QUESTION 1
Which command prevents Layer 2 loops if the switch stops receiving spanning-tree keepalives on port ge-1/0/1?
A. [edit protocols rstp]
user@switch# show
interface ge-1/0/1 {
bpdu-block;
}
B. [edit protocols layer2-control]
user@switch# show
interface ge-1/0/1 {
bpdu-time-out-action {
block;
alarm;
}
}
C. [edit protocols layer2-control]
user@switch# show
bpdu-block {
interface ge-1/0/1;
}
D. [edit protocols rstp]
interface ge-1/0/1
{
no-root-port;
}
Answer: D
QUESTION 2
Click the Exhibit button.
You are attaching into an EX Series switch-1a legacy IP phone that does not support LLDP-MED, but does allow configuration using DHCP, as shown in the exhibit.
Your existing network QoS policies dictate that VoIP traffic must traverse over VLAN 10.
Which two actions put VoIP traffic onto VLAN 10? (Choose two.)
A. Configure protocols cdp on switch-1.
B. Manually configure the voice VLAN on the IP phone.
C. Configure vlan 1 under forwarding-options bootp.
D. Configure interface ge-0/0/5 under forwarding-options bootp.
Answer: BD
QUESTION 3
What are three types of port designation specific to Private VLANs? (Choose three.)
A. Promiscuous ports
B. Transparent ports
C. PVLAN trunk ports
D. Designated ports
E. Isolated ports
Answer: ACE
QUESTION 4
Click the Exhibit button.
Looking at the output in the exhibit, why is the BGP neighbor not in Established state?
A. BGP Refresh is not supported.
B. Multihop is not configured.
C. The peer address is not reachable.
D. Authentication is configured.
Answer: B
QUESTION 5
Which two statements about MVRP on EX Series switches are true? (Choose two.)
A. MVRP can add VLANs on access interfaces.
B. MVRP can add VLANs on trunk interfaces.
C. MVRP adds VLANs on MVRP-enabled interfaces by default.
D. MVRP is in transparent mode on MVRP-enabled interfaces by default.
Answer: BC
QUESTION 6
Your customer has five office locations.
Each office location has 20 VLANs configured, one for each department.
Your engineering team has recently secured a government contract with strict regulations which require that engineers be placed into separate workgroups.
These workgroups cannot communicate with each other.
Without changing the primary VLAN assignments, which JUNOS feature meets this requirement with minimal configuration?
A. Create a series of firewall filters to block users in each workgroup.
B. Configure a Private VLAN and assign each workgroup a secondary VLAN.
C. Configure Virtual Private LAN Service to isolate broadcast domain.
D. Turn off the default BUM (Broadcast, unknown, multicast) flooding mode.
Answer: B
QUESTION 7
Click the Exhibit button.
In the exhibit, switches S1, S2, and S3 have Q-in-Q tunneling configured between Site 1 and Site 2.
Which configuration on switch S1 allows Site 1 and Site 2 to exchange Cisco Discovery Protocol (CDP), but blocks VLAN Trunking Protocol (VTP) between Site 1 and Site 2?
A. {master:0}[edit vlans provider-vlan]
user@S1# set dot1q-tunneling layer2-protocol-tunneling cdp
B. {master:0}[edit vlans provider-vlan]
user@S1# set dot1q-tunneling l2tp cdp
C. {master:0}[edit vlans provider-vlan]
user@S1# set dot1q-tunneling layer2-protocol-tunneling deny vtp
D. {master:0}[edit vlans provider-vlan]
user@S1# set dot1q-tunneling l2tp deny vtp
Answer: A
QUESTION 8
A coffee shop offering free Internet service to customers wants to implement the following security policies:
1. Every customer must agree to a set of terms and conditions before accessing the Internet.
2. Log out customers that are logged in for more than one hour.
3. Log out customers that are idle for more than 5 minutes.
4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions.
The following configuration has been applied to the switch:
set access radius-server 172.16.14.26 port 1812
set access radius-server 172.16.14.26 secret Am@zingC00f33
set access profile dot1x authentication-order radius
set access profile dot1x radius authentication-server 172.27.14.226
What would you add to implement these policies?
