Juniper.Premium.JN0-664.

65q - DEMO

Number: JN0-664
Passing Score: 800
Time Limit: 120 min
File Version: 1.7

Exam Code: JN0-664

Website: www.VCEplus.io
Twitter: www.twitter.com/VCE_Plus

IT Certification Exams - Questions & Answers | VCEplus.io

Exam A

QUESTION 1
Exhibit.

www.VCEplus.io
Referring to the exhibit; the 10.0.0.0/24 EBGP route is received on R5; however, the route is being hidden.
What are two solutions that will solve this problem? (Choose two.)
A. On R4, create a policy to change the BGP next hop to itself and apply it to IBGP as an export policy
B. Add the external interface prefix to the IGP routing tables
C. Add the internal interface prefix to the BGP routing tables.
D. On R4, create a policy to change the BGP next hop to 172.16.1.1 and apply it to IBGP as an export policy

Correct Answer: A, B
Section:
Explanation:
the default behavior for iBGP is to propagate EBGP-learned prefixes without changing the next-hop.
This can cause issues if the next-hop is not reachable via the IGP. One solution is to use the next-hop self command on R4, which will change the next-hop attribute to its own loopback address. This way, R5 can reach
the next-hop via the IGP and install the route in its routing table.
Another solution is to add the external interface prefix (120.0.4.16/30) to the IGP routing tables of R4 and R5. This will also make the next-hop reachable via the IGP and allow R5 to use the route. According to 2, this
is a possible workaround for a pure IP network, but it may not work well for an MPLS network.

QUESTION 2
You are responding to an RFP for a new MPLS VPN implementation. The solution must use LDP for signaling and support Layer 2 connectivity without using BGP The solution must be scalable and support multiple VPN
connections over a single MPLS LSP The customer wants to maintain all routing for their Private network
In this scenario, which solution do you propose?

IT Certification Exams - Questions & Answers | VCEplus.io

A. circuit cross-connect
B. BGP Layer 2 VPN
C. LDP Layer 2 circuit
D. translational cross-connect

Correct Answer: C
Section:
Explanation:
AToM (Any Transport over MPLS) is a framework that supports various Layer 2 transport types over an MPLS network core. One of the transport types supported by AToM is LDP Layer 2 circuit, which is a point-to-
point Layer 2 connection that uses LDP for signaling and MPLS for forwarding. LDP Layer 2 circuit can support Layer 2 connectivity without using BGP and can be scalable and efficient by using a single MPLS LSP for
multiple VPN connections. The customer can maintain all routing for their private network by using their own CE switches.

QUESTION 3
Exhibit.

www.VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

www.VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

Referring to the exhib.t, what must be changed to establish a Level 1 adjacency between routers R1 and R2?
A. Change the level l disable parameter under the R1 protocols isis interface lo0.0 hierarchy to the level 2 disable parameter.
B. Remove the level i disable parameter under the R2 protocols isis interface loo . 0 configuration hierarchy.
C. Change the level 1 disable parameter under the R2 protocols isis interface ge-1/2/3 .0 hierarchy to the level 2 disable parameter
D. Add IP addresses to the interface ge-l/2/3 unit 0 family iso hierarchy on both R1 and R2.

Correct Answer: B
Section:
Explanation:
IS-IS routers can form Level 1 or Level 2 adjacencies depending on their configuration and network topology. Level 1 routers are intra-area routers that share the same area address with their neighbors. Level 2
routers are inter-area routers that can connect different areas. Level 1-2 routers are both intra-area and inter-area routers that can form adjacencies with any other router.
In the exhibit, R1 and R2 are in different areas (49.0001 and 49.0002), so they cannot form a Level 1 adjacency. However, they can form a Level 2 adjacency if they are both configured as Level 1-2 routers. R1 is
already configured as a Level 1-2 router, but R2 is configured as a Level 1 router only, because of the level 1 disable command under the lo0.0 interface. This command disables Level 2 routing on the loopback
interface, which is used as the router ID for IS-IS.
Therefore, to establish a Level 1 adjacency between R1 and R2, the level 1 disable command under the R2 protocols isis interface lo0.0 hierarchy must be removed. This will enable Level 2 routing on
R2 and allow it to form a Level 2 adjacency with R1.

QUESTION 4
You are asked to protect your company's customers from amplification attacks. In this scenario, what is Juniper's recommended protection method?
A. ASN prepending
B. BGP FlowSpec
C. destination-based Remote Triggered Black Hole
D. unicast Reverse Path Forwarding

Correct Answer: C
Section:
Explanation: www.VCEplus.io
amplification attacks are a type of distributed denial-of-service (DDoS) attack that exploit the characteristics of certain protocols to amplify the traffic sent to a victim. For example, an attacker can send a small DNS
query with a spoofed source IP address to a DNS server, which will reply with a much larger response to the victim. This way, the attacker can generate a large amount of traffic with minimal resources.
One of the methods to protect against amplification attacks is destination-based Remote Triggered Black Hole (RTBH) filtering. This technique allows a network operator to drop traffic destined to a specific IP address
or prefix at the edge of the network, thus preventing it from reaching the victim and consuming bandwidth and resources. RTBH filtering can be implemented using BGP to propagate a special route with a next hop of
192.0.2.1 (a reserved address) to the edge routers. Any traffic matching this route will be discarded by the edge routers.

QUESTION 5
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

 www.VCEplus.io

Which two statements about the output shown in the exhibit are correct? (Choose two.)
A. The PE is attached to a single local site.
B. The connection has not flapped since it was initiated.
C. There has been a VLAN ID mismatch.
D. The PE router has the capability to pop flow labels

IT Certification Exams - Questions & Answers | VCEplus.io

Correct Answer: A, D
Section:
Explanation:
According to 1 and 2, BGP Layer 2 VPNs use BGP to distribute endpoint provisioning information and set up pseudowires between PE devices. BGP uses the Layer 2 VPN (L2VPN) Routing Information Base (RIB) to
store endpoint provisioning information, which is updated each time any Layer 2 virtual forwarding instance (VFI) is configured. The prefix and path information is stored in the L2VPN database, which allows BGP to
make decisions about the best path.
In the output shown in the exhibit, we can see some information about the L2VPN RIB and the pseudowire state. Based on this information, we can infer the following statements:
The PE is attached to a single local site. This is correct because the output shows only one local site ID (1) under the L2VPN RIB section. A local site ID is a unique identifier for a site within a VPLS domain. If there were
multiple local sites attached to the PE, we would see multiple local site IDs with different prefixes.
The connection has not flapped since it was initiated. This is correct because the output shows that the uptime of the pseudowire is equal to its total uptime (1w6d). This means that the pseudowire has been up for
one week and six days without any interruption or flap.
There has been a VLAN ID mismatch. This is not correct because the output shows that the remote and local VLAN IDs are both 0 under the pseudowire state section. A VLAN ID mismatch occurs when the remote and
local VLAN IDs are different, which can cause traffic loss or misdelivery. If there was a VLAN ID mismatch, we would see different values for the remote and local VLAN IDs.
The PE router has the capability to pop flow labels. This is correct because the output shows that the flow label pop bit is set under the pseudowire state section. The flow label pop bit indicates that the PE router can
pop (remove) the MPLS flow label from the packet before forwarding it to the CE device. The flow label is an optional MPLS label that can be used for load balancing or traffic engineering purposes.

QUESTION 6
Exhibit

www.VCEplus.io

Referring to the exhibit, PE-1 and PE-2 are getting route updates for VPN-B when neither of them service that VPN
Which two actions would optimize this process? (Choose two.)
A. Configure the family route-target statement on the PEs.
B. Configure the family route-target statement on the RR
C. Configure the resolution rib bgp . 13vpn . 0 resolution-ribs inet. 0 Statement on the PEs.

IT Certification Exams - Questions & Answers | VCEplus.io

D. Configure the resolution rib bgp.l3vpn.O resolution-ribs inet. 0 Statement on the RR

Correct Answer: B, D
Section:
Explanation:
BGP route target filtering is a technique that reduces the number of routers that receive VPN routes and route updates, helping to limit the amount of overhead associated with running a VPN. BGP route target
filtering is based on the exchange of the route-target address family, which contains information about the VPN membership of each PE device. Based on this information, a PE device can decide whether to accept or
reject VPN routes from another PE device.
BGP route target filtering can be configured on PE devices or on route reflectors (RRs). Configuring BGP route target filtering on RRs is more efficient and scalable, as it reduces the number of BGP sessions and
updates between PE devices. To configure BGP route target filtering on RRs, the following steps are required:
Configure the family route-target statement under the BGP group or neighbor configuration on the RRs. This enables the exchange of the route-target address family between the RRs and their clients (PE devices).
Configure the resolution rib bgp.l3vpn.0 resolution-ribs inet.0 statement under the routing-options configuration on the RRs. This enables the RRs to resolve next hops for VPN routes using the inet.0 routing table.
Configure an export policy for BGP route target filtering under the routing-options configuration on the RRs. This policy controls which route targets are advertised to each PE device based on their VPN membership.

QUESTION 7
Which two EVPN route types are used to advertise a multihomed Ethernet segment? (Choose two )
A. Type 1
B. Type 3
C. Type 4
D. Type 2

Correct Answer: A, C
Section:
Explanation:
EVPN is a solution that provides Ethernet multipoint services over MPLS networks. EVPN uses BGP to distribute endpoint provisioning information and set up pseudowires between PE devices. EVPN uses different

www.VCEplus.io
route types to convey different information in the control plane. The following are the main EVPN route types:
Type 1 - Ethernet Auto-Discovery Route: This route type is used for network-wide messaging and discovery of other PE devices that are part of the same EVPN instance. It also carries information about the
redundancy mode and load balancing algorithm of the PE devices.
Type 2 - MAC/IP Advertisement Route: This route type is used for MAC and IP address learning and advertisement between PE devices. It also carries information about the Ethernet segment identifier (ESI) and the
label for forwarding traffic to the MAC or IP address.
Type 3 - Inclusive Multicast Ethernet Tag Route: This route type is used for broadcast, unknown unicast, and multicast (BUM) traffic forwarding. It also carries information about the multicast group and the label for
forwarding BUM traffic.
Type 4 - Ethernet Segment Route: This route type is used for multihoming scenarios, where a CE device is connected to more than one PE device. It also carries information about the ESI and the designated forwarder
(DF) election process.

