[Free] 2017(Nov) Latesttests Testinsides Juniper JN0-643 Dumps with VCE and PDF 101-110

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Security, Professional (JNCIP-SEC)

Question No: 101

Which statement is true regarding dual-stack lite?

  1. The softwire is an IPv4 tunnel over an IPv6 network.

  2. The softwire initiator (SI) encapsulates IPv6 packets in IPv4.

  3. The softwire concentrator (SC) decapsulates softwire packets.

  4. SRX devices support the softwire concentrator and softwire initiator functionality.

Answer: C

Reference: http://www.juniper.net/techpubs/en_US/junos/topics/concept/ipv6-ds-lite- overview.html

Question No: 102

Click the Exhibit button.

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

In the exhibit, the SRX device has hosts connected to interface ge-0/0/1 and ge-0/0/6. The devices are not able to ping each other. What is causing this behavior?

  1. The interfaces must be in trunk mode.

  2. The interfaces need to be configured for Ethernet switching.

  3. The default security policy does not apply to transparent mode.

  4. A bridge domain has not been defined.

Answer: D

Question No: 103

You are asked to apply individual upload and download bandwidth limits to YouTube traffic. Where in the configuration would you create the necessary bandwidth limits?

  1. under the [edit security application-firewall] hierarchy

  2. under the [edit security policies] hierarchy

  3. under the [edit class-of-service] hierarchy

  4. under the [edit firewall policer lt;policer-namegt;] hierarchy

Answer: D Explanation:

Reference : http://forums.juniper.net/t5/SRX-Services-Gateway/Need-help-with-bandwidth- uploading-downloading-polcier/td-p/146666

Question No: 104

As an SRX administrator, you must find all encrypted sessions on an SRX Series device. Which command would you use to accomplish this task?

  1. show security flow session tunnel

  2. show security ike tunnel-map

  3. show security ike security-associations

  4. show security flow session encrypted

Answer: D

Question No: 105

Which configurable SRX Series device feature allows you to capture transit traffic?

  1. syslog

  2. traceoptions

  3. packet-capture

  4. archival

Answer: B

Question No: 106

You are asked to implement a point-to-multipoint hub-and-spoke topology in a mixed vendor environment. The hub device is running the Junos OS and the spoke devices are different vendor devices. Regarding this scenario, which statement is correct?

  1. The NHTB table must be statically defined.

  2. The NHTB table is automatically created during Phase 2.

  3. The NHTB table is automatically created during Phase 1.

  4. The NHTB table must be imported from each spoke.

Answer: A Explanation:

Reference http://www.juniper.net/techpubs/en_US/junos/topics/example/vpn-hub-spoke- nhtb-example-configuring.html

Question No: 107

You must configure a central SRX device connected to two branch offices with overlapping IP address space. The branch office connections to the central SRX device must reside in separate routing instances. Which two components are required? (Choose two.)

  1. virtual routing instance

  2. forwarding instance

  3. static NAT

  4. persistent NAT

Answer: A,C Explanation:

Reference : http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB21286

Question No: 108

What are two AppSecure modules? (Choose two.)

  1. AppDoS

  2. AppFlow

  3. AppTrack

  4. AppNAT

Answer: A,C Explanation:

Reference : Page No 2 Figure 1 http://www.juniper.net/us/en/local/pdf/datasheets/1000327-en.pdf

Question No: 109

Click the Exhibit button.

[edit security application-firewall] user@host# show

rule-sets web { rule one { match {

dynamic-application junos:HTTP;

}

then { permit;

}

}

default-rule { reject;

}

}

What will happen to non-HTTP traffic that matches the application-firewall policy shown in the exhibit?

  1. It will be denied because this is a blacklist policy.

  2. It will be dropped and an error will be sent to the source.

  3. It will be silently dropped.

  4. It will be allowed because this is a whitelist policy.

Answer: C

Question No: 110

Click the Exhibit button.

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:lt;1.1.1.100/51303-gt;1.1.1.30/3389;6gt;

matched filter MatchTraffic:

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:packet [48] ipid = 5015, @423d7e9e Feb 2

09:00:02 09:00:00.1872004:CID-0:RT:– flow_process_pkt: (thd 1): flow_ctxt type 13, common flag Ox0, mbuf Ox423d7d00

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: flow process pak fast ifl 72 In_ifp fe-0/0/7.0

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: fe-0/0/7.0:1.1.1.100/51303- gt;1.1.1.30/3389,

top, flag 2 syn

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: find flow: table Ox5258d7b0, hash 17008(Oxffff), sa 1.1.1.100, da 1.1.1.30, sp 51303, dp 3389, proto 6, tok

448

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: no session found, start first path. in_tunnel – 0, from_cp_flag – 0

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: flow_first_create_session

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: flow first_in_dst_nat: in lt;fe-0/0/7.0gt;, out

lt;N/Agt; dst_adr 1.1.1.30, sp 51303, dp 3389

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: chose interface fe-0/0/7.0 as incoming nat if. Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:flow_first_rule_dst_xlate: packet 1.1.1.100-

gt;1.1.1.30 nsp2 0.0.0.0-gt;192.168.224.30.

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:flow_first_routing: call flow_route_lookup() src_ip 1.1.1.100, x_dst_ip 192.168.224.30, in ifp fe-0/0/7.0, out ifp N/A sp 51303, dp 3389, ip_proto 6, tos 0

Feb 2 09:00:02 09:00:00.1872004:CID-O:RT:Doing DESTINATION addr route-lookup Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: routed (x_dst_ip 192 168.224.30)

from untrust (fe-0/0/7.0 in 0) to ge-0/0/0.0, Next-hop: 192.168.224.30

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: policy search from zone untrust-gt; zone trust Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: policy has timeout 900

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: app 0, timeout 1800s, curr ageout 20s

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:flow_first_src_xlate: src nat 0.0.0.0(51303) to

192.168.224.30(3389) returns status 1, rule/pool id 1/2. Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: dip id = 2/0, 1.1.1.100/51303-gt;192.168.224.3/48810

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: choose interface ge-0/0/0.0 as outgoing phy if

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/0.0, addr: 192.168.224.30, rtt_idx:0

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:sm_flow_interest_check: app_id 0, policy 9, app_svc_en 0, flags Ox2. not interested

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:sm_flow_interest_check: app_id 1, policy 9, app_svc_en 0, flags Ox2. not interested

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT:flow_first_service_lookup():

natp(Ox51ee4680): app_id, 0(0).

Feb 2 09:00:02 09:00:00.1872004:CID-0:RT: service lookup identified service O. Referring to the exhibit, which two statements are correct? (Choose two.)

  1. The packet being inspected is a UDP packet.

  2. The incoming interface is fe-0/0/7.

  3. This traffic matches an existing flow.

  4. Source NAT is being used.

Answer: B,C

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testinsides Juniper JN0-643 Dumps with VCE and PDF 91-100

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Security, Professional (JNCIP-SEC)

Question No: 91

What are the three types of attack objects used in an IPS engine? (Choose three.)

  1. signature

  2. chargen

  3. compound

  4. component

  5. anomaly

Answer: A,C,E

Reference: http://www.juniper.net/techpubs/en_US/idp5.0/topics/concept/intrusion- detection-prevention-idp-rulebase-attack-object-using.html

Question No: 92

Click the Exhibit button.

[edit] user@host# run show log debug

Feb3 22:04:31 22:04:31.824294:CID-0:RT:flow_first_policy_search: policy search from zone host-gt; zone attacker (Ox0,0xe4089404,0x17)

Feb3 22:04:31 22:04:31.824297:CID-0:RT:Policy lkup: vsys 0 zone(9:host) -gt; zone(10:attacker) scope: 0

Feb3 22:04:31 22:04:31.824770:CID-0:RT:5.0.0.25/59028 -gt; 25.0.0.25/23 proto 6

Feb3 22:04:31 22:04:31.824778:CID-0:RT:Policy lkup: vsys 0 zone(5:Umkmowm) -gt; zone(5:Umkmowm) scope: 0

Feb3 22:04:31 22:04:31.824780:CID-0:RT:5.0.0.25/59028 -gt; 25.0.0.25/23 proto 6

Feb3 22:04:31 22:04:31.824783:CID-0:RT: app 10, timeout 1800s, curr ageout 20s Feb3 22:04:31 22:04:31.824785:CID-0:RT: permitted by policy default-policy-00(2)

Feb3 22:04:31 22:04:31.824787:CID-0:RT: packet passed, Permitted by policy.

Feb3 22:04:31 22:04:31.824790:CID-0:RT:flow_first_src_xlate: nat_src_xlated: False, nat_src_xlate_failed; False

Feb3 22:04:31 22:04:31.824834:CID-0:RT:flow_first_src_xlate: incoming src port is: 38118 Which two statements are true regarding the output shown in the exhibit? (Choose two.)