A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius
set protocols dot1x authenticator authentication-profile-name dot1x
set services captive-portal authentication-profile-name dot1x
set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https
set services captive-portal custom-options header-message "Welcome to Our Coffee Shop"
set services captive-portal custom-options banner-message "Terms and Conditions of Use"
B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator authentication-profile-name dot1x
set services captive-portal authentication-profile-name dot1x
set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https
set services captive-portal custom-options header-message "Welcome to Our Coffee Shop"
set services captive-portal custom-options banner-message "Terms and Conditions of Use"
C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius
set protocols dot1x authenticator authentication-profile-name dot1x
set services captive-portal authentication-profile-name dot1x
set services captive-portal interface ge-0/0/12.0
set services captive-portal interface ge-0/0/12.0 idle-timeout 300
set services captive-portal interface ge-0/0/12.0 user-timeout 3600
set services captive-portal secure-authentication https
set services captive-portal custom-options header-message "Welcome to Our Coffee Shop"
set services captive-portal custom-options banner-message "Terms and Conditions of Use"
D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius
set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300
set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600
set protocols dot1x authenticator authentication-profile-name dot1x
set services captive-portal authentication-profile-name dot1x
set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https
set services captive-portal custom-options header-message "Welcome to Our Coffee Shop"
set services captive-portal custom-options banner-message "Terms and Conditions of Use"
Answer: A
QUESTION 9
Click the Exhibit button.
In the PIM-SM network in the exhibit, all links in the topology have the same IGP metric configured.
Which link will not be on the RPT?
A. R1-R4
B. R3-R6
C. R4-R5
D. R5-R6
Answer: A
QUESTION 10
Click the Exhibit button.
In the exhibit, Site 1 is sending traffic on VLANs 100, 200, and 300.
The provider operating switch S1 must configure Q-in-Q tunneling to transport VLANs 100 and 200 to Site2.
The provider must configure switch S1 to block traffic received from site 1 on VLAN 300.
Which configuration accomplishes this goal?
A. {master:0}[edit vlans pv200]
user@S1# show
vlan-id 200;
interface {
ge-0/0/0.0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans [ 100 200 ];
}
B. {master:0}[edit vlans pv200]
user@S1# show
vlan-id [100 200];
interface {
ge-0/0/0.0 {
dot1q-tunneling {
block-vlans 300;
}
}
ge-0/0/1.0;
}
C. {master:0}[edit vlans pv200]
user@S1# show
vlan-id 200;
interface {
ge-0/0/0.0;
ge-0/0/1.0;
}
dot1q-tunneling {
block-vlans 300;
}
D. {master:0}[edit vlans pv200]
user@S1# show
vlan-id 200;
interface {
ge-0/0/0.0 {
dot1q-tunneling {
customer-vlans [ 100 200 ];
}
}
ge-0/0/1.0;
}
Answer: A
QUESTION 11
Click the Exhibit button.
The four routers in the exhibit are participating in a multi-area OSPF topology.
Node B (in the upper right-hand corner) is an ASBR advertising an external route.
Node A (lower left-hand corner) receives the external route and begins to forward traffic to the ASBR.
How many hops will the packets take through this topology? (Do not count node A.)
A. 2
B. 3
C. 4
D. 5
Answer: C
QUESTION 12
Click the Exhibit button.
The phone connected to switch-1 in the exhibit cannot communicate with the rest of the network.
How do you solve this problem?
A. Add the VLAN named voice as a member of the trunk on interface ge-0/0/12.0.
B. Configure the voice VLAN on interface ge-0/0/6.0.
C. Add interface ge-0/0/12.0 to the ethernet-switching-options voip hierarchy.
D. Configure LLDP-MED for interface ge-0/0/12.0.
Answer: A
QUESTION 13
You are AS 6573.Which AS path regular expression matches only routes originated in your AS?
A. "6573.*"
B. ".*"
C. "{"
D. "^$"
Answer: D
QUESTION 14
Which protocol reachability is advertised by OSPFv2? (Choose two.)
A. IPv4
B. IPv5
C. IPv6
D. ISO
Answer: AD
QUESTION 15
Click the Exhibit button.
You are using an IBGP route reflector within your network.
Your route reflector has received the 2001:1:2::/64 prefix, but it is not advertising the prefix to its cluster members.
After examining the route reflector, you notice the output shown in the exhibit.
Which configuration statement causes the route reflector to transmit the route to its IBGP peers?
A. set protocols bgp group ibgpv6 advertise-inactive
B. set protocols bgp group ibgpv6 accept-remote-nexthop
C. set protocols bgp group ibgpv6 multipath
D. set protocols bgp group ibgpv6 include-mp-next-hop
Answer: A
Passing your Juniper JN0-643 Exam by using the latest Juniper JN0-643 Exam Demo Full Version: http://www.braindump2go.com/jn0-643.html