QUESTION 8
Which statement is correct about IS-IS when it performs the Dijkstra algorithm?
A. The local router moves its own local tuples into the candidate database
B. When a new neighbor ID in the tree database matches a router ID in the LSDB, the neighbor ID is moved to the candidate database
C. Tuples with the lowest cost are moved from the tree database to the LSDB.
D. The algorithm will stop processing once the tree database is empty.

Correct Answer: A
Section:
Explanation:
IS-IS is a link-state routing protocol that uses the Dijkstra algorithm to compute the shortest paths between nodes in a network. The Dijkstra algorithm maintains three data structures: a tree database, a candidate
database, and a link-state database (LSDB). The tree database contains the nodes that have been visited and their shortest distances from the source node. The candidate database contains the nodes that have not
been visited yet and their tentative distances from the source node.
The LSDB contains the topology information of the network, such as the links and their costs.
The Dijkstra algorithm works as follows:

IT Certification Exams - Questions & Answers | VCEplus.io

The local router moves its own local tuples into the tree database. A tuple consists of a node ID, a distance, and a parent node ID. The local router's tuple has a distance of zero and no parent node.
The local router moves its neighbors' tuples into the candidate database. The neighbors' tuples have distances equal to the costs of the links to them and parent node IDs equal to the local router's node ID.
The local router selects the tuple with the lowest distance from the candidate database and moves it to the tree database. This tuple becomes the current node.
The local router updates the distances of the current node's neighbors in the candidate database by adding the current node's distance to the link costs. If a shorter distance is found, the parent node ID is also
updated.
The algorithm repeats steps 3 and 4 until either the destination node is reached or the candidate database is empty.

QUESTION 9
Exhibit

www.VCEplus.io

The environment is using BGP All devices are in the same AS with reachability redundancy Referring to the exhibit, which statement is correct?
A. RR1 is peered to Client2 and RR2
B. RR2 is in an OpenConfirm State until RR1 becomes unreachable.
C. Client1 is peered to Client2 and Client3.
D. Peering is dynamically discovered between all devices.

IT Certification Exams - Questions & Answers | VCEplus.io

Correct Answer: A
Section:
Explanation:
BGP route reflectors are BGP routers that are allowed to ignore the IBGP loop avoidance rule and advertise IBGP learned routes to other IBGP peers under specific conditions. BGP route reflectors can reduce the
number of IBGP sessions and updates in a network by eliminating the need for a full mesh of IBGP peers. BGP route reflectors can have three types of peerings:
EBGP neighbor: A BGP router that belongs to a different autonomous system (AS) than the route reflector.
IBGP client neighbor: An IBGP router that receives reflected routes from the route reflector. A client does not need to peer with other clients or non-clients.
IBGP non-client neighbor: An IBGP router that does not receive reflected routes from the route reflector. A non-client needs to peer with other non-clients and the route reflector.
In the exhibit, we can see that RR1 and RR2 are route reflectors in the same AS with reachability redundancy. They have two types of peerings: EBGP neighbors (R1 and R4) and IBGP client neighbors (Client1, Client2,
and Client3). RR1 and RR2 are also peered with each other as IBGP non-client neighbors.

QUESTION 10
You are configuring a BGP signaled Layer 2 VPN across your MPLS enabled core network. Your PE-2 device connects to two sites within the s VPN
In this scenario, which statement is correct?
A. By default on PE-2, the site's local ID is automatically assigned a value of 0 and must be configured to match the total number of attached sites.
B. You must create a unique Layer 2 VPN routing instance for each site on the PE-2 device.
C. You must use separate physical interfaces to connect PE-2 to each site.
D. By default on PE-2, the remote site IDs are automatically assigned based on the order that you add the interfaces to the site configuration.

Correct Answer: D
Section:
Explanation:
BGP Layer 2 VPNs use BGP to distribute endpoint provisioning information and set up pseudowires between PE devices. BGP uses the Layer 2 VPN (L2VPN) Routing Information Base (RIB) to store endpoint
provisioning information, which is updated each time any Layer 2 virtual forwarding instance (VFI) is configured. The prefix and path information is stored in the L2VPN database, which allows BGP to make decisions
about the best path.

www.VCEplus.io
In BGP Layer 2 VPNs, each site has a unique site ID that identifies it within a VFI. The site ID can be manually configured or automatically assigned by the PE device. By default, the site ID is automatically assigned
based on the order that you add the interfaces to the site configuration. The first interface added to a site configuration has a site ID of 1, the second interface added has a site ID of 2, and so on.
Option D is correct because by default on PE-2, the remote site IDs are automatically assigned based on the order that you add the interfaces to the site configuration. Option A is not correct because by default on
PE-2, the site's local ID is automatically assigned a value of 0 and does not need to be configured to match the total number of attached sites. Option B is not correct because you do not need to create a unique Layer
2 VPN routing instance for each site on the PE-2 device. You can create one routing instance for all sites within a VFI. Option C is not correct because you do not need to use separate physical interfaces to connect
PE-2 to each site. You can use subinterfaces or service instances on a single physical interface.

QUESTION 11
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

You must ensure that the VPN backbone is preferred over the back door intra-area link as long as the
VPN is available. Referring to the exhibit, which action will accomplish this task?
A. Configure an import routing policy on the CE routers that rejects OSPF routes learned on the backup intra-area link.
B. Enable OSPF traffic-engineering.
C. Configure the OSPF metric on the backup intra-area link that is higher than the L3VPN link.
D. Create an OSPF sham link between the PE routers.

Correct Answer: D
Section:
Explanation:
www.VCEplus.io
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents
OSPF from preferring an intra-area back door link over the VPN backbone. To create a sham link, you need to configure the local and remote addresses of the PE routers under the [edit protocols ospf area area-id]
hierarchy level1.

QUESTION 12
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

 www.VCEplus.io

Which two statements are true about the OSPF adjacency displayed in the exhibit? (Choose two.)
A. There is a mismatch in the hello interval parameter between routers R1 and R2
B. There is a mismatch in the dead interval parameter between routers R1 and R2.
C. There is a mismatch in the OSPF hold timer parameter between routers R1 and R2.
D. There is a mismatch in the poll interval parameter between routers R1 and R2.

Correct Answer: A, B
Section:
Explanation:
The hello interval is the time interval between two consecutive hello packets sent by an OSPF router on an interface. The dead interval is the time interval after which a neighbor is declared down if no hello packets
are received from it. These parameters must match between two OSPF routers for them to form an adjacency. In the exhibit, router R1 has a hello interval of 10 seconds and a dead interval of 40 seconds, while
router R2 has a hello interval of 30 seconds and a dead interval of 120 seconds. This causes a mismatch and prevents them from becoming neighbors23.

QUESTION 13
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

user@Rl show configuration interpolated-profile { interpolate {
fill-level [ 50 75 drop—probability [ > }
class-of-service drop-profiles
];
20 60 ];
Which two statements are correct about the class-of-service configuration shown in the exhibit?
(Choose two.)
A. The drop probability jumps immediately from 20% to 60% when the queue level reaches 75% full.
B. The drop probability gradually increases from 20% to 60% as the queue level increases from 50%full to 75% full
C. To use this drop profile, you reference it in a scheduler.
D. To use this drop profile, you apply it directly to an interface.

Correct Answer: B, C
Section:
Explanation:
class-of-service (CoS) is a feature that allows you to prioritize and manage network traffic based on various criteria, such as application type, user group, or packet loss priority. CoS uses different components to
classify, mark, queue, schedule, shape, and drop traffic according to the configured policies.
One of the components of CoS is drop profiles, which define how packets are dropped when a queue is congested. Drop profiles use random early detection (RED) algorithm to drop packets randomly before the
queue is full, which helps to avoid global synchronization and improve network performance. Drop profiles can be discrete or interpolated. A discrete drop profile maps a specific fill level of a queue to a specific drop
probability. An interpolated drop profile maps a range of fill levels of a queue to a range of drop probabilities and interpolates the values in between.
In the exhibit, we can see that the class-of-service configuration shows an interpolated drop profile with two fill levels (50 and 75) and two drop probabilities (20 and 60). Based on this configuration, we can infer the
following statements:
The drop probability jumps immediately from 20% to 60% when the queue level reaches 75% full.
This is not correct because the drop profile is interpolated, not discrete. This means that the drop probability gradually increases from 20% to 60% as the queue level increases from 50% full to 75%full. The drop

www.VCEplus.io
probability for any fill level between 50% and 75% can be calculated by using linear interpolation formula.
The drop probability gradually increases from 20% to 60% as the queue level increases from 50% full to 75% full. This is correct because the drop profile is interpolated and uses linear interpolation formula to calculate
the drop probability for any fill level between 50% and 75%. For example, if the fill level is 60%, the drop probability is 28%, which is calculated by using the formula: (60 - 50) / (75 -50) * (60 - 20) + 20 = 28.
To use this drop profile, you reference it in a scheduler. This is correct because a scheduler is a component of CoS that determines how packets are dequeued from different queues and transmitted on an interface. A
scheduler can reference a drop profile by using the random-detect statement under the [edit class-of-service schedulers] hierarchy level. For example: scheduler test { transmit-rate percent 10; buffer-size percent 10;
random-detect test-profile; }
To use this drop profile, you apply it directly to an interface. This is not correct because a drop profile cannot be applied directly to an interface. A drop profile can only be referenced by a scheduler, which can be
applied to an interface by using the scheduler-map statement under the [edit class-ofservice interfaces] hierarchy level. For example: interfaces ge-0/0/0 { unit 0 { scheduler-map testmap; } }

QUESTION 14
Which two statements are correct about IS-IS interfaces? (Choose two.)
A. If a broadcast interface is in both L1 and L2, one combined hello message is sent for both levels.
B. If a point-to-point interface is in both L1 and L2, separate hello messages are sent for each level.
C. If a point-to-point interface is in both L1 and L2, one combined hello message is sent for both levels.
D. If a broadcast interface is in both L1 and L2, separate hello messages are sent for each level

Correct Answer: B, D
Section:
Explanation:
IS-IS supports two levels of routing: Level 1 (intra-area) and Level 2 (interarea). An IS-IS router can be either Level 1 only, Level 2 only, or both Level 1 and Level 2. A router that is both Level 1 and Level 2 is called a
Level 1-2 router. A Level 1-2 router sends separate hello messages for each level on both point-to-point and broadcast interfaces1. A point-to-point interface provides a connection between a single source and a
single destination. A broadcast interface behaves as if the router is connected to a LAN.