  1. The packet does not match any user-configured security policies.

  2. The user has configured a security policy to allow the packet.

  3. The log is showing the first path packet flow.

  4. The log shows the reverse flow of the session.

Answer: C

Question No: 93

A local user complains that they cannot connect to an FTP server on the DMZ network. You investigate and confirm that the security policy allows FTP traffic from the trust zone to the DMZ zone.

What are two reasons for this problem? (Choose two.)

  1. The FTP server has no route back to the local network.

  2. No route is configured to the DMZ network.

  3. No security policy exists for traffic from the DMZ zone to the trust zone.

  4. The FTP ALG is disabled.

Answer: A,D

Question No: 94

Click the Exhibit button.

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

In the network shown in the exhibit, you want to forward traffic from the employees to ISP1 and ISP2. You want to forward all Web traffic to ISP1 and all other traffic to ISP2. However, your configuration is not producing the expected results. Part of the configuration is shown in the exhibit. When you run the show route table isp1 command, you do not see the default route listed.

What is causing this behavior?

  1. The autonomous system number is incorrect, which is preventing the device from receiving a default route from ISP1.

  2. The device is not able to resolve the next-hop.

  3. The isp1 routing instance is configured with an incorrect instance-type.

  4. The show route table isp1 command does not display the default route unless you add the exact 0.0.0.0/0 option.

Answer: B

Reference: http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB17223

Question No: 95

You want to query User Group membership directly using the integrated user firewall services from an Active Directory controller to an SRX Series device.

Which two actions are required? (Choose two.)

  1. Configure the LDAP base distinguished name.

  2. Connect the SRX Series device and the MAG Series device in an enforcer configuration.

  3. Configure a domain name, the username and password of the domain, and the name and IP address of the domain controller in the domain.

  4. Configure the Access Control Service on the MAG Series device for local user authentication and verify that authentication information is transferred between the devices.

Answer: A,C

Question No: 96

Click the Exhibit button.

user@host# run show security flow session

Session ID: 28, Policy name: allow/5, Timeout: 2, Valid

In: 172.168.1.2/24800 -gt; 66.168.100.100/8001; tcp, If: ge-0/0/3.0, Pkts: 1, Bytes: 64 Out: 10.168.100.1/8001 -gt; 172.168.1.2/24800; tcp, If: ge-0/0/6.0, Pkts: 1, Bytes: 40

Your customer is unable to reach your HTTP server that is connected to the ge-0/0/6 interface. The HTTP server has an address of 10.168.100.1 on port 80 internally, but is accessed publicly using interface ge-0/0/3 with the address 66.168.100.100 on port 8001.

Referring to the exhibit, what is causing this problem?

  1. The traffic is originated with incorrect IP address from the customer.

  2. The traffic is translated with the incorrect IP address for the HTTP server.

  3. The traffic is translated with the incorrect port number for the HTTP server.

  4. The traffic is originated with the incorrect port number from the customer.

Answer: C

Question No: 97

Click the Exhibit button.

[edit]

useu@host# run show log debug

Feb3 22:04:32 22:04:31.983991:CID-0:RT:ge-0/0/1.0:5.0.0.25/59028-

gt;25.0.0.25/23, tcp, flag 18

Feb3 22:04:32 22:04:31.983997:CID-0:RT: find flow: table 0x582738c0, hash 53561(0xffff), sa 5.0.0.25, da 5.0.0.25, sp 59028, dp 23, proto 6, tok 20489

Feb3 22:04:32 22:04:31.984004:CID-0:RT:Found: session id 0x14f98. sess tok 20489

Feb3 22:04:32 22:04:31.984005:CID-0:RT: flow got session. Feb3 22:04:32 22:04:31.984006:CID-0:RT: flow session id 85912

Feb3 22:04:32 22:04:31.984009:CID-0:RT: vector bits 0x2 vector 0x53a949e8 Feb3 22:04:32 22:04:31.984012:CID-0:RT: tcp sec check.

Feb3 22:04:32 22:04:31.984015:CID-0:RT:mbuf 0x4a82cd80, exit nh 0xa0010

Which two statements are true regarding the output shown in the exhibit? (Choose two.)

  1. The outgoing interface is ge-0/0/1.0.

  2. The packet is subject to fast-path packet processing.

  3. The packet is part of the first-packet path processing.

  4. TCP sequence checking is enabled.

Answer: C,D

Question No: 98

Which AppSecure module provides Quality of Service?

  1. AppTrack

  2. AppFW

  3. AppID

  4. AppQoS

Answer: D

Question No: 99

Click the Exhibit button.

[edit]

user@host# show interfaces ge-0/0/1 {

unit 0 {

family bridge { interface-mode access; vlan-id 20;

}

}

}

ge-0/0/10 { unit 0 {

family bridge { interface-mode access; vlan-id 20;

}

}

}

[edit]

user@host# show bridge-domains d1 {

domain-type bridge; vlan-id 20;

}

[edit]

user@host# show security flow bridge

[edit]

user@host# show security zones security-zone 12 {

host-inbound-traffic { system-services { any-service;

}

}

interfaces { ge-0/0/1.0; ge-0/0/10.0;

}

}

Referring to the exhibit, which statement is true?

  1. Packets sent tom the SRX Series device are sent to the RE.

  2. Packets sent to the SRX Series device are discarded.

  3. Only frames that have a VLAN ID of 20 are accepted.

  4. Only frames that do not have any VLAN tags are accepted.

Answer: C

Question No: 100

Which two configuration components are required for enabling transparent mode on an SRX device? (Choose two.)

  1. IRB

  2. bridge domain

  3. interface family bridge

  4. interface family ethernet-switching

Answer: B,C

Reference: http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB21421

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testinsides Juniper JN0-643 Dumps with VCE and PDF 51-60

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Security, Professional (JNCIP-SEC)

Question No: 51

What is a secure key management protocol used by IPsec?

  1. AH

  2. ESP

  3. TCP

  4. IKE

Answer: D

Question No: 52

Click the Exhibit button.

Traffic is being sent from Host-1 to Host-2 through an IPsec VPN. In this process, SRX-2 is using NAT to change the destination address of Host-2 from 192.168.1.1 to 10.60.60.1 SRX-1 uses the 172.31.50.1 address for its tunnel endpoint and SRX-2 uses the

10.10.50.1 address for its tunnel endpoint. Referring to the exhibit, which statement is true?

  1. The security policy on SRX-2 must permit traffic from the 172.31.50.1 destination address.

  2. The security policy on SRX-2 must permit traffic from the 10.10.50.1destination address.

  3. The security policy on SRX-2 must permit traffic from the 10.60.60.1 destination address.

  4. The security policy on SRX-2 must permit traffic from the 192.168.1.1destination address.

Answer: C

Question No: 53

Click the Exhibit button.

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Referring to the exhibit, the session close log was generated by the application firewall rule set HTTP.

Why did the session close?

  1. The application identification engine was unable to determine which application was in use, which caused the SRX device to close the session.

  2. The host with the IP address of 192.168.1.123 received a TCP segment with the FIN flag set from the host with the IP address of 65.197.244.218.

  3. The SRX device was unable to determine the user and role in the allotted time, which caused the session to close.

  4. The host with the IP address of 192.168.1.123 sent a TCP segment with the FIN flag set to the host with the IP address of 65.197.244.218.

