Juniper Juniper Certifications JN0-351 Questions & Answers

• Question 141:

  Which two types of tunnels are able to be created on all Junos devices? (Choose two.)

  A. STP

  B. GRE

  C. IP-IP

  D. IPsec

  Correct Answer: BD

  Explanation: Junos devices support various types of tunnels for different purposes12. Option B is correct. Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a wide variety of network layer protocols inside

  virtual point- to-point links over an Internet Protocol network1. Junos devices support GRE tunnels1.

  Option D is correct. IPsec (Internet Protocol Security) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session1. Junos devices support IPsec tunnels1.

  Option A is incorrect. Spanning Tree Protocol (STP) is not a type of tunnel. It's a network protocol designed to prevent loops in a bridged Ethernet local area network2.

  Option C is incorrect. While Junos devices do support IP-IP (also known as IP tunneling), it's not supported on all Junos devices1.

• Question 142:

  In RSTP, which three port roles are associated with the discarding state? (Choose three.)

  A. root

  B. backup

  C. alternate

  D. disabled

  E. designated

  Correct Answer: BCD

  Explanation: In Rapid Spanning Tree Protocol (RSTP), there are several port roles that determine the behavior of the port in the spanning tree123. The roles include root, designated, alternate, backup, and disabled123.

  The discarding state is associated with the backup, alternate, and disabled roles123. In a stable topology with consistent port roles throughout the network, RSTP ensures that every root port and designated port immediately transition to the

  forwarding state while all alternate and backup ports are always in the discarding state2. Disabled ports are also in the discarding state3.

  Therefore, options B, C, and D are correct.

• Question 143:

  You are asked to connect an IP phone and a user computer using the same interface on an EX Series switch. The traffic from the computer does not use a VLAN tag, whereas the traffic from the IP phone uses a VLAN tag. Which feature enables the interface to receive both types of traffic?

  A. native VLAN

  B. DHCP snooping

  C. MAC limiting

  D. voice VLAN

  Correct Answer: D

  Explanation: The feature that enables an interface on an EX Series switch to receive both untagged traffic (from the computer) and tagged traffic (from the IP phone) is the voice VLAN12.

  The voice VLAN feature in EX-series switches enables access ports to accept both data (untagged) and voice (tagged) traffic and separate that traffic into different VLANs12. This allows the switch to differentiate between voice and data

  traffic, ensuring that voice traffic can be treated with a higher priority12. Therefore, option D is correct.

• Question 144:

  You are an operator for a network running 1S-IS. Two routers are failing to form an adjacency. What are two reasons for this problem? (Choose two.)

  A. There are mismatched router IDs on the L2 routers.

  B. There is no configured ISO address on any IS-IS interface.

  C. There is a mismatched area ID between the L2 routers.

  D. The family iso configuration is missing from the adjacency interface.

  Correct Answer: BD

  Explanation: The two reasons for the failure to form an adjacency in a network running IS- IS could be:

  B. There is no configured ISO address on any IS-IS interface. IS-IS requires each router interface to have an ISO address configured. Without this address, the routers cannot form an adjacency1.

  D. The family iso configuration is missing from the adjacency interface. The `family iso' configuration is essential for IS-IS to function correctly. If this configuration is missing from the adjacency interface, it could prevent the formation of an adjacency1. These explanations are based on the Enterprise Routing and Switching Specialist (JNCIS- ENT) documents and learning resources available at Juniper Networks23.

• Question 145:

  Which two statements are correct about generated routes? (Choose two.)

  A. Generated routes require a contributing route.

  B. Generated routes show a next hop in the routing table.

  C. Generated routes appear in the routing table as static routes

  D. Generated routes cannot be redistributed into dynamic routing protocols.

  Correct Answer: AB

  A is correct because generated routes require a contributing route. A contributing route is a route that matches the destination prefix of the generated route and has a valid next hop1. A generated route is only installed in the routing table if

  there is at least one contributing route available2. This ensures that the generated route is reachable and useful. If there is no contributing route, the generated route is not added to the routing table2.

  B is correct because generated routes show a next hop in the routing table. A generated route inherits the next hop of its primary contributing route, which is the most preferred route among all the contributing routes2. The next hop of the

  generated route can be either an IP address or an interface name, depending on the type of the contributing route2. The next hop of the generated route can also be modified by a routing policy3.

• Question 146:

  Which two events cause a router to advertise a connected network to OSPF neighbors? (Choose two.)