QUESTION 15
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

Referring to the exhibit, a working L3VPN exists that connects VPN-A sites CoS is configured correctly to match on the MPLS EXP bits of the LSP, but when traffic is sent from Site-1 to Site-2, PE-2 is not classifying the traffic correctly
What should you do to solve the problem?
A. Configure the explicit-null statement on PE-1.
B. Configure the explicit-null statement on PE-2
C. Configure VPN prefix mapping for the PE-1_to_PE-2 LSP
D. Set a static CoS value for the PE-1_to_PE-2 LSP

Correct Answer: A
Section:
Explanation:
The explicit-null statement enables the PE router to send an MPLS label with a value of 0 (explicit null) instead of an IP header for packets destined to the VPN customer sites. This allows the penultimate hop router
(the router before the egress PE router) to preserve the EXP bits of the MPLS label and pass them to the egress PE router. The egress PE router can then use these EXP bits to classify the traffic according to the CoS
policy2. In this example, PE-1 should configure the explicitnull statement under [edit protocols mpls label-switched-path PE-1_to_PE-2] hierarchy level.

QUESTION 16
Exhibit
www.VCEplus.io

You want to implement the BGP Generalized TTL Security Mechanism (GTSM) on the network
Which three statements are correct in this scenario? (Choose three)

IT Certification Exams - Questions & Answers | VCEplus.io

A. You can implement BGP GTSM between R2, R3, and R4
B. BGP GTSM requires a firewall filter to discard packets with incorrect TTL.
C. You can implement BGP GTSM between R2 and R1.
D. BGP GTSM requires a TTL of 1 to be configured between neighbors.
E. BGP GTSM requires a TTL of 255 to be configured between neighbors.

Correct Answer: A, D, E
Section:
Explanation:
BGP GTSM is a technique that protects a BGP session by comparing the TTL value in the IP header of incoming BGP packets against a valid TTL range. If the TTL value is within the valid TTL range, the packet is
accepted. If not, the packet is discarded. The valid TTL range is from 255 – the configured hop count + 1 to 255. When GTSM is configured, the BGP packets sent by the device have a TTL of 255. GTSM provides best
protection for directly connected EBGP sessions, but not for multihop EBGP or IBGP sessions because the TTL of packets might be modified by intermediate devices.
In the exhibit, we can see that R2, R3, and R4 are in the same AS (AS 20) and R1 is in a different AS (AS 10). Based on this information, we can infer the following statements:
You can implement BGP GTSM between R2, R3, and R4. This is not correct because R2, R3, and R4 are IBGP peers and GTSM does not provide effective protection for IBGP sessions. The TTL of packets between IBGP
peers might be changed by intermediate devices or routing protocols.
BGP GTSM requires a firewall filter to discard packets with incorrect TTL. This is not correct because BGP GTSM does not require a firewall filter to discard packets with incorrect TTL. BGP GTSM uses TCP option 19 to
negotiate GTSM capability between peers and uses TCP option 20 to carry the expected TTL value in each packet. The receiver checks the expected TTL value against the actual TTL value and discards packets with
incorrect TTL values.
You can implement BGP GTSM between R2 and R1. This is correct because R2 and R1 are EBGP peers and GTSM provides effective protection for directly connected EBGP sessions. The TTL of packets between directly
connected EBGP peers is not changed by intermediate devices or routing protocols.
BGP GTSM requires a TTL of 1 to be configured between neighbors. This is not correct because BGP GTSM requires a TTL of 255 to be configured between neighbors. The sender sets the TTL of packets to 255 and the
receiver expects the TTL of packets to be 255 minus the configured hop count.
BGP GTSM requires a TTL of 255 to be configured between neighbors. This is correct because BGP GTSM requires a TTL of 255 to be configured between neighbors. The sender sets the TTL of packets to 255 and the
receiver expects the TTL of packets to be 255 minus the configured hop count.

QUESTION 17
Which two statements are correct about a sham link? (Choose two.)
www.VCEplus.io
A. It creates an OSPF multihop neighborship between two PE routers.
B. It creates a BGP multihop neighborship between two PE routers.
C. The PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes
D. The PEs exchange Type 3 OSPF LSAs instead of Type 1 OSPF LSAs for the L3VPN routes.

Correct Answer: A, C
Section:
Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents
OSPF from preferring an intra-area back door link over the VPN backbone. A sham link creates an OSPF multihop neighborship between the PE routers using TCP port 646. The PEs exchange Type 1 OSPF LSAs instead
of Type 3 OSPF LSAs for the L3VPN routes, which allows OSPF to use the correct metric for route selection1.

QUESTION 18
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

R1 and R8 are not receiving each other's routes
Referring to the exhibit, what are three configuration commands that would solve this problem?
(Choose three.)
A. Configure loops and advertise-peer-as on routers in AS 64497 and AS 64450.
B. Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 64498.
C. Configure as-override on advertisement from AS 64500 toward AS 64512.
D.
E.
www.VCEplus.io
Configure remove-private on advertisements from AS 64497 toward AS 64498
Configure remove-private on advertisements from AS 64500 toward AS 64499

Correct Answer: B, D, E
Section:
Explanation:
The problem in this scenario is that R1 and R8 are not receiving each other's routes because of private AS numbers in the AS path. Private AS numbers are not globally unique and are not advertised to external BGP
peers. To solve this problem, you need to do the following:
Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 64498. This allows R5 and R6 to advertise their own AS number (65412) instead of their peer's AS number (64498) when sending updates
to R7 and R8. This prevents a loop detection issue that would cause R7 and R8 to reject the routes from R5 and R62.
Configure remove-private on advertisements from AS 64497 toward AS 64498 and from AS 64500 toward AS 64499. This removes any private AS numbers from the AS path before sending updates to external BGP
peers. This allows R2 and R3 to receive the routes from R1 and R4, respectively3.

QUESTION 19
Which origin code is preferred by BGP?
A. Internal
B. External
C. Incomplete
D. Null

Correct Answer: C
Section:
Explanation:
BGP uses several attributes to select the best path for a destination prefix. One of these attributes is origin, which indicates how BGP learned about a route. The origin attribute can have one of three values: IGP, EGP,
or Incomplete. IGP means that the route was originated by a network or aggregate statement within BGP or by redistribution from an IGP into BGP. EGP means that the route was learned from an external BGP peer
(this value is obsolete since BGP version 4). Incomplete means that the route was learned by some other means, such as redistribution from a static route into BGP.

IT Certification Exams - Questions & Answers | VCEplus.io

BGP prefers routes with lower origin values, so Incomplete is preferred over EGP, which is preferred over IGP.

QUESTION 20
An interface is configured with a behavior aggregate classifier and a multifield classifier How will the packet be processed when received on this interface?
A. The packet will be discarded.
B. The packet will be processed by the BA classifier first, then the MF classifier.
C. The packet will be forwarded with no classification changes.
D. The packet will be processed by the MF classifier first, then the BA classifier.

Correct Answer: C
Section:
Explanation:
behavior aggregate (BA) classifiers and multifield (MF) classifiers are two types of classifiers that are used to assign packets to a forwarding class and a loss priority based on different criteria. The forwarding class
determines the output queue for a packet. The loss priority is used by a scheduler to control packet discard during periods of congestion.
A BA classifier maps packets to a forwarding class and a loss priority based on a fixed-length field in the packet header, such as DSCP, IP precedence, MPLS EXP, or IEEE 802.1p CoS bits. A BA classifier is
computationally efficient and suitable for core devices that handle high traffic volumes. A BA classifier is useful if the traffic comes from a trusted source and the CoS value in the packet header is trusted.
An MF classifier maps packets to a forwarding class and a loss priority based on multiple fields in the packet header, such as source address, destination address, protocol type, port number, or VLAN ID.
An MF classifier is more flexible and granular than a BA classifier and can match packets based on complex filter rules. An MF classifier is suitable for edge devices that need to classify traffic from untrusted sources or
rewrite packet headers.
You can configure both a BA classifier and an MF classifier on an interface. If you do this, the BA classification is performed first and then the MF classification. If the two classification results conflict, the MF
classification result overrides the BA classification result.
Based on this information, we can infer the following statements:
The packet will be discarded. This is not correct because the packet will not be discarded by the classifiers unless it matches a filter rule that specifies discard as an action. The classifiers only assign packets to a
forwarding class and a loss priority based on their match criteria.

www.VCEplus.io
The packet will be processed by the BA classifier first, then the MF classifier. This is correct because if both a BA classifier and an MF classifier are configured on an interface, the BA classification is performed first and
then the MF classification. If they conflict, the MF classification result overrides the BA classification result.
The packet will be forwarded with no classification changes. This is not correct because the packet will be classified by both the BA classifier and the MF classifier if they are configured on an interface.
The final classification result will determine which output queue and which discard policy will be applied to the packet.
The packet will be processed by the MF classifier first, then the BA classifier. This is not correct because if both a BA classifier and an MF classifier are configured on an interface, the BA classification is performed first
and then the MF classification. If they conflict, the MF classification result overrides the BA classification result.

QUESTION 21
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

Referring to the exhibit, PIM-SM is configured on all routers, and Anycast-RP with Anycast-PIM is used for the discovery mechanism on RP1 and RP2. The interface metric values are shown for the OSPF area.
In this scenario, which two statements are correct about which RP is used? (Choose two.)
A. Source2 will use RP2 and Received will use RP2 for group 224.2.2.2.
B. Source2 will use RP1 and Receiver2 will use RP1 for group 224.2.2.2.
C.
D. Source1 will use RP1 and Receiver1 will use RP2 for group 224.1 1 1

Correct Answer: A, C
www.VCEplus.io
Source1 will use RP1 and Receiver1 will use RP1 for group 224.1.1.1.

Section:
Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents
OSPF from preferring an intra-area back door link over the VPN backbone. A sham link creates an OSPF multihop neighborship between the PE routers using TCP port 646. The
PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes, which allows OSPF to use the correct metric for route selection1.