Answer: D

Reference: http://netscreen.com/techpubs/software/junos/junos92/syslog- messages/download/rt.pdf

Question No: 54

Click the Exhibit button.

user@hostgt; show log message

Feb4 00:04:17 host rpd[4516]: EVENT lt;UpDowmgt; st0.0 index 76 lt;Up Broadcast Multicastgt;

Feb4 00:04:17 host-kmd[1391]: KMD_PM_SA ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: inbound, SPI: 0x8d5816fd, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host rpd[4516]: EVENT UpDown st0.0 index 76 10.10.10.1/24 –

gt; (null) lt;Up Broadcast Multicastgt;

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.3, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: outbound, SPI: 0x77f07d5c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-1 from 192.168.10.3 is up. Local-ip: 192.168.10.1, gateway name: spoke-1, vpn name:

to-spoke-1, tunnel-id: 131073, local tunnel-if: st0.0, remote tunnel-ip:

10.10.10.3, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.3, XAUTH

username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID:ipv4_subnet,(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:11,[0..7]=0.0.0.0/0)

Feb4 00:04:17 host mib2d[1385]: SNMP_TRAP_LINK_UP: ifIndex 539, ifAdminSiLatus up(1), ifOperStatus up(1), ifName st0.0

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLTSHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4 subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: inbound, SPI: 0x2790a42c, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host kmd[1391]: KMD_PM_SA_ESTABLISHED: Local gateway: 192.168.10.1, Remote gateway: 192.168.10.5, Local ID: ipv4_subnet(any:0, [0..7]=0.0.0.0/0), Remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0),

Direction: outbound, SPI: 0x2df17ea8, AUX-SPI: 0, Mode: Tunnel, Type: dynamic, Traffic-selector:

Feb4 00:04:17 host kmd[1391]: KMD_VPN_UP_ALARM_USER: VPN to-spoke-3 from 192.168.10.5 is up. Local-ip: 192.168.10.1, gateway name: spoke-3, vpn name:

to-spoke-3, tunnel-id: 131076, local tunnel-if: st0.0, remote tunnel-ip:

Not-Available, Local IKE-ID: 192.168.10.1, Remote IKE-ID: 192.168.10.5,

XAUTH username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic- selector local TD: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0._7]=0.0.0.0/0)

Feb4 00:04:17 host kmd[1391]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: to-spoke-2 Gateway: spoke-2, Local: 192.168.10.1/500, Remote: 192.168.10.4/500, Local IKE-ID: Not-Available,

Remote Not-Available, VR-ID: 0

Referring to the exhibit, which statement is correct?

  1. The phase 1 security association for the to-spoke-3 VPN is failing.

  2. The phase 2 security association for the to-spoke-1 VPN is failing.

  3. The phase 2 security association for the to-spoke-3 VPN is failing.

  4. The phase 1 security association for the to-spoke-2 VPN is failing.

Answer: B

Question No: 55

Click the Exhibit button.

– Exhibit –

user@srx# show security datapath-debug capture-file pkt-cap-file format pcap size 5m; action-profile {

pkt-cap-profile { event np-ingress { packet-dump;

}

}

}

packet-filter pkt-filter { action-profile pkt-capture; source-prefix 1.2.3.4/32;

}

– Exhibit –

You want to capture transit traffic passing through your SRX3600. You add the configuration shown in the exhibit but do not see entries added to the capture file.

What is causing the problem?

  1. You are missing the configuration set security datapath-debug maximum-capture-size 1500.

  2. You are missing the configuration set security datapath-debug packet-filter pkt-filter destination-prefix 5.6.7.8/32.

  3. You must start the capture from operational mode with the command request security datapath-debug capture start.

  4. You must start the capture from operational mode with the command monitor start capture.

Answer: C

Question No: 56

Which two statements are true regarding DNS doctoring? (Choose two.)

  1. DNS doctoring translates the DNS CNAME payload.

  2. DNS doctoring for IPv4 is supported on SRX devices.

  3. DNS doctoring for IPv4 and IPv6 is supported on SRX devices.

  4. DNS doctoring translates the DNS A-record.

Answer: B,D Explanation:

Reference : http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic- collections/security/software-all/security/index.html?topic-61847.html

Question No: 57

You are asked to deploy dynamic VPNs between the corporate office and remote employees that work from home. The gateway device at the corporate office is a chassis cluster formed from two SRX240s. Which two statements about this deployment are true? (Choose two.)

  1. You must remove the SRX240s from the chassis cluster before enabling the dynamic

    VPNs.

  2. The remote clients can run Windows XP, Windows Vista, Windows 7, or OS X operating systems.

  3. If more than two dynamic VPN tunnels are required, you must purchase and install a new license.

  4. The remote users can be authenticated by the SRX240s or a configured RADIUS server.

Answer: C,D Explanation:

Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500201-en.pdf

Question No: 58

Click the Exhibit button.

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Referring to the exhibit, which feature allows the hosts in the Trust and DMZ zones to route

to either ISP, based on source address?

  1. source NAT

  2. static NAT

  3. filter-based forwarding

  4. source-based routing

Answer: C

Reference: http://www.juniper.net/techpubs/en_US/junos12.2/topics/example/logical- systems-filter-based-forwarding.html

Question No: 59

Click the Exhibit button.

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Host A cannot resolve the www.target.host.com Web page when using its configured DNS server. As shown in the exhibit, Host A#39;s configured DNS server and the Web server hosting the www.target.host.com Web page are in the same subnet. You have verified bidirectional reachability between Host A and the Web server hosting the Web page.

What would cause this behavior on the SRX device in Company B#39;s network?

  1. DNS replication is enabled.

  2. DNS doctoring is enabled.

  3. DNS replication is disabled.

  4. DNS doctoring is disabled.

Answer: D

Reference: http://www.trapezenetworks.com/techpubs/en_US/junos12.2/topics/concept/dns-alg-nat- doctoring-overview.html

Question No: 60

In which situation is NAT proxy NDP required?

  1. when translated addresses belong to the same subnet as the ingress interface

  2. when filter-based forwarding and static NAT are used on the same interface

  3. when working with static NAT scenarios

  4. when the security device operates in transparent mode

Answer: C Explanation:

When IP addresses are in the same subnet of the ingress interface, NAT proxy ARP configured

Reference : http://www.juniper.net/techpubs/en_US/junos12.1×44/information- products/pathway-pages/security/security-nat.pdf

Reference : http://www.juniper.net/techpubs/en_US/junos-space12.2/topics/concept/junos- space-security-designer-whiteboard-nat-overview.html

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testinsides Juniper JN0-643 Dumps with VCE and PDF 41-50

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Security, Professional (JNCIP-SEC)

Question No: 41

You are using destination NAT to translate the address of your HTTPS server to a private address on your SRX Series device. You have decided to implement IDP SSL decryption. Upon enabling the decryption, you notice sessions are not decrypted.

Which action resolves the problem?

  1. Replace the server SSL certificate to use the public address.

  2. Reboot the SRX Series device.

  3. Increase the SSL session-id-cache-timeout value to any value greater than 5000 seconds.

  4. Enable the IDP sensor-configuration detector to detect address translation.

Answer: D

Question No: 42

You are asked to secure your company’s Web presence. This includes using an SRX Series device to inspect SSL traffic going to the Web servers in your DMZ.

Which two actions are required to accomplish this task? (Choose two.)

  1. Load your Web server’s private key in the IDP configuration.

  2. Load your Web server’s public key in the IDP configuration.

  3. Generate a root certificate on the SRX Series device for your Web servers.

  4. Specify the number of sessions in the SSL sensor configuration.

Answer: A,D

Question No: 43

You have recently deployed a dynamic VPN. The remote users are complaining that communications with devices on the same subnet as the SRX device are intermittent and often fail. The tunnel is stable and up, and communications with remote devices on

different subnets work without any issues. Which configuration setting would resolve this issue?

  1. adding local-redirect at the [edit security nat] hierarchy

  2. adding local-redirect at the [edit interfaces lt;interface-namegt;] hierarchy

  3. adding proxy-arp at the [edit security nat] hierarchy

  4. adding proxy-arp at the [edit interfaces lt;interface-namegt;] hierarchy

Answer: C Explanation:

Reference : http://www.juniper.net/us/en/local/pdf/app-notes/3500151-en.pdf

Question No: 44

Click the Exhibit button.

– Exhibit – [edit security]

user@srx# show idp

application-ddos Webserver { service http;

connection-rate-threshold 1000; context http-get-url {

hit-rate-threshold 60000;

value-hit-rate-threshold 30000;

time-binding-count 10;

time-binding-period 25;

}

}

– Exhibit –

You are using AppDoS to protect your network against a bot attack, but noticed an approved application has falsely triggered the configured IDP action of drop. You adjusted your AppDoS configuration as shown in the exhibit. However, the approved traffic is still dropped.

What are two reasons for this behavior? (Choose two.)

  1. The approved traffic results in 50,000 HTTP GET requests per minute.

  2. The approved traffic results in 25 HTTP GET requests within 10 seconds from a single host.

  3. The active IDP policy has not been defined in the security configuration.

  4. The IDP action is still in effect due to the timeout configuration.

Answer: A,D

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.0/junos-security-swconfig-security/appddos-protection-overview.html

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security- swconfig-security/appddos-proctecting-against.html#appddos-proctecting-against

Question No: 45

You must ensure that your Layer 2 traffic is secured on your SRX Series device in transparent mode.

What must be considered when accomplishing this task?

