
JN0-643
}
ge-0/0/10 {
unit 0 {
port-mode access;
}
}
}
}
vlans {
test {
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
C. interfaces {
ge-0/0/0 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
ge-0/0/10 {
unit 0 {
port-mode access;
}
}
}
}
vlans {
test {
}
dot1q-tunneling {
customer-vlans 100;
}
JN0-643
}
}
D. interfaces {
ge-0/0/0 {
unit 0 {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
}
dot1q-tunneling {
customer-vlans 200;
}
}
}
Answer: A
QUESTION: 211
-- Exhibit –
JN0-643
-- Exhibit --
In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to
influence the path that AS4 takes to reach prefixes originated by AS1? (Choose two.)
A. Local Preference
B. AS Path
C. Origin
D. MED
Answer: B, C
QUESTION: 212
-- Exhibit –
JN0-643
-- Exhibit --
Traffic flows through your network, as shown in the exhibit. You have configured a
rewrite rule on R1 to mark HTTP traffic with a specific DSCP value. What must you do to
ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain?
A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP
value on R1 and R2.
B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3.
C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3.
D. Use the default settings already in place on the device.
Answer: D
QUESTION: 213
-- Exhibit –
JN0-643
-- Exhibit --
In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged
traffic from different ports. The administrator wants to mirror all tagged and untagged
traffic entering VLAN10 to analyzer port ge-0/0/10. All VLAN tags must be preserved for
traffic that is mirrored to the analyzer port. Which configuration will achieve this?
A. set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface

xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10
interface ge-0/0/2
set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0
B. set ethernet-switching-options analyzer vlan10_analyzer input interface xe-1/0/0.0
set ethernet-switching-options analyzer vlan10_analyzer input interface ge-0/0/2
set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0
C. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set
ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set vlans
default interface ge-0/0/10.0
D. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10
set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0 set
vlans VLAN10 interface ge-0/0/10.0
Answer: C
QUESTION: 214
-- Exhibit –
JN0-643
-- Exhibit --
As shown in the exhibit, the 10.10/16 prefix is redistributed into OSPF through R2 and R5.
R2 is advertising the prefix with a Type 1 metric of 100 and R5 is advertising the prefix
with a Type 2 metric of 10. What is the preferred path to reach 10.10/16 from R6?
A. R6-R5
B. R6-R4-R5
C. R6-R4-R5-R2
D. R6-R4-R3-R2
Answer: D
QUESTION: 215
-- Exhibit –
JN0-643
-- Exhibit --
Based on the exhibit, which statement about the Layer 2 topology is true?
A. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic.
B. A total of 64 MST instances for MST region A and region B can be configured.
C. MSTI BPDUs are exchanged between MST regions and the CST root bridge.
D. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and
7.
Answer: A
QUESTION: 216
-- Exhibit --
JN0-643
{master:0}[edit]
user@router# run show ospf interface vl-10.20.10.2 extensive
Interface State Area DR ID BDR ID Nbrs
vl-10.20.10.2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0
TypE. Virtual, Address: 0.0.0.0, Mask: 0.0.0.0, MTU: 0, Cost: 1
Transit AreA. 0.0.0.1
Adj count: 0
Hello: 10, DeaD. 40, ReXmit: 5, Not Stub
Auth typE. None
Protection typE. None, No eligible backup
Topology default (ID 0) -> Down, Cost: 0
-- Exhibit --
Your company is integrating another OSPF area into your existing OSPF infrastructure.
You created a virtual link that spans Area 2 and connects Area 3 to the backbone area.
Based on the exhibit, what is preventing the adjacency?
A. The interface configured for the virtual link is incorrect. It should be a vt and not a vl
interface.
B. No designated router (DR) has been elected.
C. The backup route to Area 2 has not been configured.
D. The wrong transit area is configured.
Answer: D
QUESTION: 217
-- Exhibit –
-- Exhibit --
In the exhibit, an EBGP session is currently established between R1 and R2. R2 changes
its import policy to accept 10 of the routes it previously denied from R1. Which BGP
JN0-643
capability must be negotiated on the BGP session for R2 to install the routes accepted by
the new policy?
A. route refresh
B. AddPath
C. outbound route filtering (ORF)
D. multiprotocol BGP (MBGP)
Answer: A
QUESTION: 218
-- Exhibit --
user@router> show bgp summary
inet.0 0 0 0 0 0 0
inet6.0 1 0 0 0 0 0
2001:ffff::3:3 65550 43 43 0 0 18:20 Establ
inet6.0: 0/1/1/0
2001:ffff::3:4 65550 42 43 0 0 18:16 Establ
inet6.0: 0/0/0/0
2001:ffff::9:7 65550 42 43 0 0 18:00 Establ
inet6.0: 0/0/0/0
user@router> show route receive-protocol bgp 2001:ffff::3:3
__juniper_private1__.inet.0: 4 destinations, 4 routes (2 active, 0 holddown, 2 hidden)
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) mpls.0: 3 destinations, 3
routes (3 active, 0 holddown, 0 hidden) inet6.0: 10 destinations, 14 routes (10 active, 0
holddown, 0 hidden)
2001:1:2::/64 2001:ffff::3:3 100 I
user@router> show route 2001:1:2::
2001:1:2::/64 *[OSPF3/10] 01:54:11, metric 201
> to fe80::217:cb03:2448:bd00 via fe-0/0/1.804
[BGP/170] 00:18:43, localpref 100, from 2001:ffff::3:3
AS path: I
> to fe80::217:cb03:2448:bd00 via fe-0/0/1.804
JN0-643
user@router> show route advertising-protocol bgp 2001:ffff::9:7

user@router> show configuration protocols bgp
group ibgpv6 {
type internal;
local-address 2001:ffff::3:5;
cluster 10.0.3.4; neighbor 2001:ffff::3:3; neighbor 2001:ffff::3:4; neighbor 2001:ffff::9:7;
}
user@router>
-- Exhibit --
You are using an IBGP route reflector within your network. Your route reflector has
received the 2001:1:2::/64 prefix, but it is not advertising the prefix to its cluster members.
After examining the route reflector, you notice the output shown in the exhibit. Which
configuration statement causes the route reflector to transmit the route to its IBGP peers?
A. set protocols bgp group ibgpv6 advertise-inactive