QUESTION 22
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

Referring to the exhibit, which three statements are correct about route 10 0 0.0/16 when using the default BGP advertisement rules'? (Choose three.)
A. R1 will prepend AS 65531 when advertising 10 0.0 0/16 to R2.
B. R1 will advertise 10.0.0.0/16 to R2 with 192 168 1 1 as the next hop.
C. R2 will advertise 10.0.0.0/16 to R3 with 192.168.1 1 as the next hop
D. R4 will advertise 10 0.0 0/16 to R6 with 172.16 1 1 as the next hop
E. R2 will advertise 10.0.0.0/16 to R4 with 172.16.1.1 as the next hop

Correct Answer: B, D, E
Section:
Explanation: www.VCEplus.io
The problem in this scenario is that R1 and R8 are not receiving each other's routes because of private AS numbers in the AS path. Private AS numbers are not globally unique and are not advertised to external BGP
peers. To solve this problem, you need to do the following:
Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 64498. This allows R5 and R6 to advertise their own AS number (65412) instead of their peer's AS number (64498) when sending updates
to R7 and R8. This prevents a loop detection issue that would cause R7 and R8 to reject the routes from R5 and R62.
Configure remove-private on advertisements from AS 64497 toward AS 64498 and from AS 64500 toward AS 64499. This removes any private AS numbers from the AS path before sending updates to external BGP
peers. This allows R2 and R3 to receive the routes from R1 and R4, respectively3.

QUESTION 23
Which two statements describe PIM-SM? (Choose two)
A. Routers with receivers send join messages to their upstream neighbors.
B. Routers without receivers must periodically prune themselves from the SPT.
C. Traffic is initially flooded to all routers and an S,G is maintained for each group
D. Traffic is only forwarded to routers that request to join the distribution tree.

Correct Answer: A, D
Section:
Explanation:
PIM sparse mode (PIM-SM) is a multicast routing protocol that uses a pull model to deliver multicast traffic. In PIM-SM, routers with receivers send join messages to their upstream neighbors toward a rendezvous
point (RP) or a source-specific tree (SPT). The RP or SPT acts as the root of a shared distribution tree for a multicast group. Traffic is only forwarded to routers that request to join the distribution tree by sending join
messages. PIM-SM does not flood traffic to all routers or prune routers without receivers, as PIM dense mode does.

QUESTION 24
Which statement is true regarding BGP FlowSpec?

IT Certification Exams - Questions & Answers | VCEplus.io

A. It uses a remote triggered black hole to protect a network from a denial-of-service attack.
B. It uses dynamically created routing policies to protect a network from denial-of-service attacks
C. It is used to protect a network from denial-of-service attacks dynamically
D. It verifies that the source IP of the incoming packet has a resolvable route in the routing table

Correct Answer: B
Section:
Explanation:
BGP FlowSpec is a feature that extends the Border Gateway Protocol (BGP) to enable routers to exchange traffic flow specifications, allowing for more precise control of network traffic. The BGP FlowSpec feature
enables routers to advertise and receive information about specific flows in the network, such as those originating from a particular source or destined for a particular destination. Routers can then use this
information to construct traffic filters that allow or deny packets of a certain type, rate limit flows, or perform other actions1. BGP FlowSpec can also help in filtering traffic and taking action against distributed denial
of service (DDoS) attacks by dropping the DDoS traffic or diverting it to an analyzer2. BGP FlowSpec rules are internally converted to equivalent Cisco Common Classification Policy Language (C3PL) representing
corresponding match and action parameters2. Therefore, BGP FlowSpec uses dynamically created routing policies to protect a network from denial-of-service attacks.
Reference: 1: https://www.networkingsignal.com/what-is-bgp-flowspec/ 2:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-flowspec-route-reflector-support.html

QUESTION 25
Which two statements about IS-IS are correct? (Choose two.)
A. PSNPs are flooded periodically.
B. PSNPs contain only descriptions of LSPs.
C. CSNPs are flooded periodically
D. CSNPs contain only descriptions of LSPs.

Correct Answer: B, C

www.VCEplus.io
Section:
Explanation:
IS-IS is an interior gateway protocol that uses link-state routing to exchange routing information among routers within a single autonomous system. IS-IS uses two types of packets to synchronize link-state databases
among routers: Link State Packets (LSPs) and Partial Sequence Number Packets (PSNPs). LSPs contain information about the state and cost of links in the network, and are flooded periodically throughout the network.
PSNPs are used to acknowledge receipt of LSPs and request retransmission of missing or corrupted LSPs. PSNPs contain only descriptions of LSPs, such as their sequence numbers and checksums3. IS-IS also uses
another type of packet called Complete Sequence Number Packets (CSNPs), which are used to summarize the entire link-state database at regular intervals or when a new adjacency is formed. CSNPs are flooded
periodically throughout the network and contain only descriptions of LSPs4. Therefore, PSNPs contain only descriptions of LSPs and CSNPs are flooded periodically.
Reference: 3: https://www.juniper.net/documentation/us/en/software/junos/routingpolicy/ topics/concept/routing-policy-is-is-partial-sequence-number-packet-psnp.html 4:
https://www.juniper.net/documentation/us/en/software/junos/routingpolicy/ topics/concept/routing-policy-is-is-complete-sequence-number-packet-csnp.html

QUESTION 26
Which two statements are correct about VPLS tunnels? (Choose two.)
A. LDP-signaled VPLS tunnels only support control bit 0.
B. LDP-signaled VPLS tunnels use auto-discovery to provision sites
C. BGP-signaled VPLS tunnels can use either RSVP or LDP between the PE routers.
D. BGP-signaled VPLS tunnels require manual provisioning of sites.

Correct Answer: B, C
Section:
Explanation:
VPLS is a Layer 2 VPN technology that allows multiple sites to connect over a shared IP/MPLS network as if they were on the same LAN. VPLS tunnels can be signaled using either Label Distribution Protocol (LDP) or
Border Gateway Protocol (BGP). LDP-signaled VPLS tunnels use autodiscovery to provision sites, meaning that PE routers can automatically discover other PE routers that belong to the same VPLS instance

QUESTION 27
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

 www.VCEplus.io
CE-1 must advertise ten subnets to PE-1 using BGP Once CE-1 starts advertising the subnets to PE-1, the BGP peering state changes to Active.
Referring to the CLI output shown in the exhibit, which statement is correct?
A. CE-1 is advertising its entire routing table.
B. CE-1 is configured with an incorrect peer AS
C. The prefix limit has been reached on PE-1
D. CE-1 is unreachable

Correct Answer: B
Section:
Explanation:
The problem in this scenario is that CE-1 is configured with an incorrect peer AS number for its BGP session with PE-1. The CLI output shows that CE-1 is using AS 65531 as its local AS number and AS 65530 as its peer
AS number. However, PE-1 is using AS 65530 as its local AS number and AS 65531 as its peer AS number. This causes a mismatch in the BGP OPEN messages and prevents the BGP session from being established. To
solve this problem, CE-1 should configure its peer AS number as 65530 under [edit protocols bgp group external] hierarchy level.

QUESTION 28
After a recent power outage, your manager asks you to investigate ways to automatically reduce the impact caused by suboptimal routing in your OSPF and OSPFv3 network after devices reboot.
Which three configuration statements accomplish this task? (Choose three.)
A. set protocols ospf overload timeout 900

IT Certification Exams - Questions & Answers | VCEplus.io

B. set protocols ospf3 realm ipv4-unicast overload timeout 900
C. set protocols ospf overload
D. set protocols oapf3 overload timeout 900
E. set protocols ospf3 overload

Correct Answer: A, E
Section:
Explanation:
To reduce the impact of suboptimal routing in OSPF and OSPFv3 after devices reboot, you can use the overload feature to prevent a router from being used as a transit router for a specified period of time. This allows
the router to stabilize its routing table before forwarding traffic for other routers. To enable the overload feature, you need to do the following:
For OSPF, configure the overload statement under [edit protocols ospf] hierarchy level. You can also specify a timeout value in seconds to indicate how long the router should remain in overload state after it boots up.
For example, set protocols ospf overload timeout 900 means that the router will be in overload state for 15 minutes after it boots up.
For OSPFv3, configure the overload statement under [edit protocols ospf3] hierarchy level. You can also specify a realm (ipv4-unicast or ipv6-unicast) and a timeout value in seconds to indicate how long the router
should remain in overload state after it boots up for each realm. For example, set protocols ospf3 realm ipv4-unicast overload timeout 900 means that the router will be in overload state for 15 minutes after it boots
up for IPv4 unicast routing.

QUESTION 29
A packet is received on an interface configured with transmission scheduling. One of the configured queues In this scenario, which two actions will be taken by default on a Junos device? (Choose two.)
A. The excess traffic will be discarded
B. The exceeding queue will be considered to have negative bandwidth credit.
C. The excess traffic will use bandwidth available from other queueses
D. The exceeding queue will be considered to have positive bandwidth credit

Correct Answer: A, B
Section:
Explanation:
www.VCEplus.io
Transmission scheduling is a CoS feature that allows you to allocate bandwidth among different queues on an interface. Each queue has a configured bandwidth percentage that determines how much of the available
bandwidth it can use. If a queue exceeds its allocated bandwidth, it is considered to have negative bandwidth credit and its excess traffic will be discarded by default. If a queue does not use all of its allocated
bandwidth, it is considered to have positive bandwidth credit and its unused bandwidth can be shared by other queues.

QUESTION 30
In IS-IS, which two statements are correct about the designated intermediate system (DIS) on a multi-access network segment? (Choose two)
A. A router with a priority of 10 wins the DIS election over a router with a priority of 1.
B. A router with a priority of 1 wins the DIS election over a router with a priority of 10.
C. On the multi-access network, each router forms an adjacency to every other router on the segment
D. On the multi-access network, each router only forms an adjacency to the DIS.