  1. Layer 2 interfaces must use the ethernet-switching protocol family.

  2. Security policies are not supported when operating in transparent mode.

  3. Screens are not supported in your security zones with transparent mode.

  4. You must reboot your device after configuring transparent mode.

Answer: D

Question No: 46

Given the following session output:

Session ID. , Policy namE. default-policy-00/2, StatE. Active, Timeout: 1794, Valid

In: 2001:660:1000:8c00::b/1053 -gt; 2001:660:1000:9002::aafe/80;tcp, IF. reth0.0, Pkts: 4,

Bytes: 574

Out: 192.168.203.10/80 -gt; 192.168.203.1/24770;tcp, IF. reth1.0, Pkts: 3, Bytes:

Which statement is correct about the security flow session output?

  1. This session is about to expire.

  2. NAT64 is used.

  3. Proxy NDP is used for this session.

  4. The IPv4 Web server runs services on TCP port 24770.

Answer: B Explanation:

Reference : http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB22391

Question No: 47

Click the Exhibit button.

Traffic is flowing between the Host-1 and Host-2 devices through a hub-and-spoke IPsec VPN. All devices are SRX Series devices.

Referring to the exhibit, which two statements are correct? (Choose two.)

  1. Traffic is encrypted on the Hub device.

  2. Traffic is encrypted on the Spoke-2 device.

  3. Traffic is not encrypted on the Spoke-2 device.

  4. Traffic is not encrypted on the Hub device.

Answer: D

Question No: 48

Click the Exhibit button.

user@hostgt; show security ike security-associations

Index State Initiator cookie Responder cookie ModeRemote Address 3271043 UP 7f42284089404673 95fd8408940438d8 Main 172.31.50.2

user@hostgt; show security ipsec security-associations Total active tunnels: 0

user@hostgt; show log phase2

Feb 2 14:21:18 host kmd[1088]: IKE negotiation failed with error: TS unacceptable. IKE Version: 1, VPN: vpn-1 Gateway: gate-1, Local: 172.31.50.1/500, Remote: 172.31.50.2/500, Local IKE-ID: 172.31.50.1, Remote IKE-ID: 172.31.50.2, VR-ID: 0

Feb 2 14:21:18 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1, Peer Proposed traffic-selector local-ip: ipv4(2.2.2.2), Peer Proposed traffic-selector remote-ip: ipv4 (1.1.1.1)

Feb 2 14:21:54 host kmd[1088]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: vpn-1 Gateway: gate-1, Local:

172.31.50.1/500, Remote: 172.31.50.2/500, Local IKE-ID: 172.31.50.1, Remote IKE-ID:

172.31.50.2, VR-ID: 0

Feb 2 14:22:19 host kmd[1088]: KMD_VPN_TS_MISMATCH: Traffic-selector mismatch, vpn name: vpn-1, Peer Proposed traffic-selector local-ip:

ipv4 (2.2.

2.2), Peer Proposed traffic-selector remote-ip: ipv4(1.1.1.1)

You have recently configured an IPsec VPN between an SRX Series device and another non-Junos security device. The phase one tunnel is up but the phase two tunnel is not present.

Referring to the exhibit, what is the cause of this problem?

  1. preshared key mismatch

  2. mode mismatch

  3. proposal mismatch

  4. proxy-ID mismatch

Answer: D

Question No: 49

What are three advantages of group VPNs? (Choose three.)

  1. Supports any-to-any member connectivity.

  2. Provides redundancy with cooperative key servers.

  3. Eliminates the need for full mesh VPNs.

  4. Supports translating private to public IP addresses.

  5. Preserves original IP source and destination addresses.

Answer: A,C,E Explanation:

Reference : http://www.thomas- krenn.com/redx/tools/mb_download.php/mid.x6d7672335147784949386f3d/Manual_Confi guring_Group_VPN_Juniper_SRX.pdf

Question No: 50

Click the Exhibit button.

Latesttests 2017 PDF and VCE

– Exhibit –

Feb 8 10:39:40 Unable to find phase-1 policy as remote peer:2.2.2.2 is not recognized.

Feb 8 10:39:40 KMD_PM_P1_POLICY_LOOKUP_FAILURE. Policy lookup for Phase-1 [responder] failed for p1_local=ipv4(any:0,[0..3]=1.1.1.2) p1_remote=ipv4(any:0,[0..3]=2.2.2.2)

Feb 8 10:39:40 1.1.1.2:500 (Responder) lt;-gt; 2.2.2.2:500 { dbe1d0af – a4d6d829 f9ed3bba [-1] / 0x00000000 } IP; Error = No proposal chosen (14)

– Exhibit –

According to the log shown in the exhibit, you notice that the IPsec session is not establishing.

What are two reasons for this behavior? (Choose two.)

  1. mismatched preshared key

  2. mismatched proxy ID

  3. incorrect peer address

  4. mismatched peer ID

Answer: C,D Explanation:

If the peer was not matched with the peer ID, the line quot;Unable to find phase-1 policy as remote peer:192.168.1.60 is not recognized.quot; should be shown

Reference : http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB10097amp;pmv=print

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testinsides Juniper JN0-643 Dumps with VCE and PDF 1-10

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Security, Professional (JNCIP-SEC)

Question No: 1

Click the Exhibit button.

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Referring to the topology shown in the exhibit, which two configuration tasks will allow Host A to telnet to the public IP address associated with Server B? (Choose two.)

  1. Configure transparent mode to bypass the NAT processing of Server B#39;s public IP address.

  2. Configure a stateless filter redirecting local traffic destined to Server B#39;s public IP address.

  3. Configure a destination NAT rule that matches local traffic destined to Server B#39;s public IP address.

  4. Configure a source NAT rule that matches local traffic destined to Server B#39;s public IP address.

Answer: C,D Explanation:

In this scenario we have a host be accessible on the Internet by one address, but have it be translated to another address when it initiates connections out to the Internet.So we need to combine Source and destination NAT.

Reference: http://chimera.labs.oreilly.com/books/1234000001633/ch09.html#destination_nat

Question No: 2

Your SRX device is performing NAT to provide an internal resource with a public address. Your DNS server is on the same network segment as the server. You want your internal hosts to be able to reach the internal resource using the DNS name of the resource.

How do you accomplish this goal?

  1. Implement proxy ARP.

  2. Implement NAT-Traversal.

  3. Implement NAT hairpinning.

  4. Implement persistent NAT.

Answer: A Explanation:

Reference : http://www.juniper.net/techpubs/software/junos-security/junos- security96/junos-security-swconfig-security/prxy-arp-nat_srx.html

Question No: 3

Which action will allow an administrator to connect in band to an SRX Series device in transparent mode over SSH?

  1. Use a VLAN interface.

  2. Use the loopback interface.

  3. Use a logical interface.

  4. Use an irb interface.

Answer: D

Question No: 4

You want to create a custom IDP signature for a new HTTP attack on your SRX device. You have the exact string that identifies the attack. Which two additional elements do you need to define your custom signature? (Choose two.)

  1. service context

  2. protocol number

  3. direction

  4. source IP address of the attacker

Answer: A,C

Reference: http://rtoodtoo.net/2011/09/22/how-to-write-srx-idp-custom-attacksignature/

Question No: 5

Click the Exhibit button.

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

TCP traffic sourced from Host A destined for Host B is being redirected using filter-based forwarding to use the Red network. However, return traffic from Host B destined for Host A

is using the Blue network and getting dropped by the SRX device. Which action will resolve the issue?

  1. Enable asyncronous-routing under the Blue zone.

  2. Configure ge-0/0/1 to belong to the Red zone.

  3. Disable RPF checking.

  4. Disable TCP sequence checking.

Answer: B

Reference: https://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB21046

Question No: 6

Which problem is introduced by setting the terminal parameter on an IPS rule?

  1. The SRX device will stop IDP processing for future sessions.

  2. The SRX device might detect more false positives.

  3. The SRX device will terminate the session in which the terminal rule detected the attack.

  4. The SRX device might miss attacks.

Answer: D

Reference: http://www.juniper.net/techpubs/software/junos-security/junos- security10.2/junos-security-swconfig-security/topic-42464.html

Question No: 7

You have installed a new IPS license on your SRX device and successfully downloaded the attack signature database. However, when you run the command to install the database, the database fails to install. What are two reasons for the failure? (Choose two.)

  1. The file system on the SRX device has insufficient free space to install the database.

  2. The downloaded signature database is corrupt.

  3. The previous version of the database must be uninstalled first.

  4. The SRX device does not have the high memory option installed.

Answer: A,B Explanation:

We don’t need to uninstall the previous version to install a new license, as we can update the same. Reference: http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB16491 . Also high memory option is licensed feature.

The only reason for failure is either there is no space left or downloaded file is corrupted due to incomplete download because of internet termination in between.

Reference: http://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB23359

Question No: 8

You have implemented a tunnel in your network using DS-Lite. The tunnel is formed between one of the SRX devices in your network and a DS-Lite-compatible CPE device in your customer#39;s network. Which two statements are true about this scenario? (Choose two.)