B. set protocols bgp group ibgpv6 accept-remote-nexthop
C. set protocols bgp group ibgpv6 multipath
D. set protocols bgp group ibgpv6 include-mp-next-hop
Answer: A
QUESTION: 219
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
}
}
}
code-point-aliases { inet-precedence { my1 000;
my2 001;
}
}
scheduler-maps {
one {
forwarding-class expedited-forwarding scheduler special;
forwarding-class best-effort scheduler normal;
JN0-643
}
}
schedulers {
special {
transmit-rate percent 30;
priority strict-high;
}
normal {
transmit-rate percent 70;
priority low;
}
}
-- Exhibit --
The configuration in the exhibit shows incoming traffic with specific IP precedence bits
that should be mapped to a forwarding class named best-effort.
What must you add to complete this configuration?
A. defined behaviors to the interfaces stanza in the class-of-service section

B. rewrite-rules for the best-effort forwarding class
C. a WRED drop-profile for the best-effort scheduler
D. a firewall filter that matches and discards the original code point values
Answer: A
QUESTION: 220
-- Exhibit –
JN0-643
-- Exhibit --
Based on the exhibit, why is R2 marking the routes coming from AS 200 as hidden?
A. R3 has an import policy filtering all routes.

B. R4 is not configured with a next-hop self policy.
C. R2 does not have a route to the peer ID of R4.
D. AS 200 is configured with the advertise-inactive option.
Answer: C
QUESTION: 221
-- Exhibit --
user@router> show configuration routing-options
rib-groups {
foo {
import-rib [ inet.8 inet.2 inet.0 ];
}
user@router> show configuration protocols pim
rib-group inet foo;
interface all;
-- Exhibit --
Based on the configuration in the exhibit, which routing table is used for IPv4 multicast
RPF checks?
A. inet.0
B. inet.2
C. foo.inet.0
D. inet.8
Answer: D

JN0 643 Q&A Troytec

Uploaded by

Document Informationclick to expand document informationjunos

Document Informationclick to expand document information

Copyright:

Available Formats

JN0 643 Q&A Troytec

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

JN0 643 Q&A Troytec

Uploaded by

Copyright:

Available Formats

JN0-643

Enterprise Routing and Switching,

© 2013 - 2014 Troy Tec, LTD All Rights Reserved

A. IBGP-learned routes are advertised only to other IBGP peers.

A. OSPFv2 must be configured to route IPv4 prefixes.

A. R6, R4, R2, R1, R3, R5

Router 192.168.0.3 192.168.0.3 0x80000004 399 0x22 0x94b5 60

A. R2 injects a Type 3 LSA for 184.23.12.0/24 into the backbone.

A. A type 3 (stub) link is advertised for a multi-area adjacency.

A. Traffic destined for R2 will be blackholed.

A. The SPF algorithm is run on a per-domain basis.

A. R2 is the DR and R1 is the BDR.

A. The ID field value shows the router ID of the advertising router.

Topology default Route Table:

A. [edit protocols ospf] user@router# show reference-bandwidth 10g; area 0.0.0.0 {

A. [edit protocols ospf3]

user@R3# show area 0.0.0.1 {

A. the Router LSAs from RID 10.0.0.2

A. The IPv6 route was learned from an IPv6 BGP neighbor.

* 10.16.4.0/24 (1 entry, 1 announced)

A. On R1, configure a MED of 50 for the 2001:10:5::/64 route.

Click the Exhibit button.

A. Routes will be accepted without change in the attributes.

A. There will be only one MSTI 2 root bridge.

A. on R3, as import from R1

B. on R3, as export towards R4

A. set protocols bgp group external multihop

A. [edit protocols bgp group LB]

from community AS64321-community;

community AS65001-community members 65001:1001;

A. Create a policy that accepts the more specific contributing routes.

A. Configure a lower local preference on R3.

user@R1> show pim join extensive

A. R1 is receiving multicast traffic over the RPT.

A. R1 encapsulates the multicast packets into a PIM register multicast packet.

A. It allows SSM operations in only the 227.0.0.0/24 range.

A. The MSDP mesh group was originally designed to limit SA flooding.

A. Multicast traffic is interrupted for receiver 2 until RP2 recovers.

A. Create IGMP static groups with the exclude parameter.

A. [edit protocols pim]

A. set protocols pim interface ge-0/0/1.0 neighbor-policy block-pim

A. set protocols pim rp local family inet disable

B. set protocols pim rp local address 192.168.1.4

A. RP2 stops sending all SA messages to its peer.

A. L2PT requires 802.1Q tunneling enablement to effectively tunnel L2 protocols.

A. There is an ether-type mismatch on SwitchA and SwitchB.

A. dynamic VLAN registration with MVRP

Mar 16 17:54:56.152721 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr

A. There is an MTU mismatch.

A. You have enabled RSTP for interface ge-0/0/3.0.

A. to the access interface configuration

A. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 600

A. user@S1# show customer-a {

A. set vlans cust-1 interface ge-0/0/10 egress

A. set vlans pvlan no-local-switching

A. set interfaces ge-0/0/19.0 family ethernet-switching filter output assign_vlan

[edit protocols vstp]