Correct Answer: A, D
Section:
Explanation:
In IS-IS, a designated intermediate system (DIS) is a router that is elected on a multi-access network segment (such as Ethernet) to perform some functions on behalf of other routers on the same segment. A DIS is
responsible for sending network link-state advertisements (LSPs), which describe all the routers attached to the network. These LSPs are flooded throughout a single area. A DIS also generates pseudonode LSPs,
which represent the multi-access network as a single node in the linkstate database. A DIS election is based on the priority value configured on each router's interface connected to the multi-access network. The
priority value ranges from 0 to 127, with higher values indicating higher priority. The router with the highest priority becomes the DIS for the area (Level 1, Level 2, or both). If routers have the same priority, then the
router with the highest MAC address is elected as the DIS. By default, routers have a priority value of 64. On a multi-access network, each router only forms an adjacency to the DIS, not to every other router on the
segment. This reduces the amount of hello packets and LSP

QUESTION 31
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

www.VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

R4 is directly connected to both RPs (R2 and R3) R4 is currently sending all ,o,ns upstream to R3 but you want all joins to go to R2 instead Referring to the exhibit, which configuration change will solve this issue?
A. Change the bootstrap priority on R2 to be higher than R3
B. Change the default route in inet.2 on R4 from R3 as the next hop to R2
C. Change the local address on R2 to be higher than R3.
D. Change the group-range to be more specific on R2 than R3.

Correct Answer: A
Section:
Explanation:
PIM Bootstrap Router (BSR) is a mechanism that allows PIM routers to discover and announce rendezvous point (RP) information for multicast groups. BSR uses two roles: candidate BSR and candidate RP. Candidate
BSR is the router that collects information from all available RPs in the network and advertises it throughout the network. Candidate RP is the router that wants to become the RP and registers itself with the BSR.
There can be only one active BSR in the network, which is elected based on the highest priority or highest IP address if the priority is the same. The BSR priority can be configured manually or assigned automatically.
The default priority is 0 and the highest priority is 2551. In this question, R4 is directly connected to both RPs (R2 and R3) and is currently sending all joins upstream to R3 but we want all joins to go to R2 instead. To
achieve this, we need to change the BSR priority on R2 to be higher than R3 so that R2 becomes the active BSR and advertises its RP information to R4.
Reference: 1: https://study-ccnp.com/multicast-rendezvous-points-explained/

QUESTION 32
In which two ways does OSPF prevent routing loops in multi-area networks? (Choose two.)
A. All areas are required to connect as a full mesh.
B. The LFA algorithm prunes all looped paths within an area.
C. All areas are required to connect to area 0.
D. The SPF algorithm prunes looped paths within an area.

Correct Answer: C, D

www.VCEplus.io
Section:
Explanation:
OSPF is an interior gateway protocol that uses link-state routing to exchange routing information among routers within a single autonomous system. OSPF prevents routing loops in multi-area networks by using two
methods: area hierarchy and SPF algorithm. Area hierarchy is the concept of dividing a large OSPF network into smaller areas that are connected to a backbone area (area 0). This reduces the amount of routing
information that each router has to store and process, and also limits the scope of link-state updates within each area. All areas are required to connect to area 0 either directly or through virtual links2. SPF algorithm
is the method that OSPF uses to calculate the shortest path to each destination in the network based on link-state information. The SPF algorithm runs on each router and builds a shortest-path tree that represents
the topology of the network from the router's perspective. The SPF algorithm prunes looped paths within an area by choosing only one best path for each destination3.
Reference: 2:
https://www.juniper.net/documentation/us/en/software/junos/ospf/topics/concept/ospf-areaoverview.html 3:
https://www.juniper.net/documentation/us/en/software/junos/ospf/topics/concept/ospf-spfalgorithm-overview.html

QUESTION 33
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

You want to use both links between R1 and R2 Because of the bandwidth difference between the two links, you must ensure that the links are used as much as possible.
Which action will accomplish this goal?
A. Define a policy to tag routes with the appropriate bandwidth community.
B. Disable multipath.
C. Ensure that the metric-out parameter on the Gigabit Ethernet interface is higher than the 10
Gigibit Ethernet interface.
D. Enable per-prefix load balancing.

Correct Answer: D
Section:
Explanation:
www.VCEplus.io
VPLS is a Layer 2 VPN technology that allows multiple sites to connect over a shared IP/MPLS network as if they were on the same LAN. VPLS tunnels can be signaled using either Label Distribution Protocol (LDP) or
Border Gateway Protocol (BGP). In this question, we have two links between R1 and R2 with different bandwidths (10 Gbps and 1 Gbps). We want to use both links as much as possible for VPLS traffic. To achieve this,
we need to enable per-prefix load balancing on both routers. Per-prefix load balancing is a feature that allows a router to distribute traffic across multiple equal-cost or unequal-cost paths based on the destination
prefix of each packet. This improves the utilization of multiple links and provides better load sharing than per-flow load balancing, which distributes traffic based on a hash of source and destination addresses4. Per-
prefix load balancing can be enabled globally or per interface using the load-balance per-packet command.
Reference: 4: https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switchingmpls/mpls/137544-technote-mpls-00.html

QUESTION 34
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

You are attempting to summarize routes from the 203.0.113.128/25 IP block on R8 to AS 64500. You implement the export policy shown in the exhibit and all routes from the routing table stop being advertised.
In this scenario, which two steps would you take to summarize the route in BGP? (Choose two.)
A. Remove the from protocol bgp command from the export policy.
B. Add the set protocols bgp family inet unicast add-path command to allow additional routes to the RIB tables. -
C. Add the set routing-options static route 203.0.113.123/25 discard command.
Replace exact in the export policy with orlonger.

www.VCEplus.io
D.

Correct Answer: C, D
Section:
Explanation:
To summarize routes from the 203.0.113.128/25 IP block on R8 to AS 64500, you need to do the following:
Add the set routing-options static route 203.0.113.128/25 discard command. This creates a static route for the summary prefix and discards any traffic destined to it. This is necessary because BGP can only advertise
routes that are present in the routing table.
Replace exact in the export policy with orlonger. This allows R8 to match and advertise any route that is equal or more specific than the summary prefix. The exact term only matches routes that are exactly equal to
the summary prefix, which is not present in the routing table.

QUESTION 35
Which two statements are correct regarding bootstrap messages that are forwarded within a PIM sparse mode domain? (Choose two.)
A. Bootstrap messages are forwarded only to routers that explicitly requested the messages within the PIM sparse-mode domain
B. Bootstrap messages distribute RP information dynamically during an RP election.
C. Bootstrap messages are used to notify which router is the PIM RP
D. Bootstrap messages are forwarded to all routers within a PIM sparse-mode domain.

Correct Answer: B, D
Section:
Explanation:
Bootstrap messages are PIM messages that are used to distribute rendezvous point (RP) information dynamically during an RP election. Bootstrap messages are sent by bootstrap routers (BSRs), which are routers
that are elected to perform the RP discovery function for a PIM sparse-mode domain.
Bootstrap messages contain information about candidate RPs and their multicast groups, as well as BSR priority and hash mask length. Bootstrap messages are forwarded to all routers within a PIM sparse-mode
domain using hop-by-hop flooding.

QUESTION 36

IT Certification Exams - Questions & Answers | VCEplus.io

Exhibit

www.VCEplus.io
Which two statements about the configuration shown in the exhibit are correct? (Choose two.)
A. This VPN connects customer sites that use different AS numbers.
B. This VPN connects customer sites that use the same AS number
C. A Layer 2 VPN is configured.
D. A Layer 3 VPN is configured.

Correct Answer: A, D
Section:
Explanation:
The configuration shown in the exhibit is for a Layer 3 VPN that connects customer sites that use different AS numbers. A Layer 3 VPN is a type of VPN that uses MPLS labels to forward packets across a provider
network and BGP to exchange routing information between PE routers and CE routers. A Layer 3 VPN allows customers to use different routing protocols and AS numbers at their sites, as long as they can peer with
BGP at the PE-CE interface. In this example, CE-1 is using AS 65530 and CE-2 is using AS 65531, but they can still communicate through the VPN because they have BGP sessions with PE-1 and PE-2, respectively.

QUESTION 37
You are configuring a BGP signaled Layer 2 VPN across your MPLS enabled core network. In this scenario, which statement is correct?
A. You must assign a unique site number to each attached site's configuration.
B. This type of VPN only supports Ethernet interfaces when connecting to CE devices.
C. This type of VPN requires the support of the inet-vpn NLRI on all core BGP devices
D. You must use the same route-distinguiaher value on both PE devices.

Correct Answer: C

IT Certification Exams - Questions & Answers | VCEplus.io

Section:
Explanation:
BGP signaled Layer 2 VPN is a type of VPN that uses BGP to distribute VPN labels and information for Layer 2 connectivity between sites over an MPLS network. BGP signaled Layer 2 VPN requires the support of the
l2vpn NLRI on all core BGP devices1. The l2vpn NLRI is a new address family that carries Layer 2 VPN information such as the VPN identifier, the attachment circuit identifier, and the route distinguisher. The l2vpn NLRI
is used for both auto-discovery and signaling of Layer 2 VPNs2. In this scenario, we are configuring a BGP signaled Layer 2 VPN across an MPLS enabled core network.
Therefore, we need to ensure that all core BGP devices support the l2vpn NLRI.
Reference: 1: https://www.juniper.net/documentation/us/en/software/junos/vpnl2/topics/concept/vpn-layer-2-overview.html 2: https://www.cisco.com/c/en/us/td/docs/iosxml/ios/mp_l2_vpns/configuration/xe-16/mp-
l2-vpns-xe-16-book/vpls-bgp-signaling-l2vpn-inter-asoption-a.html

QUESTION 38
Exhibit

www.VCEplus.io

Referring to the exhibit, you are receiving the 192.168 0 0/16 route on both R3 and R4 from your EBGP neighbor You must ensure that R1 and R2 receive both BGP routes from the route reflector In this scenario, which BGP feature
should you configure to accomplish this behavior?
A. add-path
B. multihop
C. multipath
D. route-target

Correct Answer: A

IT Certification Exams - Questions & Answers | VCEplus.io

Section:
Explanation:
BGP add-path is a feature that allows the advertisement of multiple paths through the same peering session for the same prefix without the new paths implicitly replacing any previous paths. This behavior promotes
path diversity and reduces multi-exit discriminator (MED) oscillations. BGP addpath is implemented by adding a path identifier to each path in the NLRI. The path identifier can be considered as something similar to a
route distinguisher in VPNs, except that a path ID can apply to any address family. Path IDs are unique to a peering session and are generated for each network3. In this question, we have a route reflector (RR) that
receives two routes for the same prefix (192.168.0.0/16) from an EBGP neighbor. By default, the RR will only advertise its best path to its clients (R1 and R2). However, we want R1 and R2 to receive both routes from
the RR. To achieve this, we need to configure BGP add-path on the RR and enable it to send multiple paths for the same prefix to its clients.
Reference: 3: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-additional-paths.html

QUESTION 39
Which two statements are correct about the customer interface in an LDP-signaled pseudowire?
(Choose two)
A. When the encapsulation is vlan-ccc or extended-vlan-ccc, the configured VLAN tag is not included in the control plane LDP advertisement
B. When the encapsulation is ethernet-ccc, only frames without a VLAN tag are accepted in the data plane
C. When the encapsulation is vLan-ccc or extended-vlan-ccc, the configured VLAN tag is included in the control plane LDP advertisement
D. When the encapsulation is ethemet-ccc, tagged and untagged frames are both accepted in the data plane.