  1. The SRX device will serve as the softwire initiator and the customer CPE device will serve as the softwire concentrator.

  2. The SRX device will serve as the softwire concentrator and the customer CPE device will serve as the softwire initiator.

  3. The infrastructure network supporting the tunnel will be based on IPv4.

  4. The infrastructure network supporting the tunnel will be based on IPv6.

Answer: B,D

Reference: http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/ipv6-ds-lite- overview.html

Question No: 9

You are asked to implement the AppFW feature on an SRX Series device. Which three tasks must be performed to make the feature work? (Choose three.)

  1. Configure a firewall filter that includes the application-firewall policy.

  2. Install an IPS license.

  3. Install an AppSecure license.

  4. Configure a security policy that includes the application-firewall policy.

  5. Configure an application-firewall policy.

Answer: C,D,E

Question No: 10

What are two network scanning methods? (Choose two.)

  1. SYN flood

  2. ping of death

  3. ping sweep

  4. UDP scan

Answer: C,D Explanation:

The question is about the network scanning. So correct answers are ping sweep and UDP scan as both are port scanning types.

Reference: URL: http://althing.cs.dartmouth.edu/local/Network_Scanning_Techniques.pdf

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testking Juniper JN0-643 Dumps with VCE and PDF 191-200

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Enterprise Routing and Switching, Professional (JNCIP-ENT)

Question No: 191 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, what is the correct RPF path toward the multicast source from R6?

A. R6-R5

B. R6-R7-R4-R5

C. R6-R4-R5

D. R6-R4-R3-R2-R5

Answer: A

Question No: 192 – (Topic 3)

Which three attributes must a BGP update contain? (Choose three.)

  1. next-hop

  2. MED

  3. origin

  4. AS-path

  5. local preference

Answer: A,C,D

Question No: 193 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

In the exhibit, a customer wants to configure an EBGP connection to two different routers in a neighboring autonomous system. The goal of this configuration is to use per-prefix load balancing across both EBGP links.

Which configuration accomplishes this goal?

  1. {master:0}[edit]

    user@router# show protocols bgp group External {

    multihop;

    peer-as 65532;

    neighbor 10.10.2.2;

    neighbor 10.20.2.2;

    }

  2. {master:0}[edit]

    user@router# show protocols bgp group External {

    multipath;

    peer-as 65532;

    neighbor 10.10.2.2;

    neighbor 10.20.2.2;

    }

  3. {master:0}[edit]

    user@router# show protocols bgp group External {

    multihop;

    local-address 192.168.2.1;

    peer-as 65532;

    neighbor 10.10.2.2;

    neighbor 10.20.2.2;

    }

    user@router# show routing-options static {

    route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];

    }

    autonomous-system 65432;

  4. {master:0}[edit]

user@router# show protocols bgp group External {

multihop;

local-address 192.168.2.1;

peer-as 65532; multipath;

neighbor 10.10.2.2;

neighbor 10.20.2.2;

}

user@router# show routing-options static {

route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];

}

autonomous-system 65432;

Answer: B

Question No: 194 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.)

  1. The ge-0/0/0 interface on Provider Bridge A must be configured as an access port.

  2. The ge-0/0/0 interface on Provider Bridge A must be configured as a trunk port.

  3. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 100.

  4. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 200.

Answer: A,D

Question No: 195 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF next hop for the RP. Host1 is currently receiving multicast traffic for group 231.1.1.1. Host2 has come online and is attempting to join group 232.1.1.1. R2 has just received an IGMP message with the source and group addresses.

Which step happens next so that Host2 can join the multicast group?

  1. R2 sends a PIM join upstream towards R3 to join the shared tree.

  2. R2 sends a PIM join upstream towards R3 to join the source tree.

  3. R2 sends a PIM join upstream towards R1 to join the shared tree.

  4. R2 sends a PIM join upstream towards R1 to join the source tree.

Answer: D

Question No: 196 – (Topic 3)

Which configuration parameter causes a router to ignore router ID and peer ID from the BGP route selection algorithm?

  1. multihop

  2. as-path loops

  3. multipath

  4. next-hop self

Answer: C

Question No: 197 – (Topic 3)

Which CoS component helps with TCP global synchronization problems?

  1. WRR with rewrite rules

  2. WRED with drop profiles

  3. tail drop profiles with a behavior aggregate classifier

  4. exact term with a scheduler

Answer: B

Question No: 198 – (Topic 3)

You notice that a number of IGMP leave group messages are passing through a BMA network and are impacting the network#39;s performance.

What would you do to resolve this issue without affecting multicast traffic?

  1. Apply an import policy to control leave group messages.

  2. Suppress group-specific queries.

  3. Suppress generic IGMP queries.

  4. Enable promiscuous-mode in IGMP.

Answer: B

Question No: 199 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Based on the exhibit, which statement about the Layer 2 topology is true?

  1. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic.

  2. A total of 64 MST instances for MST region A and region B can be configured.

  3. MSTI BPDUs are exchanged between MST regions and the CST root bridge.

  4. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and 7.

Answer: A

Question No: 200 – (Topic 3)

A Layer 2 transparent firewall separates two OSPFv3 routers.

For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall?

  1. IPv4 protocol 89

  2. IPv6 protocol 89

  3. TCP port 89

  4. UDP port 89

Answer: B

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testking Juniper JN0-643 Dumps with VCE and PDF 181-190

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Enterprise Routing and Switching, Professional (JNCIP-ENT)

Question No: 181 – (Topic 3)

A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period. You must prevent this behavior in the future.

Which protocol should you enable on the EX Series switch to address this condition in the future?

  1. DVMRP

  2. L2TPv3

  3. STP

  4. RSVP

Answer: C

Question No: 182 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule on R1 to mark HTTP traffic with a specific DSCP value.

What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain?

  1. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1 and R2.

  2. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3.

  3. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3.

  4. Use the default settings already in place on the device.

Answer: D

Question No: 183 – (Topic 3)

– Exhibit –

user@R1gt; show configuration protocols pim rp local {

address 192.168.3.1;

}

auto-rp discovery; static {

address 192.168.5.1;

}

user@R1gt; show route 192.168.0.0/16

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)

= Active Route, – = Last Active, * = Both

192.168.2.1/32 *[Direct/0] 3w4d 04:58:14

gt; via lo0.0

192.168.5.1/32 *[OSPF/10] 00:52:25, metric 1

gt; via lt-0/0/0.0

192.168.10.1/32 *[OSPF/10] 00:48:06, metric 1

gt; via lt-0/0/0.2

192.168.50.1/32 *[OSPF/10] 00:48:06, metric 1

gt; via lt-0/0/0.4

– Exhibit –

Click the Exhibit button.

Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of 192.168.10.1 and BSR messages specifying an RP-set with an RP of 192.168.50.1.

Which address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?

A. 192.168.3.1

B. 192.168.5.1

C. 192.168.10.1

D. 192.168.50.1

Answer: D

Question No: 184 – (Topic 3)

– Exhibit –

user@routergt; show class-of-service scheduler-map two Scheduler map: two, Index: 56974

Scheduler: sch-best-effort, Forwarding class: best-effort, Index: 26057 Transmit ratE. 1 percent, Rate Limit: exact, Buffer sizE. remainder, Buffer Limit: exact, Priority: low

Excess Priority: unspecified Drop profiles:

Loss priority Protocol Index Name Low any 1 lt;default-drop-profilegt;

Medium low any 1 lt;default-drop-profilegt;

Medium high any 1 lt;default-drop-profilegt; High any 1 lt;default-drop-profilegt;

Scheduler: sch-expedited-forwarding, Forwarding class: expedited-forwarding, Index: 10026

Transmit ratE. 1 percent, Rate Limit: none, Buffer sizE. 1 percent, Buffer Limit: none, Priority: high

Excess Priority: unspecified Drop profiles:

Loss priority Protocol Index Name Low any 1 lt;default-drop-profilegt;

Medium low any 1 lt;default-drop-profilegt;

Medium high any 1 lt;default-drop-profilegt; High any 1 lt;default-drop-profilegt;

user@routergt; show interfaces ge-0/0/1 extensive | find quot;CoS Informationquot; CoS information:

Direction : Output

CoS transmit queue Bandwidth Buffer Priority Limit

% bps % usec

0 best-effort 1 10000000 r 0 low exact

1 expedited-forwarding 1 10000000 1 0 high none

Logical interface ge-0/0/1.823 (Index 74) (SNMP ifIndex 506) (Generation 139)

Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.823 ] Encapsulation: ENET2 Traffic statistics:

Input bytes : 1820224529 Output bytes : 6505980 Input packets: 1436371

Output packets: 75905 (… output truncated …)

user@routergt; show interfaces ge-0/0/1 extensive | find quot;Queue Countersquot; Queue counters: Queued packets Transmitted packets Dropped packets

  1. expedited-fo 53987 53987

    0

  2. assured-forw 0 0

    0

  3. network-cont 0 0

0

Queue number: Mapped forwarding classes 0 best-effort

  1. expedited-forwarding

  2. assured-forwarding

  3. network-control Active alarms : None Active defects : None

(… output truncated …)

– Exhibit –

Click the Exhibit button.

Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?

  1. The drop-profile fill level is set too low.

  2. Packets are dropped by a firewall policy.

  3. The best-effort queue is being shaped.

  4. The scheduler is not being applied correctly.

Answer: C

Question No: 185 – (Topic 3)

– Exhibit –

Mar 16 18:39:15.800390 BGP RECV 172.14.10.2 57785 -gt; 172.14.10.1 179

Mar 16 18:39:15.800932 BGP RECV message type 1 (Open) length 59

Mar 16 18:39:15.800995 BGP RECV version 4 as 2 holdtime 90 id 192.168.5.1 parmlen 30 Mar 16 18:39:15.801064 BGP RECV MP capability AFI=2, SAFI=1

Mar 16 18:39:15.801112 BGP RECV Refresh capability, code=128 Mar 16 18:39:15.801172 BGP RECV Refresh capability, code=2

Mar 16 18:39:15.801224 BGP RECV Restart capability, code=64, time=120, flags= Mar 16 18:39:15.801289 BGP RECV 4 Byte AS-Path capability (65), as_num 2

Mar 16 18:39:15.801705 advertising receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)

Mar 16 18:39:15.801787 bgp_senD. sending 59 bytes to 172.14.10.2 (External AS 2)

Mar 16 18:39:15.801845

Mar 16 18:39:15.801845 BGP SEND 172.14.10.1 179 -gt; 172.14.10.2 57785

Mar 16 18:39:15.801933 BGP SEND message type 1 (Open) length 59

Mar 16 18:39:15.801991 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30 Mar 16 18:39:15.802054 BGP SEND MP capability AFI=1, SAFI=1

Mar 16 18:39:15.802115 BGP SEND Refresh capability, code=128 Mar 16 18:39:15.802176 BGP SEND Refresh capability, code=2

Mar 16 18:39:15.802227 BGP SEND Restart capability, code=64, time=120, flags= Mar 16 18:39:15.802292 BGP SEND 4 Byte AS-Path capability (65), as_num 1

Mar 16 18:39:15.802615 bgp_process_caps: mismatch NLRI with 172.14.10.2 (External AS 2): peer: lt;inet6-unicastgt;(16) us: lt;inet-unicastgt;(1)

Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2 (External AS 2): code 2 (Open Message Error) subcode 7 (unsupported capability) value 1

Mar 16 18:39:15.802913 bgp_senD. sending 23 bytes to 172.14.10.2 (External AS 2)

Mar 16 18:39:15.802969

Mar 16 18:39:15.802969 BGP SEND 172.14.10.1 179 -gt; 172.14.10.2 57785

Mar 16 18:39:15.803057 BGP SEND message type 3 (Notification) length 23

Mar 16 18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7 (unsupported capability)

Mar 16 18:39:15.803179 BGP SEND Data (2 bytes): 00 01

– Exhibit –

Click the Exhibit button.

Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in Established state?

  1. BGP refresh is not supported.

  2. There is a router ID mismatch.

  3. IPv6 is not supported on the local peer.

  4. The peer AS number is misconfigured.

Answer: C

Question No: 186 – (Topic 3)

Which two statements about MVRP on EX Series switches are true? (Choose two.)

  1. MVRP can add VLANs on access interfaces.

  2. MVRP can add VLANs on trunk interfaces.

  3. MVRP adds VLANs on MVRP-enabled interfaces by default.

  4. MVRP is in transparent mode on MVRP-enabled interfaces by default.

Answer: B,C

Question No: 187 – (Topic 3)

A company is deploying a new 802.1X port-based security infrastructure to allow users to access resources through wired Ethernet ports. However they recently deployed an RSA token-based system for users to connect remotely. The network administrator wants to reuse the same security database for 802.1X port-based security.

Which 802.1X authentication protocol is required?

  1. EAP-TLS

  2. LAN-PEAP

  3. RSA-EAP

  4. EAP-TTLS

Answer: D

Question No: 188 – (Topic 3)

– Exhibit –

{master:0}[edit]

user@router# run show ospf interface vl-10.20.10.2 extensive

Interface State Area DR ID BDR ID Nbrs

vl-10.20.10.2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0

TypE. Virtual, Address: 0.0.0.0, Mask: 0.0.0.0, MTU: 0, Cost: 1

Transit AreA. 0.0.0.1

Adj count: 0

Hello: 10, DeaD. 40, ReXmit: 5, Not Stub Auth typE. None

Protection typE. None, No eligible backup Topology default (ID 0) -gt; Down, Cost: 0

– Exhibit –

Click the Exhibit button.

Your company is integrating another OSPF area into your existing OSPF infrastructure. You created a virtual link that spans Area 2 and connects Area 3 to the backbone area.

Based on the exhibit, what is preventing the adjacency?

  1. The interface configured for the virtual link is incorrect. It should be a vt and not a vl interface.

  2. No designated router (DR) has been elected.

  3. The backup route to Area 2 has not been configured.

  4. The wrong transit area is configured.

Answer: D

Question No: 189 – (Topic 3)

Voice traffic is coming in on UDP port 17689. This traffic must be classified into the expedited-forwarding forwarding class.

Which type of classifier is needed?

  1. code point alias

  2. rewrite marker

  3. multifield

  4. behavior aggregate

Answer: C

Question No: 190 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic over VLAN 200.

What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A?

  1. interfaces { ge-0/0/0 {

    unit 0 {

    family ethernet-switching { port-mode access;

    }

    }

    }

    ge-0/0/10 { unit 0 {

    family ethernet-switching { port-mode trunk;

    vlan { members test;

    }

    }

    }

    }

    }

    vlans { test {

    vlan-id 200; interface { ge-0/0/0.0;

    }

    dot1q-tunneling { customer-vlans 100;

    }

    }

    }

  2. interfaces { ge-0/0/0 {

    unit 0 {

    family ethernet-switching { port-mode trunk;

    vlan { members test;

    }

    }

    }

    }

    ge-0/0/10 { unit 0 {

    family ethernet-switching { port-mode access;

    }

    }

    }

    }

    vlans { test {

    vlan-id 200; interface { ge-0/0/0.0;

    }

    dot1q-tunneling {

    customer-vlans 100;

    }

    }

    }

  3. interfaces { ge-0/0/0 {

    unit 0 {

    family ethernet-switching { port-mode trunk;

    vlan { members test;

    }

    }

    }

    }

    ge-0/0/10 { unit 0 {

    family ethernet-switching { port-mode access;

    }

    }

    }

    }

    vlans { test {

    vlan-id 200; interface { ge-0/0/10.0;

    }

    dot1q-tunneling { customer-vlans 100;

    }

    }

    }

  4. interfaces { ge-0/0/0 {

unit 0 {

family ethernet-switching { port-mode access;

}

}

}

ge-0/0/10 { unit 0 {

family ethernet-switching { port-mode trunk;

vlan { members test;

}

}

}

}

}

vlans { test {

vlan-id 100; interface { ge-0/0/0.0;

}

dot1q-tunneling { customer-vlans 200;

}

}

}

Answer: A

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testking Juniper JN0-643 Dumps with VCE and PDF 171-180

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Enterprise Routing and Switching, Professional (JNCIP-ENT)

Question No: 171 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?

  1. The router has connectivity to all areas.

  2. The router has connectivity to Area 8 only.

  3. The router has connectivity to Area 2 only.

  4. The router has connectivity to all routers in Area 8 and Area 2.

Answer: D

Question No: 172 – (Topic 3)

You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support varying requirements, interfaces ge-0/0/0 through ge-0/0/3 should each be rate-limited

separately, using the same parameters.

What is the correct way to meet these requirements?

  1. Configure a single policer and apply it directly on the appropriate interfaces.

  2. Configure four policers and apply each one directly on the appropriate interface.

  3. Configure a policer and reference it in a firewall filter that uses the interface-specific option; apply the filter to the appropriate interfaces.