  A. When an OSPF adjacency is established.

  B. When an interface has the OSPF passive option enabled.

  C. When a static route to the 224.0.0.6 address is created.

  D. When a static route to the 224.0.0.5 address is created.

  Correct Answer: AD

  A is correct because when an OSPF adjacency is established, a router will advertise a connected network to OSPF neighbors. An OSPF adjacency is a logical relationship between two routers that agree to exchange routing information using the OSPF protocol1. To establish an OSPF adjacency, the routers must be in the same area, have compatible parameters, and exchange hello packets1. Once an OSPF adjacency is formed, the routers will exchange database description (DBD) packets, which contain summaries of their link-state databases (LSDBs)1. The LSDBs include information about the connected networks and their costs2. Therefore, when an OSPF adjacency is established, a router will advertise a connected network to OSPF neighbors through DBD packets. D is correct because when a static route to the 224.0.0.5 address is created, a router will advertise a connected network to OSPF neighbors. The 224.0.0.5 address is the multicast address for all OSPF routers3. A static route to this address can be used to send OSPF hello packets to all OSPF neighbors on a network segment3. This can be useful when the network segment does not support multicast or when the router does not have an IP address on the segment3. When a static route to the 224.0.0.5 address is created, the router will send hello packets to this address and establish OSPF adjacencies with other routers on the segment3. As explained above, once an OSPF adjacency is formed, the router will advertise a connected network to OSPF neighbors through DBD packets.

• Question 147:

  You implemented the MAC address limit feature with the shutdown action on all interfaces on your switch.

  In this scenario, which statement is correct when a violation occurs?

  A. By default, you must manually clear the violation for the interface to send and receive traffic again.

  B. By default, the violation will automatically be cleared after 300 seconds and the interface will resume sending and receiving traffic for all learned devices.

  C. By default, devices that are learned before the violation occurs are still allowed to send and receive traffic through the specific interface.

  D. By default, the interface will continue to send and receive traffic for all connected devices after a violation has occurred.

  Correct Answer: A

  Explanation: When the MAC address limit feature with the shutdown action is implemented on a switch, if a violation occurs, the interface is disabled and a system log entry is generated1. If the switch has been configured with the port-errordisable statement, the disabled interface recovers automatically upon expiration of the specified disable timeout1. However, if the switch has not been configured for auto-recovery from port error disabled conditions, you must manually clearthe violation by running the clear ethernet- switching port-error command for the interface to send and receive traffic again1. This explanation is based on the Enterprise Routing and Switching Specialist (JNCIS-ENT) documents and learning resources available at Juniper Networks1.

• Question 148:

  Which two mechanisms are part of building and maintaining a Layer 2 bridge table? (Choose two.)

  A. blocking

  B. flooding

  C. learning

  D. listening

  Correct Answer: BC

  Option B is correct. Flooding is a mechanism used in Layer 2 bridging where the switch sends incoming packets to all its ports except for the port where the packet originated1. This is done when the switch doesn't know the destination MAC address or when the packet is a broadcast or multicast1. Option C is correct. Learning is another mechanism used in Layer 2 bridging where the switch learns the source MAC addresses of incoming packets and associates them with the port on which they were received23. This information is stored in a MAC address table, also known as a bridge table23. Option A is incorrect. Blocking is a state in Spanning Tree Protocol (STP) used to prevent loops in a network2. It's not a mechanism used in building and maintaining a Layer 2 bridge table2. Option D is incorrect. Listening is also a state in Spanning Tree Protocol (STP) where the switch listens for BPDUs to make sure no loops occur in the network before transitioning to the learning state2. It's not a mechanism used in building and maintaining a Layer 2 bridge table2.

• Question 149:

  An update to your organization's network security requirements document requires management traffic to be isolated in a non-default routing-instance. You want to implement this requirement on your Junos-based devices.

  Which two commands enable this behavior? (Choose two.)

  A. set routing--instances mgmtjunoa interface ge-0/0/0.0

  B. set routing--instances mgmt_junos interface em1

  C. set system management--instance

  D. set routing--instances mgmt_junos

  Correct Answer: CD

  Explanation: To isolate management traffic in a non-default routing-instance on Junos- based devices, you can use the set system management-instance and set routing- instances mgmt_junos commands12.

  set system management-instance: This command associates the management interface (usually named fxp0 or em0 for Junos OS, or re0:mgmt-* or re1:mgmt-* for Junos OS Evolved) with the non-default virtual routing and forwarding (VRF)

  instance1. After you configure the non-default management VRF instance, management traffic no longer has to share a routing table with other control traffic or protocol traffic1.

  set routing-instances mgmt_junos: This command creates a new routing instance named mgmt_junos. The name of the dedicated management VRF instance is reserved and hardcoded as mgmt_junos; you cannot configure any other routing

  instance by the name mgmt_junos1.

  Therefore, options C and D are correct. Options A and B are not correct because they attempt to assign an interface to the mgmt_junos routing instance, which is not necessary for isolating management traffic1.

• Question 150:

  A new network requires multiple topology support. You decide to use IS-IS in this situation. Which three protocol topologies are supported in this scenario? (Choose three.)

  A. IPsec

  B. anycast

  C. IPv6

  D. multicast

  E. IPv4

  Correct Answer: CDE

  Explanation: IS-IS (Intermediate System to Intermediate System) is a routing protocol that is designed to move information efficiently within a computer network12. It supports multiple protocol topologies, including IPv4, IPv6, and multicast12. Therefore, options C, E, and D are correct.