Correct Answer: C, D
Section:
Explanation:
The customer interface in an LDP-signaled pseudowire is the interface on the PE router that connects to the CE device. An LDP-signaled pseudowire is a type of Layer 2 circuit that uses LDP to establish a point-to-
point connection between two PE routers over an MPLS network. The customer interface can have different encapsulation types depending on the type of traffic that is carried over the pseudowire. The
encapsulation types are ethernet-ccc, vlan-ccc, extended-vlan-ccc, atm-ccc, frame-relay-ccc, ppp-ccc, cisco-hdlc-ccc, and tcc-ccc. Depending on the encapsulation type, the customer interface can accept or reject
tagged or untagged frames in the data plane, and include or exclude VLAN tags in the control plane LDP advertisement. The following table summarizes the behavior of different encapsulation types:

QUESTION 40
Exhibit www.VCEplus.io

Referring to the exhibit, which statement is true?

A. The 10.101.1.0/24 route will be shared if the vrf-table-label parameter is configured.
B. The 10.101.1.0/24 route will only be shared if BGP is configured in the routing instance
C. The 10.101.1 0/24 route will be shared if there are other VRFs that use the same route target community
D. The 10.101.1.0/24 route will be shared if the auto-export parameter is configured

IT Certification Exams - Questions & Answers | VCEplus.io

Correct Answer: D
Section:
Explanation:
The auto-export parameter is a routing option that allows a routing instance to share routes with other routing instances or the master routing table. The auto-export parameter automatically exports routes from
one routing instance to another based on the route target communities attached to the routes. In this scenario, the 10.101.1.0/24 route will be shared if the auto-export parameter is configured under [edit routing-
options] hierarchy level.

QUESTION 41
Exhibit

Referring to the exhibit, what do the brackets [ ] in the AS path identify?

A. They identify the local AS number associated with the AS path if configured on the router, or if AS path prepending is configured
B. They identify an AS set, which are groups of AS numbers in which the order does not matter
C.
D. www.VCEplus.io
They identify that the autonomous system number is incomplete and awaiting more information from the BGP protocol.
They identify that a BGP confederation is being used to ensure that there are no routing loops.

Correct Answer: B
Section:
Explanation:
The brackets [ ] in the AS path identify an AS set, which are groups of AS numbers in which the order does not matter. An AS set is used when BGP aggregates routes from different ASs into a single prefix. For
example, if BGP aggregates routes 10.0.0.0/16 and 10.1.0.0/16 from AS 100 and AS 200, respectively, into a single prefix 10.0.0.0/15, then the AS path for this prefix will be [100 200]. An AS set reduces the length of
the AS path and prevents routing loops.

QUESTION 42
When using OSPFv3 for an IPv4 environment, which statement is correct?
A. OSPFv3 only supports IPv4.
B. OSPFv3 supports both IPv6 and IPv4, but not in the same routing instance.
C. OSPFv3 is not backward compatible with IPv4
D. OSPFv3 supports IPv4 only on interfaces with family inet6 defined

Correct Answer: C
Section:
Explanation:
OSPFv3 is an extension of OSPFv2 that supports IPv6 routing and addressing. OSPFv3 is not backward compatible with IPv4 because it uses a different packet format and a different link-state advertisement (LSA)
structure than OSPFv2. OSPFv3 also uses IPv6 link-local addresses as router IDs and neighbor addresses, instead of IPv4 addresses. To use OSPFv3 for an IPv4 environment, you need to enable the IPv4 unicast address
family under [edit protocols ospf3] hierarchy level and configure
IPv4 addresses on the interfaces.

QUESTION 43

IT Certification Exams - Questions & Answers | VCEplus.io

When building an interprovider VPN, you notice on the PE router that you have hidden routes which are received from your BGP peer with family inet labeled-unica3t configured.
Which parameter must you configure to solve this problem?
A. Under the family inet labeled-unicast hierarchy, add the explicit null parameter.
B. Under the protocols ospf hierarchy, add the traffic-engineering parameter.
C. Under the family inet labeled-unicast hierarchy, add the resolve-vpn parameter.
D. Under the protocols mpls hierarchy, add the traffic-engineering parameter

Correct Answer: C
Section:
Explanation:
The resolve-vpn parameter is a BGP option that allows a router to resolve labeled VPN-IPv4 routes using unlabeled IPv4 routes received from another BGP peer with family inet labeled-unicast configured. This option
enables interprovider VPNs without requiring MPLS labels between ASBRs or using VRF tables on ASBRs. In this scenario, you need to configure the resolve-vpn parameter under [edit protocols bgp group external
family inet labeled-unicast] hierarchy level on both ASBRs.

QUESTION 44
Exhibit

www.VCEplus.io

The network shown in the exhibit is based on IS-IS

Which statement is correct in this scenario?
A. The NSEL byte for Area 0001 is 00.
B. The area address is two bytes.
C. The routers are using unnumbered interfaces
D. The system IDofR1_2 is 192.168.16.1

Correct Answer: A

IT Certification Exams - Questions & Answers | VCEplus.io

Section:
Explanation:
IS-IS is an interior gateway protocol that uses link-state routing to exchange routing information among routers within a single autonomous system. IS-IS uses two types of addresses to identify routers and areas:
system ID and area address. The system ID is a unique identifier for each router in an IS-IS domain. The system ID is 6 octets long and can be derived from the MAC address or manually configured. The area address is
a variable-length identifier for each area in an IS-IS domain. The area address can be 1 to 13 octets long and is composed of high-order octets of the address. An IS-IS instance may be assigned multiple area addresses,
which are considered synonymous. Multiple synonymous area addresses are useful when merging or splitting areas in the domain1. In this question, we have a network based on IS-IS with four routers (R1_1, R1_2,
R2_1, and R2_2) belonging to area 0001. The area address for area 0001 is 49.0001. The NSEL byte for area 0001 is the last octet of the address, which is 01. The NSEL byte stands for Network Service Access Point
Selector (NSAP Selector) and indicates the type of service requested from the network layer2. Therefore, the correct statement in this scenario is that the NSEL byte for area 0001 is 01.
Reference: 1: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/xe-16/irs-xe-16-book/irs-ovrvw-cf.html 2:
https://www.juniper.net/documentation/us/en/software/junos/is-is/topics/concept/is-is-routingoverview.html

QUESTION 45
Exhibit

www.VCEplus.io

Based on the configuration contents shown in the exhibit, which statement is true?
A. Joins for group 224.7.7.7 are rejected if the source address is 192.168.100.10
B. Joins for any group are accepted if the group count value is less than 25.
C. Joins for group 224.7.7.7 are always rejected, regardless of the group count.
D. Joins for group 224.7.7.7 are accepted if the group count is less than 25

Correct Answer: D
Section:
Explanation:
BGP policy framework is a set of tools that allows you to control the flow of routing information and apply routing policies based on various criteria. BGP policy framework consists of several components, such as
route maps, prefix lists, community lists, AS path lists, and route filters. Route maps are used to define routing policies by matching certain conditions and applying certain actions.
Prefix lists are used to filter routes based on their prefixes. Community lists are used to filter routes based on their community attributes. AS path lists are used to filter routes based on their AS path attributes. Route
filters are used to filter routes based on their prefix length or range3. In this question, we have a route map named ISP-A that has two clauses: clause 10 and clause 20. Clause 10 matches any route with a prefix
length between 8 and 24 bits and sets the local preference to 200.

IT Certification Exams - Questions & Answers | VCEplus.io

Clause 20 matches any route with a prefix of 224.7.7.7/32 and rejects it. The route map is applied inbound on the BGP neighborship with ISP-A. Based on this configuration, the correct statement is that joins for group
224.7.7.7 are always rejected, regardless of the group count. This is because clause 20 explicitly denies any route with a prefix of 224.7.7.7/32, which corresponds to the multicast group 224.7.7.7.
Reference: 3: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-policy-framework.html

QUESTION 46
Exhibit

www.VCEplus.io

Referring to the exhibit, which statement is correct?

A. The vrf-target configuration will allow routes to be shared between CE-1 and CE-2.
B. The vrf-target configuration will stop routes from being shared between CE-1 and CE-2.
C. The route-distinguisher configuration will allow overlapping routes to be shared between CE-1 and

IT Certification Exams - Questions & Answers | VCEplus.io

CE-2.
D. The route-diatinguisher configuration will stop routes from being shared between CE-1 and CE-2.

Correct Answer: C
Section:
Explanation:
The route distinguisher (RD) is a BGP attribute that is used to create unique VPN IPv4 prefixes for each VPN in an MPLS network. The RD is a 64-bit value that consists of two parts: an administrator field and an
assigned number field. The administrator field can be an AS number or an IP address, and the assigned number field can be any arbitrary value chosen by the administrator. The RD is prepended to the IPv4 prefix to
create a VPN IPv4 prefix that can be advertised across the MPLS network without causing any overlap or conflict with other VPNs. In this question, we have two PE routers (PE-1 and PE-2) that are connected to two
CE devices (CE-1 and CE-2) respectively. PE-1 and PE-2 are configured with VRFs named Customer-A and Customer-B respectively.

QUESTION 47
Exhibit

www.VCEplus.io

Click the Exhibit button-Referring to the exhibit, which two statements are correct about BGP routes on R3 that are learned from the ISP-A neighbor? (Choose two.)
A. By default, the next-hop value for these routes is not changed by ISP-A before being sent to R3.
B. The BGP local-preference value that is used by ISP-A is not advertised to R3.
C. All BGP attribute values must be removed before receiving the routes.
D. The next-hop value for these routes is changed by ISP-A before being sent to R3.