  4. Configure four policers and reference them all in a firewall filter; apply the filter to the appropriate interfaces.

Answer: C

Question No: 173 – (Topic 3)

– Exhibit –

{master:0}[edit]

user@router# show class-of-service classifiers {

inet-precedence normal-traffic { forwarding-class best-effort {

loss-priority low code-points [ my1 my2 ];

}

}

}

code-point-aliases { inet-precedence { my1 000;

my2 001;

cs1 010;

cs2 011;

cs3 100;

cs4 101;

cs5 111;

cs6 111;

}

}

– Exhibit –

Click the Exhibit button.

In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bits should be mapped to a forwarding class named best-effort. A classifier named normal- traffic is defined.

What must you add to complete this configuration?

  1. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new code points.

  2. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza.

  3. Configure a rewrite marker on the ingress Gigabit Ethernet interface.

  4. Add code point values for the expedited-forwarding forwarding class as well as the best- effort forwarding class.

Answer: B

Question No: 174 – (Topic 3)

You must configure your access switch with more than 3000 VLANs and you want the ability to load-balance across them.

Which spanning-tree approach has the least impact on control-plane performance?

  1. Configure your access switch with a load-balancing policy and apply it under [edit

    protocols rstp].

  2. Configure your access switch for Rapid-PVST .

  3. Configure your access switch for MSTP, incorporating the use of MSTIs.

  4. Configure your access switch for both VSTP and RSTP.

Answer: C

Question No: 175 – (Topic 3)

A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below:

class-of-service { forwarding-classes {

class best-effort queue-num 0; class bulk-data queue-num 1; class critical queue-num 3; class voice queue-num 6; class call-sig queue-num 3;

}

}

Based on the configuration, which option prioritizes call-sig traffic over critical traffic?

  1. Assign call-sig and critical to different schedulers.

  2. Assign call-sig and critical to different scheduler maps.

  3. Assign a loss priority of high to the packets in the critical forwarding class and configure drop profiles in the scheduler configuration.

  4. Assign a loss priority of high to the packets in the critical forwarding class and set priority high in the scheduler configuration.

Answer: C

Question No: 176 – (Topic 3)

You are configuring CoS classifiers and want to use both BA and MF classification. After applying the configuration, you realize that the classifiers have a conflict.

Which statement is true?

  1. BA classification overrides MF classification.

  2. MF classification overrides BA classification.

  3. Neither classification method is applied.

  4. Both classifications are applied randomly.

Answer: B

Question No: 177 – (Topic 3)

During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute.

Which two routing tables are checked during this process in a default Junos configuration? (Choose two.)

  1. inet.0

  2. inet.1

  3. inet.2

  4. inet.3

Answer: A,D

Question No: 178 – (Topic 3)

Which protocol reachability is advertised by OSPFv2?

  1. IPv4

  2. IPv5

  3. IPv6

  4. ISO

Answer: A

Question No: 179 – (Topic 3)

– Exhibit –

user@SwitchA# show protocols dot1x authenticator {

authentication-profile-name dot1x; interface {

ge-0/0/0.0 { supplicant single;

}

ge-0/0/1.0 {

supplicant single-secure;

}

ge-0/0/2.0 { supplicant multiple;

}

}

}

{master:0}[edit] user@SwitchA# show access radius-server {

172.27.14.226 {

port 1812;

secret quot;$9$vqs8xd24Zk.5bs.5QFAtM8Xquot;; ## SECRET-DATA

}

}

profile dot1x { authentication-order radius; radius {

authentication-server 172.27.14.226;

accounting-server 172.27.14.226;

}

accounting { order radius;

immediate-update;

}

}

{master:0}[edit] user@SwitchA#

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choose three.)

  1. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with their correct user credentials.

  2. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with their correct user credentials.

  3. Switch A allows complete access to the second user that connects to port ge-0/0/1 with its correct credentials only after the first user logs out.

  4. Switch A allows complete access to all users connected to port ge-0/0/0 without authentication after the first user has logged in with its correct user credentials.

  5. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log in using HTTPS with their correct user credentials.

Answer: A,C,D

Question No: 180 – (Topic 3)

– Exhibit –

user@switch# run show spanning-tree statistics interface ge-0/0/0 STP interface statistics for VLAN 10

Interface BPDUs sent BPDUs received Next BPDU transmission

ge-0/0/0.0 170 3 0

STP interface statistics for VLAN 20

Interface BPDUs sent BPDUs received Next BPDU transmission

ge-0/0/0.0 171 3 0

– Exhibit –

Click the Exhibit button.

Based on the exhibit, which spanning-tree protocol is running on ge-0/0/0?

  1. VSTP

  2. MSTP

  3. RSTP

  4. PVST

Answer: A

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testking Juniper JN0-643 Dumps with VCE and PDF 161-170

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Enterprise Routing and Switching, Professional (JNCIP-ENT)

Question No: 161 – (Topic 2)

You are troubleshooting an LLDP neighbor and cannot see the IP address of the neighboring EX Series switch.

What is causing the problem?

  1. A VLAN interface must be configured under the [edit vlans] hierarchy.

  2. IP addresses are not sent in any LLDP TLVs.

  3. A management address must be configured under the [edit protocols lldp] hierarchy.

  4. You must enable LLDP-MED.

Answer: C

Question No: 162 – (Topic 2)

– Exhibit –

user@routergt; show log ospf

Sep 19 00:22:13.420315 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge- 0/0/2.0 area 0.0.0.0

Sep 19 00:22:14.475671 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area

0.0.0.0)

Sep 19 00:22:14.855490 OSPF periodic xmit from 12.0.0.1 to 224.0.0.5 (IFL 84 area

0.0.0.0)

Sep 19 00:22:14.857304 OSPF packet ignoreD. no matching interface from 12.0.0.1, IFL 85

Sep 19 00:22:17.386726 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge- 0/0/2.0 area 0.0.0.0

Sep 19 00:22:20.855690 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge- 0/0/1.0 area 0.0.0.0

Sep 19 00:22:20.856108 OSPF rcvd Hello 10.0.0.2 -gt; 224.0.0.5 (ge-0/0/1.0 IFL 75 area

0.0.0.0)

Sep 19 00:22:20.856177 Version 2, length 44, ID 10.0.0.2, area 0.0.0.0

Sep 19 00:22:20.856229 checksum 0x0, authtype 0

Sep 19 00:22:20.856299 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128

Sep 19 00:22:20.856352 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0

Sep 19 00:22:21.752438 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge- 0/0/2.0 area 0.0.0.0

Sep 19 00:22:22.013285 OSPF packet ignoreD. area mismatch (0.0.0.1) from 12.0.0.2 on intf ge-0/0/4.0 area 0.0.0.0

Sep 19 00:22:22.013749 OSPF rcvd Hello 12.0.0.2 -gt; 224.0.0.5 (ge-0/0/4.0 IFL 84 area

0.0.0.0)

Sep 19 00:22:22.013804 Version 2, length 44, ID 10.0.0.2, area 0.0.0.1

Sep 19 00:22:22.013890 checksum 0xd51e, authtype 0

Sep 19 00:22:22.013944 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128

Sep 19 00:22:22.014012 dead_ivl 40, DR 12.0.0.2, BDR 0.0.0.0

Sep 19 00:22:22.016909 OSPF packet ignoreD. no matching interface from 12.0.0.2, IFL 85

Sep 19 00:22:22.434956 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed

Sep 19 00:22:23.045916 OSPF periodic xmit from 12.0.0.1 to 224.0.0.5 (IFL 84 area

0.0.0.0)

Sep 19 00:22:23.047959 OSPF packet ignoreD. no matching interface from 12.0.0.1, IFL 85

Sep 19 00:22:23.309957 OSPF periodic xmit from 11.0.0.1 to 224.0.0.5 (IFL 83 area

0.0.0.0)

Sep 19 00:22:23.528614 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area

0.0.0.0)

Sep 19 00:22:25.772835 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge- 0/0/2.0 area 0.0.0.0

Sep 19 00:22:29.950015 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed

Sep 19 00:22:30.622112 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge- 0/0/2.0 area 0.0.0.0

Sep 19 00:22:30.713279 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge- 0/0/1.0 area 0.0.0.0

Sep 19 00:22:30.713432 OSPF rcvd Hello 10.0.0.2 -gt; 224.0.0.5 (ge-0/0/1.0 IFL 75 area

0.0.0.0)

Sep 19 00:22:30.713503 Version 2, length 44, ID 10.0.0.2, area 0.0.0.0

Sep 19 00:22:30.713553 checksum 0x0, authtype 0

Sep 19 00:22:30.713622 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128

Sep 19 00:22:30.713677 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, what is preventing the OSPF adjacency on interface ge-0/0/4 from forming?

  1. area mismatch

  2. subnet mismatch

  3. MTU mismatch

  4. authentication mismatch

Answer: A

Question No: 163 – (Topic 2)

You just configured an interface as an access port and it is up and passing traffic. However, you notice that all traffic transiting this interface is being classified as best effort.

