Juniper JN0-351 Enterprise Routing and Switching, Specialist Exam Practice Test

Answer : A

Option A is correct.The storm control feature is enabled in the factory-default configuration on EX Series switches12.On EX2200, EX3200, EX3300, EX4200, and EX6200 switches, the factory default configuration enables storm control for broadcast and unknown unicast traffic on all switch interfaces2.On EX4300 switches, the factory default configuration enables storm control on all Layer 2 switch interfaces1.

Option B is incorrect.The storm control feature does not require a special license on EX Series switches34.

Option C is incorrect. There's no information available that suggests the storm control feature is not supported on aggregate Ethernet interfaces.

Option D is incorrect.The storm control configuration applies to traffic at the ingress of an interface5, not just between the forwarding and control plane.

Answer : C

In BGP, the path selection process is based on a set of attributes1.The process starts by preferring the path with the highest weight, then the highest local preference, then the locally originated routes, and so on1.If all these attributes are the same, then it prefers the path with the shortest AS path1.

Referring to the exhibit, all four ISPs have the same weight, local preference, and origin1.However, ISP 4 has the shortest AS path1. Therefore, ISP 4 will be selected as the active path. So, option C is correct.

Answer : A, D

In Rapid Spanning Tree Protocol (RSTP), there are several port roles that determine the behavior of the port in the spanning tree1.

Option A suggests that the designated port forwards data to the downstream network segment or device.This is correct because the designated port is the port on a network segment that has the best path to the root bridge1.It's responsible for forwarding frames towards the root bridge and sending configuration messages into its segment1.

Option D suggests that the root port is responsible for forwarding data to the root bridge.This is also correct because the root port is always the link directly connected to the root bridge, or the shortest path to the root bridge1.It's used to forward traffic towards the root bridge1.

Therefore, options A and D are correct.

Answer : B

The exhibit shows the configuration of RSTP on EX-4, which has the commandforce-version stp.This command forces the switch to use the legacy STP protocol instead of RSTP, even though the switch supports RSTP1.This means that EX-4 will not be able to take advantage of the faster convergence and enhanced features of RSTP, such as edge ports, link type, and proposal/agreement sequence2.

The other switches in the network are likely to be running RSTP, as it is the default protocol for EX Series switches3. Therefore, there will be a compatibility issue between EX-4 and the other switches, which will result in longer convergence times and suboptimal performance.The switch will also generate a warning message that says ''Warning: STP version mismatch with neighbor'' when it receives a BPDU from a RSTP neighbor1.

To solve this problem, the force-version command must be removed from EX-4, so that it can run RSTP natively and interoperate with the other switches in the network. This will enable faster convergence and better stability for the network topology.To remove the command, you can use thedelete protocols rstp force-versioncommand in configuration mode1.

Answer : D

In OSPF, the Designated Router (DR) and Backup Designated Router (BDR) are elected based on the priority of the routers1.The router with the highest priority becomes the DR, and the router with the second highest priority becomes the BDR1.If there is a tie in priority, then the router with the highest Router ID is chosen1.

In this scenario, R2 has a higher priority (64) than R1 (32), so R2 will become the DR1.Since R1 has the second highest priority, it will become the BDR1. Therefore, option D is correct.

Answer : C, D

A firewall filter is a configuration that defines the rules that determine whether to forward or discard packets at specific processing points in the packet flow. A firewall filter can also modify the attributes of the packets, such as priority, marking, or logging.A firewall filter can be applied to various interfaces, protocols, or routing instances on a Juniper device1.

A firewall filter has a family attribute, which specifies the type of traffic that the filter can evaluate.The family attribute can be one of the following: inet, inet6, mpls, vpls, iso, or ethernet-switching2. The family inet firewall filter is used to evaluate IPv4 traffic, which is the most common type of Layer 3 traffic on a network.

To create a family inet firewall filter, you need to specify the appropriate match criteria and actions for each term in the filter. The match criteria can include various fields in the IPv4 header, such as source address, destination address, protocol, port number, or DSCP value.The actions can include accept, discard, reject, count, log, policer, or next term3.

To apply a firewall filter to Layer 3 traffic that is being sent between VLANs, you need to apply the filter to the appropriate IRB interface. An IRB interface is an integrated routing and bridging interface that provides Layer 3 functionality for a VLAN on a Juniper device. An IRB interface has an IP address that acts as the default gateway for the hosts in the VLAN.An IRB interface can also participate in routing protocols and forward packets to other VLANs or networks4.

Therefore, option C is correct, because you should create a family inet firewall filter with the appropriate match criteria and actions. Option D is correct, because you should apply the firewall filter to the appropriate IRB interface.

Option A is incorrect, because you should not create a family ethernet-switching firewall filter with the appropriate match criteria and actions. A family ethernet-switching firewall filter is used to evaluate Layer 2 traffic on a Juniper device.A family ethernet-switching firewall filter can only match on MAC addresses or VLAN IDs, not on IP addresses or protocols5.

Option B is incorrect, because you should not apply the firewall filter to the appropriate VLAN. A VLAN is a logical grouping of hosts that share the same broadcast domain on a Layer 2 network. A VLAN does not have an IP address or routing capability.A firewall filter cannot be applied directly to a VLAN; it must be applied to an interface that belongs to or connects to the VLAN6.

1:Firewall Filters Overview2:Configuring Firewall Filters3:Configuring Firewall Filter Match Conditions and Actions4:Understanding Integrated Routing and Bridging Interfaces5: Configuring Ethernet-Switching Firewall Filters6: Understanding VLANs

Answer : B, D

A tunnel is a connection between two computer networks, in which data is sent from one network to another through an encrypted link. Tunnels are commonly used to secure data communications between two networks or to connect two networks that use different protocols.

Option B is correct, because tunnel endpoints must have a valid route to the remote tunnel endpoint. A tunnel endpoint is the device that initiates or terminates a tunnel connection. For a tunnel to be established, both endpoints must be able to reach each other over the underlying network.This means that they must have a valid route to the IP address of the remote endpoint1.

Option D is correct, because tunnels add additional overhead to packet size. Tunnels work by encapsulating packets: wrapping packets inside of other packets. This means that the original packet becomes the payload of the surrounding packet, and the surrounding packet has its own header and trailer. The header and trailer of the surrounding packet add extra bytes to the packet size, which is called overhead.Overhead can reduce the efficiency and performance of a network, as it consumes more bandwidth and processing power2.

Option A is incorrect, because BFD can be used to monitor tunnels. BFD is a protocol that can be used to quickly detect failures in the forwarding path between two adjacent routers or switches. BFD can be integrated with various routing protocols and link aggregation protocols to provide faster convergence and fault recovery. BFD can also be used to monitor the connectivity of tunnels, such as GRE, IPsec, or MPLS.

Option C is incorrect, because IP-IP tunnels are stateless. IP-IP tunnels are a type of tunnels that use IP as both the encapsulating and encapsulated protocol. IP-IP tunnels are simple and easy to configure, but they do not provide any security or authentication features. IP-IP tunnels are stateless, which means that they do not keep track of the state or status of the tunnel connection. Stateless tunnels do not require any signaling or negotiation between the endpoints, but they also do not provide any error detection or recovery mechanisms.

1:What is Tunneling? | Tunneling in Networking2:What Is Tunnel In Networking, Its Types, And Its Benefits?: [Configuring Bidirectional Forwarding Detection] : [IP-IP Tunneling]