IT Certification Exams - Questions & Answers | VCEplus.io

Correct Answer: A, B
Section:
Explanation:
BGP is an exterior gateway protocol that uses path vector routing to exchange routing information among autonomous systems. BGP uses various attributes to select the best path to each destination and to
propagate routing policies. Some of the common BGP attributes are AS path, next hop, local preference, MED, origin, weight, and community. BGP attributes can be classified into four categories: well-known
mandatory, well-known discretionary, optional transitive, and optional nontransitive. Well-known mandatory attributes are attributes that must be present in every BGP update message and must be recognized by
every BGP speaker. Well-known discretionary attributes are attributes that may or may not be present in a BGP update message but must be recognized by every BGP speaker. Optional transitive attributes are
attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional transitive attribute is not recognized by a BGP speaker, it is passed along to the
next BGP speaker. Optional nontransitive attributes are attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional nontransitive attribute
is not recognized by a BGP speaker, it is not passed along to the next BGP speaker. In this question, we have four routers (R1, R2, R3, and R4) that are connected in a full mesh topology and running IBGP. R3 receives
the 192.168.0.0/16 route from its EBGP neighbor and advertises it to R1 and R4 with different BGP attribute values. We are asked which statements are correct about the BGP routes on R3 that are learned from the
ISP-A neighbor. Based on the information given, we can infer that the correct statements are:
By default, the next-hop value for these routes is not changed by ISP-A before being sent to R3. This is because the default behavior of EBGP is to preserve the next-hop attribute of the routes received from another
EBGP neighbor. The next-hop attribute indicates the IP address of the router that should be used as the next hop to reach the destination network.
The BGP local-preference value that is used by ISP-A is not advertised to R3. This is because the localpreference attribute is a well-known discretionary attribute that is used to influence the outbound traffic from an
autonomous system. The local-preference attribute is only propagated within an autonomous system and is not advertised to external neighbors.
Reference: : https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html : https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html :
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13759-37.html

QUESTION 48
Exhibit

www.VCEplus.io
You have MAC addresses moving in your EVPN environment
Referring to the exhibit, which two statements are correct about the sequence number? (Choose two)
A. It identifies MAC addresses that should be discarded.
B. It resolves conflicting MAC address ownership claims.
C. It helps the local PE to identify the latest advertisement.
D. It is advertised using a Type 2 message

Correct Answer: B, C
Section:
Explanation:
The sequence number is a field in the MAC mobility extended community that is used to resolve conflicting MAC address ownership claims and to help the local PE to identify the latest advertisement. The sequence
number is incremented by one for every MAC address mobility event, such as when a host moves from one Ethernet segment to another segment in the EVPN network.
The PE device that receives multiple MAC advertisements for the same MAC address chooses the one with the highest sequence number as the most recent and valid advertisement.

QUESTION 49
Which two statements are correct about reflecting inet-vpn unicast prefixes in BGP route reflection?
(Choose two.)
A. Route reflectors do not change any existing BGP attributes by default when advertising routes.
B. A BGP peer does not require any configuration changes to become a route reflector client.
C. Clients add their originator ID when advertising routes to their route reflector

IT Certification Exams - Questions & Answers | VCEplus.io

D. Route reflectors add their cluster ID to the AS path when readvertising client routes.

Correct Answer: A, B
Section:
Explanation:
Route reflection is a BGP feature that allows a router to reflect routes learned from one IBGP peer to another IBGP peer, without requiring a full-mesh IBGP topology. Route reflectors do not change any existing BGP
attributes by default when advertising routes, unless explicitly configured to do so. A BGP peer does not require any configuration changes to become a route reflector client, only the route reflector needs to be
configured with the client parameter under [edit protocols bgp group group-name neighbor neighbor-address] hierarchy level.

QUESTION 50
Exhibit

You are examining an L3VPN route that includes the information shown in the exhibit
Which statement is correct in this scenario?
A. The information shows a Type 1 route distinguisher.
B. The information shows a Type 0 route distinguisher
C. The information shows a Type 2 route distinguisher.
D. The information shows a route target

Correct Answer: B
Section:
Explanation:
www.VCEplus.io
The information shows a Type 0 route distinguisher, which is one of the three types of route distinguishers defined by RFC 4364. A route distinguisher is a 64-bit value that is prepended to an IPv4 address to create a
VPN-IPv4 address, which is unique within a VPN routing and forwarding (VRF) table. A Type 0 route distinguisher has two fields: an administrator subfield (2 bytes) and an assigned number subfield (6 bytes). The
administrator subfield can be an AS number or an IP address, and the assigned number subfield can be any value assigned by the administrator. In this example, the administrator subfield is 65530 (an AS number) and
the assigned number subfield is 1.

QUESTION 51
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

A.
B.
www.VCEplus.io
Referring to the exhibit, you must provide Internet access for VPN-A using CE-1 as the hub CE.
Which two statements are correct in this situation? (Choose two.)
You must use RIB groups to leak routes between the inet. o and vpn-a. inet. o tables.
RIB groups are not needed to leak routes between the inet. 0 and VPN—A. inet. 0 tables,
C. Internet traffic from Site 2 takes the path of PE-2 -> PE-1 -> GW-1.
D. Internet traffic from Site 2 takes the path of PE-2 -> PE-1 -> CE-1 -> PE-1 -> GW-1.

Correct Answer: A, D
Section:
Explanation:
To provide Internet access for VPN-A using CE-1 as the hub CE, you need to do the following:
You must use RIB groups to leak routes between the inet.0 and vpn-a.inet.0 tables on PE-1 and CE-1.
RIB groups are routing options that allow you to import routes from one routing table into another routing table based on certain criteria. In this scenario, you need to configure RIB groups on PE-1 and CE-1 to import
Internet routes from inet.0 into vpn-a.inet.0 and vice versa.
Internet traffic from Site 2 takes the path of PE-2 -> PE-1 -> CE-1 -> PE-1 -> GW-1. This is because Site 2 does not have direct Internet access and needs to use CE-1 as its default gateway for Internet traffic. Site 2
sends its Internet traffic to PE-2, which forwards it to PE-1 based on VPN-A routes. PE-1 then sends it to CE-1 based on RIB group import policy. CE-1 then sends it back to PE-1 based on its default route pointing to
GW-1. PE-1 then forwards it to GW-1 based on RIB group import policy again.

QUESTION 52
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

 www.VCEplus.io
A network is using IS-IS for routing.
In this scenario, why are there two TLVs shown in the exhibit?
A. There are both narrow and wide metric devices in the topology
B. The interface specified a metric of 100 for L2.
C. Wide metrics have specifically been requested
D. Both IPv4 and IPv6 are being used in the topology

Correct Answer: A
Section:
Explanation:
TLVs are tuples of (Type, Length, Value) that can be advertised in IS-IS packets. TLVs can carry different kinds of information in the Link State Packets (LSPs). IS-IS supports both narrow and wide metrics for link costs.
Narrow metrics use a single octet to encode the link cost, while wide metrics use three octets. Narrow metrics have a maximum value of 63, while wide metrics have a maximum value of 16777215. If there are both
narrow and wide metric devices in the topology, IS-IS will advertise two TLVs for each link: one with the narrow metric and one with the wide metric. This allows backward compatibility with older devices that only
support narrow metrics12.

QUESTION 53
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

You are asked to exchange routes between R1 and R4 as shown in the exhibit. These two routers use the same AS number Which two steps will accomplish this task? (Choose two.)
A. Configure the BGP group with the advertise-peer-as parameter on R1 and R4.
B. Configure the BGP group with the as-override parameter on R2 and R3
C. Configure the BGP group with the advertise-peer-as parameter on R2 and R3.
D. Configure the BGP group with the as-override parameter on R1 and R4

Correct Answer: A, B
Section:
Explanation:
The advertise-peer-as parameter allows a router to advertise its peer's AS number as part of the AS path attribute when sending BGP updates to other peers. This parameter is useful when two routers in the same AS
need to exchange routes through another AS, such as in the case of R1 and R4. By configuring this parameter on R1 and R4, they can advertise each other's AS number to R2 and R3, respectively.
The as-override parameter allows a router to replace the AS number of its peer with its own AS number when receiving BGP updates from that peer. This parameter is useful when two routers in different ASes need

www.VCEplus.io
to exchange routes through another AS that has the same AS number as one of them, such as in the case of R2 and R3. By configuring this parameter on R2 and R3, they can override the AS number of R1 and R4 with
their own AS number when sending BGP updates to each other.

QUESTION 54
By default, which statement is correct about OSPF summary LSAs?
A. All Type 2 and Type 7 LSAs will be summanzed into a single Type 5 LSA
B. The area-range command must be installed on all routers.
C. Type 3 LSAs are advertised for routes in Type 1 LSAs.
D. The metric associated with a summary route will be equal to the lowest metric associated with an individual contributing route

Correct Answer: C
Section:
Explanation:
OSPF uses different types of LSAs to describe different aspects of the network topology. Type 1 LSAs are also known as router LSAs, and they describe the links and interfaces of a router within an area.
Type 3 LSAs are also known as summary LSAs, and they describe routes to networks outside an area but within the same autonomous system (AS). By default, OSPF will summarize routes from Type 1 LSAs into Type 3
LSAs when advertising them across area boundaries .

QUESTION 55
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

You are running a service provider network and must transport a customer's IPv6 traffic across your IPv4-based MPLS network using BGP You have already configured mpis ipv6-tunneling on your PE routers.
Which two statements are correct about the BGP configuration in this scenario? (Choose two.)
A. You must configure family inet6 labcled-unicast between PE routers.
B. You must configure family inet6 unicaat between PE and CE routers.
C. You must configure family inet6 add-path between PE and CE routers.
D. You must configure family inet6 unicast between PE routers

Correct Answer: A, B
Section:
Explanation:
www.VCEplus.io
To transport IPv6 traffic over an IPv4-based MPLS network using BGP, you need to configure two address families: family inet6 labeled-unicast and family inet6 unicast. The former is used to exchange IPv6 routes
with MPLS labels between PE routers, and the latter is used to exchange IPv6 routes without labels between PE and CE routers. The mpis ipv6-tunneling command enables the PE routers to encapsulate the IPv6
packets with an MPLS label stack and an IPv4 header before sending them over the MPLS network.

