Juniper Juniper Certifications JN0-643 Questions & Answers

• Question 201:

  -- Exhibit -user@switch> show configuration access radius_server {

  10.1.1.252 {

  port 1812;

  secret "$9$7gdwgGDkTz6oJz69A1INdb"; ## SECRET-DATA

  }

  profile radius_server {

  authentication-order password;

  radius {

  authentication-server 10.1.1.252;

  }

  }

  user@switch> show configuration protocols dot1x

  authenticator {

  ge-0/0/17.0 {

  supplicant multiple;

  }

  }

  }

  user@switch> show configuration vlans

  Sales_VLAN {

  vlan-id 123;

  }

  user@switch> show configuration interfaces ge-0/0/17 unit 0 { family ethernet-switching {

  port-mode access;

  }

  }

  -- Exhibit -

  Click the Exhibit button.

  You are asked to place employees that are in the sales group into their own VLAN called Sales_VLAN with a VLAN ID of 123 on port ge-0/0/17. The VLAN must be assigned dynamically. After trying an initial configuration, you see that users

  in the sales group are not assigned to the Sales_VLAN.

  Referring to the exhibit, which two configuration statements are needed on the EX Series switch to resolve this problem? (Choose two.)

  A. set access profile radius_server authentication-order radius

  B. set vlans Sales_VLAN interface ge-0/0/17.0

  C. set interfaces ge-0/0/17.0 family ethernet-switching vlan members Sales_VLAN

  D. set protocols dot1x authenticator authentication-profile-name radius_server

  Correct Answer: AD

• Question 202:

  -- Exhibit -{master:0} user@switch> show dot1x interface ge-0/0/15 detail ge-0/0/15.0 RolE. Authenticator Administrative statE. Auto Supplicant modE. Multiple Number of retries: 3 Quiet perioD. 60 seconds Transmit perioD. 30 seconds Mac Radius: Enabled Mac Radius Restrict: Enabled Reauthentication: Enabled Configured Reauthentication interval: 120 seconds Supplicant timeout: 30 seconds Server timeout: 30 seconds Maximum EAPOL requests: 2 Guest VLAN member: guest Number of connected supplicants: 0 -- Exhibit -

  Click the Exhibit button.

  802.1X authentication was recently configured on your ge-0/0/15 port. You issue the command shown in the exhibit.

  Which two statements are correct? (Choose two.)

  A. The reauthentication interval is using the default value.

  B. Every user that attempts to connect using this port must be authenticated.

  C. Only the first user that connects using this port will be authenticated.

  D. Users will only be able to authenticate using MAC RADIUS.

  Correct Answer: BD

• Question 203:

  -- Exhibit

  

  -- Exhibit -

  Click the Exhibit button.

  A contractor needs to connect a laptop to your company network, but your company has no wireless access and each office has only a single network port for an employee laptop. You have an IP phone with a data port available and you have access to the switch connected to it. You can also add the contractor's MAC address to the RADIUS server database.

  Referring to the exhibit, which three commands will allow access? (Choose three.)

  A. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 mac- radius

  B. set interfaces ge-0/0/16.0 family ethernet-switching port-mode trunk

  C. set interfaces ge-0/0/16.0 family ethernet-switching vlan members contractor

  D. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 supplicant multiple

  E. set interfaces ge-0/0/16.0 family ethernet-switching vlan members all

  Correct Answer: ACD

• Question 204:

  In your 802.1X-enabled network, a RADIUS server fails to respond or authenticate a device.

  On an EX Series switch, what are three supported actions? (Choose three.)

  A. Traffic can be allowed.

  B. Traffic can be denied.

  C. Traffic can be redirected to another subnet.

  D. Traffic can be redirected to another VLAN.

  E. Traffic can be redirected to another port.

  Correct Answer: ABD

• Question 205:

  Your company recently implemented Layer 2 authentication and access control to secure users accessing the corporate network. You implemented 802.1X, MAC RADIUS, and a captive portal to support a variety of hosts on the network. Senior management is concerned that valid users might be authenticated incorrectly on the network and they ask you questions about how these different access technologies are used simultaneously.

  Which three statements are correct? (Choose three.)

  A. MAC addresses that are part of a MAC address whitelist or a static MAC list are authenticated before any other authentication protocol is invoked.

  B. Captive portal is a supported fallback option for 802.1X.

  C. If the authentication server fails to respond to access requests and both a server-fail and guest VLAN are configured correctly, the server-fail VLAN takes precedence over the guest VLAN.

  D. Captive portal can only be configured on Layer 3 interfaces.

  E. If a port is configured with 802.1X and the host does not respond to EAP requests, no other authentication protocol can authenticate the host.

  Correct Answer: ABC

• Question 206:

  Your company uses 802.1X to authenticate your users. You want to provide access to the Internet when users cannot authenticate on the RADIUS server or when the RADIUS server becomes unreachable.

  Which two methods accomplish this goal? (Choose two.)

  A. using a captive portal

  B. using a server fail fallback

  C. using MAC RADIUS

  D. using a guest VLAN

  Correct Answer: BD

• Question 207:

  You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You have a device that does not support 802.1X supplicants and you must ensure this device is authenticated. You must also ensure that no unnecessary delay occurs when authenticating this device.

  Which statement is correct?

  A. You should enable MAC RADIUS on the interface and use 802.1X multiple mode.

  B. You should enable MAC RADIUS on the interface and statically add the MAC address to the 802.1x configuration.

  C. You should enable MAC RADIUS on the interface and include the restrict parameter.

  D. You should enable MAC RADIUS on the interface and include the disable parameter.

  Correct Answer: C

• Question 208:

  You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You must ensure that only one user is allowed to authenticate per port and all other attempts are denied.

  Which supplicant mode must be used?

  A. single mode

  B. single-secure mode

  C. default mode

  D. multiple mode

  Correct Answer: B

• Question 209:

  Your company makes extensive use of VSTP in your network for loop protection. The network is at the VSTP VLAN limit and must protect additional VLANs.

  Which command allows you to protect additional VLANs?

  A. set protocols mstp interface all

  B. set protocols vstp vlan all

  C. set protocols vstp vlan-group

  D. set protocols rstp

  Correct Answer: D

• Question 210:

  -- Exhibit -user@SwitchA# show protocols mstp

  configuration-name region1;

  bridge-priority 16k;

  msti 1 {

  bridge-priority 16k;

  vlan [10 20];

  }

  msti 2 {

  bridge-priority 8k;

  vlan [30 40];

  }

  user@SwitchB# show protocols mstp

  configuration-name region1;

  bridge-priority 8k;

  msti 1 {

  bridge-priority 16k;

  vlan [10 20];

  }

  msti 2 {

  bridge-priority 8k;

  vlan [30 40 50];

  }

  -- Exhibit -

  Click the Exhibit button.

  Referring to the exhibit, a customer observes that the MSTP instance between SwitchA and SwitchB is not converging correctly.

  What is causing the problem?

  A. The bridge priority values of MSTI 2 are the same.

  B. There is a VLAN mismatch between the two switches for MSTI 2.

  C. There is a bridge priority mismatch.

  D. MSTI 1 and MSTI 2 are part of the same the MSTP region.

  Correct Answer: B