1. Home
  2. Juniper
  3. JN0-643

Enterprise Routing and Switching, Professional (JNCIP-ENT)

Exam Details

  • Exam Code
    :JN0-643
  • Exam Name
    :Enterprise Routing and Switching, Professional (JNCIP-ENT)
  • Certification
    :Juniper Certifications
  • Vendor
    :Juniper
  • Total Questions
    :287 Q&As
  • Last Updated
    :Apr 12, 2025

Juniper Juniper Certifications JN0-643 Questions & Answers

  • Question 131:

    How does an administrator block IGMP reports for the 239.0.0.0/8 group range?

    A. Create a routing policy and apply it to IGMP using the group-policy feature.

    B. Create a routing policy and apply it to IGMP using the report-policy feature.

    C. Create a routing policy and apply it to IGMP as export.

    D. Create a routing policy and apply it to IGMP as import.

  • Question 132:

    You have been asked to implement 802.1X in your network and to ensure that all authorized users continue to be permitted should the RADIUS server fail.

    Which solution will satisfy this requirement?

    A. Implement the persistent MAC feature with the override option.

    B. Implement the server fail fallback feature with the use-cache option.

    C. Implement the persistent MAC feature with the use-cache option.

    D. Implement the server fail fallback feature with the override option.

  • Question 133:

    You are setting up a new switch in your network that is using MSTP. You want to make sure that any port connected to a host starts forwarding traffic immediately.

    How can you meet this requirement?

    A. Configure the interfaces as point-to-point.

    B. Configure the interfaces as edge.

    C. Configure the forward-delay option as zero.

    D. Configure the interfaces as shared.

  • Question 134:

    What is an IP multicast routing protocol?

    A. RSVP

    B. OSPF

    C. PIM

    D. CDP

  • Question 135:

    Which version of BGP would an enterprise use to peer with an ISP?

    A. Confederation BGP

    B. External BGP

    C. Internal BGP

    D. Labeled-Unicast

  • Question 136:

    A coffee shop offering free Internet service to customers wants to implement the following security policies:

    1.

    Every customer must agree to a set of terms and conditions before accessing the Internet.

    2.

    Log out customers that are logged in for more than one hour.

    3.

    Log out customers that are idle for more than 5 minutes.

    4.

    Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions.

    The following configuration has been applied to the switch:

    set access radius-server 172.16.14.26 port 1812 set access radius-server 172.16.14.26 secret Am@zingC00f33 set access profile dot1x authentication- order radius set access profile dot1x radius authentication-server 172.27.14.226

    What would you add to implement these policies?

    A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile- name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner- message "Terms and Conditions of Use"

    B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner- message "Terms and Conditions of Use"

    C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator authentication-profile- name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal interface ge-0/0/12.0 user-timeout 3600 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive- portal custom-options banner-message "Terms and Conditions of Use"

    D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator authentication-profile-name dot1x set services captive-portal authentication-profile- name dot1x set services captive-portal interface ge-0/0/12.0 set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-options banner- message "Terms and Conditions of Use"

  • Question 137:

    When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.)

    A. Multicast traffic received at the receiver's designated router (DR).

    B. PIM join received at the receiver's designated router (DR).

    C. PIM join received at the source designated router (DR).

    D. PIM registers received by the rendezvous point (RP).

  • Question 138:

    You are setting up a new switch in your network that is using MSTP. You have configured all access ports as edge ports, and you want to make sure that the access ports can never transition to nonedge ports. How can you meet this requirement?

    A. Configure the interfaces as shared.

    B. Configure the hello-time option as zero.

    C. Configure the interfaces as a no-root-port.

    D. Configure bpdu-block-on-edge.

  • Question 139:

    What is a valid router ID configuration for OSPFv3 in the Junos OS?

    A. set routing-options router-id 2001:1:2::1

    B. set protocols ospf3 router-id fe80:223:2887:ab31::1

    C. set routing-options router-id 224.1.0.1

    D. set protocols ospf3 router-id 10.8.3.9

  • Question 140:

    A company's security policy does not allow outside computers or smart phones into their work areas. All company-provided computers are strictly controlled using 802.1X authentication on all of their switches. All computers obtain DHCP IP addresses from centralized servers and all switches have IP spoofing enabled. However, one of the computers was able to send IP spoofed packets.

    Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded?

    A. The IP source guard database timeout was set too low.

    B. The DHCP snooping feature was not enabled on any of the switches.

    C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic ARP Inspection feature.

    D. 802.1X feature was not enabled on the port that was directly connected to the infected computer.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-643 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.