QUESTION 56
You are a network architect for a service provider and want to offer Layer 2 services to your customers You want to use EVPN for Layer 2 services in your existing MPLS network.
Which two statements are correct in this scenario? (Choose two.)
A. Segment routing must be configured on all PE routers.
B. VXLAN must be configured on all PE routers.
C. EVPN uses Type 2 routes to advertise MAC address and IP address pairs learned using ARP snooping
D. EVPN uses Type 3 routes to join a multicast tree to flood traffic.

Correct Answer: C, D
Section:
Explanation:
EVPN is a technology that connects L2 network segments separated by an L3 network using a virtual Layer 2 network overlay over the Layer 3 network. EVPN uses BGP as its control protocol to exchange different
types of routes for different purposes. Type 2 routes are used to advertise MAC address and IP address pairs learned using ARP snooping from the local CE devices. Type 3 routes are used to join a multicast tree to
flood traffic such as broadcast, unknown unicast, and multicast (BUM) traffic.

QUESTION 57
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

 www.VCEplus.io
CE-1 and CE-2 are part of a VPLS called Customer1 No connectivity exists between CE-1 and CE-2. In the process of troubleshooting, you notice PE-1 is not learning any routes for this VPLS from PE-2, and PE-2 is not learning any routes
for this VPLS from PE-1.
A. The route target must match on PE-1 and PE-2.
B. The route distinguisher must match on PE-1 and PE-2.
C. The instance type should be changed to I2vpn.
D. The no-tunnel-services statement should be deleted on both PEs.

Correct Answer: A
Section:
Explanation:
VPLS is a technology that provides Layer 2 VPN services over an MPLS network. VPLS uses BGP as its control protocol to exchange VPN membership information between PE routers. The route target is a BGP
extended community attribute that identifies which VPN a route belongs to. The route target must match on PE routers that participate in the same VPLS instance, otherwise they will not accept or advertise routes
for that VPLS.

QUESTION 58
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

Referring to the exhibit, CE-1 is providing NAT services for the hosts at Site 1 and you must provide Internet access for those hosts
Which two statements are correct in this scenario? (Choose two.)
A. You must configure a static route in the main routing instance for the 10 1 2.0/24 prefix that uses the VPN-A.inet.0 table as the next hop
B.
C.
D.
www.VCEplus.io
You must configure a static route in the main routing instance for the 203.0.113.1/32 prefix that uses the VPN-A.inet.0 table as the next hop.
You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPNA. inet.0 table.
You must configure a RIB group on PE-1 to leak the 10 1 2.0/24 prefix from the VPN-A.inet.0 table to the inet.0 table.

Correct Answer: A, B
Section:
Explanation:
To provide Internet access for the hosts at Site 1, you need to configure static routes in the main routing instance on PE-1 that point to the VPN-A.inet.0 table as the next hop. This allows PE-1 to forward traffic from
the Internet to CE-1 using MPLS labels and vice versa. You need to configure two static routes: one for the 10.1.2.0/24 prefix that represents the private network of Site 1, and one for the 203.0.113.1/32 prefix that
represents the public IP address of CE-1.

QUESTION 59
Which three mechanisms are used by Junos platforms to evaluate incoming traffic for CoS purposes?
(Choose three )
A. rewrite rules
B. behavior aggregate classifiers
C. traffic shapers
D. fixed classifiers
E. multifield classifiers

Correct Answer: B, D, E
Section:
Explanation:
Junos platforms use different mechanisms to evaluate incoming traffic for CoS purposes, such as:
Behavior aggregate classifiers: These classifiers use a single field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined or user-defined values.
Fixed classifiers: These classifiers use a fixed field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined values.

IT Certification Exams - Questions & Answers | VCEplus.io

Multifield classifiers: These classifiers use multiple fields in a packet header to classify traffic into different forwarding classes and loss priorities based on user-defined values and filters.
Rewrite rules and traffic shapers are not used to evaluate incoming traffic for CoS purposes, but rather to modify or shape outgoing traffic based on CoS policies.

QUESTION 60
You want to ensure that L1 IS-IS routers have only the most specific routes available from L2 IS-IS routers. Which action accomplishes this task?
A. Configure the ignore-attached-bit parameter on all L2 routers.
B. Configure all routers to allow wide metrics.
C. Configure all routers to be L1.
D. Configure the ignore-attached-bit parameter on all L1 routers

Correct Answer: D
Section:
Explanation:
The attached bit is a flag in an IS-IS LSP that indicates whether a router is connected to another area or level (L2) of the network. By default, L2 routers set this bit when they advertise their LSPs to L1 routers, and L1
routers use this bit to select a default route to reach other areas or levels through L2 routers. However, this may result in suboptimal routing if there are multiple L2 routers with different paths to other areas or
levels. To ensure that L1 routers have only the most specific routes available from L2 routers, you can configure the ignore-attached-bit parameter on all L1 routers. This makes L1 routers ignore the attached bit and
install all interarea routes learned from L2 routers in their routing tables.

QUESTION 61
Your organization manages a Layer 3 VPN for multiple customers To support advanced route than one BGP community on advertised VPN routes to remote PE routers.
Which routing-instance configuration parameter would support this requirement?
A. vrf-export
B. vrf-import
C. vrf-target export
D. vrf-target import

Correct Answer: C
Section:
www.VCEplus.io
Explanation:
The vrf-target export parameter is used to specify one or more BGP extended community attributes that are attached to VPN routes when they are exported from a VRF routing instance to remote PE routers. This
parameter allows you to control which VPN routes are accepted by remote PE routers based on their import policies. You can specify more than one vrf-target export value for a VRF routing instance to support
advanced route filtering or route leaking scenarios.

QUESTION 62
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

 www.VCEplus.io
A network designer would like to create a summary route as shown in the exhibit, but the configuration is not working.
Which three configuration changes will create a summary route? (Choose three.)
A. set policy-options policy-statement leak-v6 term DC-routes then reject
B. delete policy-options policy-statement leak-v6 term DC-routes from route-filter 2001: db9 :a: fa00 : :/6l longer
C. set policy—options policy-statement leak-v€ term DC—routes from route-filter 2001:db9:a:faOO::/61 exact
D. delete protocols isis export summary-v6
E. set protocols isis import summary-v6

Correct Answer: B, C, D
Section:
Explanation:
To create a summary route for IS-IS, you need to configure a policy statement that matches the prefixes to be summarized and sets the next-hop to discard. You also need to configure a summaryaddress statement
under the IS-IS protocol hierarchy that references the policy statement. In this case, the policy statement leak-v6 is trying to match the prefix 2001:db9:a:fa00::/61 exactly, but this prefix is not advertised by any
router in the network. Therefore, no summary route is created. To fix this, you need to delete the longer keyword from the route-filter term and change the prefix length to /61 exact. This will match any prefix that
falls within the /61 range. You also need to delete the export statement under protocols isis, because this will export all routes that match the policy statement to other IS-IS routers, which is not desired for a
summary route.

QUESTION 63
Exhibit

IT Certification Exams - Questions & Answers | VCEplus.io

www.VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

Referring to the exhibit, which two statements are true? (Choose two.)
A. This route is learned through EBGP
B. This is an EVPN Type-2 route.
C. The device advertising this route into EVPN is 192.168.101.5.
D. The devices advertising this route into EVPN are 10 0 2 12 and 10.0.2.22.

Correct Answer: B, C
Section:
Explanation:
This is an EVPN Type-2 route, also called a MAC/IP advertisement route, that is used to advertise host IP and MAC address information to other VTEPs in an EVPN network. The route type field in the EVPN NLRI has a
value of 2, indicating a Type-2 route. The device advertising this route into EVPN is 192.168.101.5, which is the IP address of the VTEP that learned the host information from the local CE device. This IP address is
carried in the MPLS label field of the route as part of the VXLAN encapsulation.

QUESTION 64
Exhibit

www.VCEplus.io
You want Site 1 to access three VLANs that are located in Site 2 and Site 3 The customer-facing interface on the PE-1 router is configured for Ethernet-VLAN encapsulation.
What is the minimum number of L2VPN routing instances to be configured to accomplish this task?
A. 1
B. 3
C. 2
D. 6

Correct Answer: B
Section:
Explanation:
To allow Site 1 to access three VLANs that are located in Site 2 and Site 3, you need to configure three L2VPN routing instances on PE-1, one for each VLAN. Each L2VPN routing instance will have a different VLAN ID
and a different VNI for VXLAN encapsulation. Each L2VPN routing instance will also have a different vrf-target export value to identify which VPN routes belong to which VLAN. This way, PE-1 can forward traffic from
Site 1 to Site 2 and Site 3 based on the VLAN tags and VNIs.

QUESTION 65
What is the correct order of packet flow through configurable components in the Junos OS CoS features?
A. Multifield Classifier -> Behavior Aggregate Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Rewrite Marker -> Scheduler/Shaper/RED
B. Behavior Aggregate Classifier -> Multifield Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Scheduler/Shaper/RED -> Rewrite Marker

IT Certification Exams - Questions & Answers | VCEplus.io

C. Behavior Aggregate Classifier -> Input Policer -> Multifield Classifier -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Scheduler/Shaper/RED -> Rewrite Marker
D. Behavior Aggregate Classifier -> Multifield Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Scheduler/Shaper/RED -> Output Policer -> Rewrite Marker

Correct Answer: C
Section:
Explanation:
The correct order of packet flow through configurable components in the Junos OS CoS features is as follows:
Behavior Aggregate Classifier: This component uses a single field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined or user-defined values.
Input Policer: This component applies rate-limiting and marking actions to incoming traffic based on the forwarding class and loss priority assigned by the classifier.
Multifield Classifier: This component uses multiple fields in a packet header to classify traffic into different forwarding classes and loss priorities based on user-defined values and filters.
Forwarding Policy Options: This component applies actions such as load balancing, filtering, or routing to traffic based on the forwarding class and loss priority assigned by the classifier.
Fabric Scheduler: This component schedules traffic across the switch fabric based on the forwarding class and loss priority assigned by the classifier.
Output Policer: This component applies rate-limiting and marking actions to outgoing traffic based on the forwarding class and loss priority assigned by the classifier.
Scheduler/Shaper/RED: This component schedules, shapes, and drops traffic at the egress interface based on the forwarding class and loss priority assigned by the classifier.
Rewrite Marker: This component rewrites the code-point bits of packets leaving an interface based on the forwarding class and loss priority assigned by the classifier.

www.VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io