Juniper JN0-480 Data Center, Specialist Exam Practice Test

Answer : D

According to the Juniper documentation1, a routing zone is an L3 domain, the unit of tenancy in multi-tenant networks. You create routing zones for tenants to isolate their IP traffic from one another, thus enabling tenants to re-use IP subnets. In addition to being in its own VRF, each routing zone can be assigned its own DHCP relay server and external system connections. You can create one or more virtual networks within a routing zone, which means a tenant can stretch its L2 applications across multiple racks within its routing zone. For virtual networks with Layer 3 SVI, the SVI is associated with a Virtual Routing and Forwarding (VRF) instance for each routing zone isolating the virtual network SVI from other virtual network SVIs in other routing zones. Therefore, the correct answer is D. A routing zone is used to enable the communication between two VNIs within a VRF. A routing zone is not used for L4-L7 inspection, securing routing protocols, or requiring firewalls. Those are not the purposes of a routing zone in Juniper Apstra software.Reference:Routing Zones

Answer : A, D

Probes are the basic unit of abstraction in Intent-Based Analytics (IBA). They are used to collect, process, and analyze data from the network and raise anomalies based on specified conditions. Probes are composed of processors and stages that form a directed acyclic graph (DAG) of data flow. The following statements are correct about probes:

A) Default probes can be cloned, modified, and saved. This is true because Apstra provides a set of default probes that cover common use cases and scenarios. These probes can be cloned and modified to suit the specific needs of the user. The modified probes can be saved as new probes with different names and descriptions. This allows the user to customize and extend the functionality of the default probes.

D) Default probes are enabled, based on the intent for a blueprint. This is true because Apstra enables or disables the default probes automatically based on the intent of the blueprint. The intent of the blueprint is the high-level description of the desired state and behavior of the network. Apstra uses the intent to determine which default probes are relevant and applicable for the blueprint and enables them accordingly. For example, if the intent of the blueprint is to deploy an EVPN-VXLAN fabric, Apstra will enable the default probes related to EVPN-VXLAN, such as EVPN-VXLAN Anomaly Detection, EVPN-VXLAN Fabric Health, and EVPN-VXLAN Fabric Validation. The following statements are incorrect about probes:

B) Only the variable parameters for default probes can be edited and saved. This is false because the user can edit and save any parameters for the default probes, not just the variable ones. The variable parameters are the ones that depend on the network topology, devices, or configuration, such as device names, interface names, IP addresses, VLAN IDs, etc. The user can also edit and save the fixed parameters, such as the duration, threshold, condition, etc. However, the user cannot edit and save the default probes directly. The user must clone the default probes first and then edit and save the cloned probes as new probes.

C) All default probes are enabled for all blueprints. This is false because Apstra does not enable all default probes for all blueprints. Apstra enables the default probes based on the intent of the blueprint, as explained above. This means that only the default probes that are relevant and applicable for the blueprint are enabled. For example, if the intent of the blueprint is to deploy a BGP IP fabric, Apstra will not enable the default probes related to EVPN-VXLAN, since they are not relevant for the blueprint. The user can also manually enable or disable the default probes as needed.Reference:

Probes

Create Probe

Intent-Based Analytics Overview

Answer : B

Device profiles are objects that associate a specific vendor model to a logical device in Juniper Apstra. Device profiles contain extensive hardware model details, such as form factor, ASIC, CPU, RAM, ECMP limit, and supported features. Device profiles also define how configuration is generated, how telemetry commands are rendered, and how configuration is deployed on a device.Device profiles enable the Apstra system to render and deploy the configuration according to the Apstra Reference Design12.Reference:

Device Profiles

Juniper Device Profiles

Answer : B

Juniper Apstra role-based access control (RBAC) is a feature that allows you to specify access permissions for different users based on their roles.RBAC servers are remote network servers that authenticate and authorize network access based on roles assigned to individual users within an enterprise1.Juniper Apstra has four predefined user roles: administrator, device_ztp, user, and viewer2. The administrator role is the most powerful role, and it can see all permissions and perform all actions in the Apstra software application.The administrator role can also create, clone, edit, and delete user roles, except for the four predefined user roles, which cannot be modified2. Therefore, the statement that the administrator role can see all permissions is correct.

The following three statements are incorrect in this scenario:

The viewer role is predefined and can be deleted. This is not true, because the viewer role is one of the four predefined user roles, and it cannot be deleted.The viewer role is the most restricted role, and it can only view the network information and configuration, but not make any changes2.

The user role can create roles. This is not true, because the user role is one of the four predefined user roles, and it cannot create roles.The user role can perform most of the network configuration and management tasks, but it cannot access the platform settings or the user management features2.

The administrator role is the only predefined role. This is not true, because there are four predefined user roles, not just one.The other three predefined user roles are device_ztp, user, and viewer2.

Providers --- Apstra 3.3.0 documentation

User/Role Management (Platform)

Answer : C, D

According to the Juniper documentation1, a configlet is a configuration template that augments Apstra's reference design with non-native device configuration. They consist of one or more generators. Each generator specifies a NOS type (config style), when to render the configuration, and CLI commands (and file name as applicable). Some applications for configlets include the following:

Syslog

SNMP access policy

TACACS / RADIUS

Management ACLs

Control plane policing

NTP

Username / password

Therefore, the correct answer is C and D. syslog configuration and NTP configuration. These are examples of non-native device configuration that can be added using a configlet. Static route configuration and policy configuration are not applicable in this scenario, because they are part of the reference design configuration that should not be replaced or modified by a configlet.Reference:Configlets (Datacenter Design),Configlet Examples (Design)

Answer : D

To make the IP fabric a valid IP fabric, the connection between the two spine nodes must be removed. This is because an IP fabric is a network topology that uses a spine-leaf architecture, where the spine devices are only connected to the leaf devices, and the leaf devices are only connected to the spine devices. This creates a non-blocking, high-performance, and scalable network that supports Layer 3 routing protocols such as BGP or OSPF. The connection between the two spine nodes in the exhibit violates the spine-leaf design principle and introduces unnecessary complexity and potential loops in the network. The other options are incorrect because:

A) The IP fabric must consist of only one device model throughout the fabric is wrong because an IP fabric can support different device models as long as they are compatible and interoperable. The exhibit shows two different models of QFX switches, which are both supported by Juniper Networks for IP fabric deployments.

B) The connection between the two spine nodes must be increased to 40 Gbps is wrong because increasing the speed of the connection does not make the IP fabric valid. The connection between the two spine nodes should be removed, as explained above.

C) The IP fabric connections must be increased to a speed greater than 10 Gbps is wrong because the speed of the connections does not affect the validity of the IP fabric. The IP fabric can use any speed that meets the bandwidth and performance requirements of the network. 10 Gbps is a common speed for IP fabric connections, but higher or lower speeds can also be used depending on the network design and devices.Reference:

IP Fabric Underlay Network Design and Implementation

IP Fabric Overview

IP Fabric: Automated Network Assurance Platform

Answer : D

A graph query is a component that identifies devices that supply data for a specific probe. A graph query is an expression that matches nodes in the Apstra graph database based on their attributes, such as device name, role, type, or tag.A graph query can be used to select the source devices for the input processors of a probe, as well as to filter the data by device attributes in the subsequent processors of a probe12.Reference:

Probes

Apstra IBA Getting Started Tutorial