Which default BA classifier is causing this behavior?

  1. ieee8021p-default

  2. ieee8021p-untrust

  3. dscp-default

  4. dscp-ipv6-default

Answer: B

Question No: 164 – (Topic 2)

– Exhibit –

user@SwitchA# show protocols mstp configuration-name region1;

bridge-priority 16k; msti 1 {

bridge-priority 16k; vlan [10 20];

}

msti 2 {

bridge-priority 8k; vlan [30 40];

}

user@SwitchB# show protocols mstp configuration-name region1;

bridge-priority 8k;

msti 1 {

bridge-priority 16k; vlan [10 20];

}

msti 2 {

bridge-priority 8k; vlan [30 40 50];

}

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, a customer observes that the MSTP instance between SwitchA and SwitchB is not converging correctly.

What is causing the problem?

  1. The bridge priority values of MSTI 2 are the same.

  2. There is a VLAN mismatch between the two switches for MSTI 2.

  3. There is a bridge priority mismatch.

  4. MSTI 1 and MSTI 2 are part of the same the MSTP region.

Answer: B

Question No: 165 – (Topic 2)

On SRX Series devices, in which order does CoS process ingress packets?

  1. multifield classifier, policer, forwarding policy, behavior aggregate classifier

  2. multifield classifier, forwarding policy, policer, behavior aggregate classifier

  3. behavior aggregate classifier, policer, multifield classifier, forwarding policy

  4. behavior aggregate classifier, multifield classifier, policer, forwarding policy

Answer: D

Question No: 166 – (Topic 2)

– Exhibit –

Mar 16 17:54:51.930726 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area

0.0.0.0)

Mar 16 17:54:55.566920 ospf_trigger_build_telink_lsas : No peer found Mar 16 17:54:56.152585 ospf_trigger_build_telink_lsas : No peer found

Mar 16 17:54:56.152721 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state QUIET-gt;GEN_PENDING

Mar 16 17:54:56.153271 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id 192.168.2.1

Mar 16 17:54:56.157854 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING-gt;QUIET

Mar 16 17:54:56.157971 OSPF built router LSA, area 0.0.0.0, link count 2

Mar 16 17:54:56.158300 OSPF sent Hello 172.14.10.1 -gt; 224.0.0.5 (ge-0/0/1.0 IFL 69 area

0.0.0.0)

Mar 16 17:54:56.158380 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0

Mar 16 17:54:56.158435 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:54:56.158485 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0

Mar 16 17:54:56.158949 OSPF DR is 192.168.2.1, BDR is 0.0.0.0

Mar 16 17:54:56.159276 OSPF sent Hello 172.14.10.1 -gt; 224.0.0.5 (ge-0/0/1.0 IFL 69 area

0.0.0.0)

Mar 16 17:54:56.159331 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0

Mar 16 17:54:56.159401 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:54:56.159563 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0

Mar 16 17:54:56.168108 OSPF DR is 192.168.2.1, BDR is 0.0.0.0

Mar 16 17:54:58.237416 OSPF rcvd Hello 172.14.10.2 -gt; 224.0.0.5 (ge-0/0/1.0 IFL 69 area

0.0.0.0)

Mar 16 17:54:58.237540 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0

Mar 16 17:54:58.237623 checksum 0x0, authtype 0

Mar 16 17:54:58.237698 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128

Mar 16 17:54:58.237751 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0

– Exhibit –

Click the Exhibit button.

Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?

  1. There is an MTU mismatch.

  2. There are duplicate router IDs.

  3. The routers are in different areas.

  4. No BDR has been elected.

Answer: B

Topic 3, Exam Pool C

Question No: 167 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

In the exhibit, customers connected to Area 3 must have access to external prefixes received from the data center connected to the router in Area 1. These configurations are currently applied to the routers in Area 1:

{master:0}[edit]

user@Area-1-ABR# show protocols ospf no-nssa-abr;

area 0.0.0.1 { nssa;

interface ge-1/1/1.100;

}

{master:0}[edit]

user@Area-1-External# show protocols ospf area 0.0.0.1 {

stub no-summaries; interface ge-1/1/1.100;

}

What must you change for these configurations to work?

  1. Configure the ABR router in Area 1 to support a virtual link.

  2. Delete no-summary-lsa from the ABR router in Area 1.

  3. Configure the external router in Area 1 for NSSA.

  4. Configure the ABR in Area 1 for a default LSA with a default-metric of 10 and no- summaries.

Answer: C

Question No: 168 – (Topic 3)

You must prioritize VoIP packets on your network. Which feature will accomplish this goal?

  1. RSVP

  2. Multicast Routing

  3. VPLS

  4. Class of Service

Answer: D

Question No: 169 – (Topic 3)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?

  1. R2-R3

  2. R2-R5-R4

  3. R3

  4. R2-R4

Answer: C

Question No: 170 – (Topic 3)

What is an IP multicast routing protocol?

  1. RSVP

  2. OSPF

  3. PIM

  4. CDP

Answer: C

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE

[Free] 2017(Nov) Latesttests Testking Juniper JN0-643 Dumps with VCE and PDF 151-160

Latesttests
2017 Nov Juniper Official New Released JN0-643
100% Free Download! 100% Pass Guaranteed!
http://www.Latesttests.com/JN0-643.html

Enterprise Routing and Switching, Professional (JNCIP-ENT)

Question No: 151 – (Topic 2)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, the RPs are set up for anycast. Multicast traffic is currently flowing from the source to the receivers.

Which statement is true when RP2 goes down?

  1. Multicast traffic is interrupted for receiver 2 until RP2 recovers.

  2. Receiver 2 needs to rejoin RP1.

  3. Multicast traffic flows uninterrupted.

  4. RP1 starts sending multicast traffic to receiver 2.

Answer: C

Question No: 152 – (Topic 2)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, you want router A to have an EBGP peering with router C. They are both connected through router B, which does not have BGP running, and has static routes configured.

What must be configured in the EBGP peer groups on routers A and C to make this connection possible?

  1. MED

  2. multihop

  3. multipath

  4. next-hop

Answer: B

Question No: 153 – (Topic 2)

Which statement is true about LLDP?

  1. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.

  2. It dynamically manages VLAN registration in a LAN.

  3. It maintains a separate spanning-tree instance for each VLAN.

  4. It is a Layer 2 protocol that facilitates network and neighbor discovery.

Answer: D

Question No: 154 – (Topic 2)

Which two statements about the voice VLAN feature are correct? (Choose two.)

  1. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on an access port.

  2. It can be used to assign VoIP traffic into a CoS forwarding class.

  3. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on a trunk port.

  4. It can be used to apply a policer to VoIP traffic.

Answer: A,B

Question No: 155 – (Topic 2)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, USER1 wants to only receive multicast traffic for group 225.0.0.1 and USER2 wants to only receive multicast traffic for group 225.0.0.2. Both users are connected to an EX Series switch and are receiving unwanted multicast traffic.

What will resolve the problem?

  1. Create IGMP static groups with the exclude parameter.

  2. Enable the IGMP immediate-leave parameter.

  3. Use PIM sparse mode instead of PIM dense mode.

  4. Enable IGMP snooping.

Answer: D

Question No: 156 – (Topic 2)

Which multicast group is used for all PIM routers?

A. 224.0.0.22

B. 224.0.0.13

C. 224.0.0.1

D. 224.0.0.2

Answer: B

Question No: 157 – (Topic 2)

– Exhibit –

Latesttests 2017 PDF and VCE

– Exhibit –

Click the Exhibit button.

Referring to the exhibit, a customer noticed that the 802.1Q-tunneled packets received on SwitchB are being dropped.

What is causing this problem?

  1. There is an ether-type mismatch on SwitchA and SwitchB.

  2. Customer VLANs are not configured on SwitchB.

  3. The SwitchB interface connecting to SwitchA is not a trunk port.

  4. Customer VLANs are mismatched on both switches.

Answer: A

Question No: 158 – (Topic 2)

– Exhibit –

– Exhibit –

Click the Exhibit button.

Referring to the exhibit and based on the output below from Sw-1 and Sw-2, which statement is true?

Sw-1gt; show spanning-tree mstp configuration MSTP information

Context identifier : 0 Region name : juniper Revision : 1

Configuration digest : 0x9357ebb7a8d74dd5fef4f2bab50531aa

MSTI Member VLANs 0 0-9,11-19,21-4094

1 10

2 20

Sw-2# run show spanning-tree mstp configuration MSTP information

Context identifier : 0 Region name : juniper Revision : 1

Configuration digest : 0x387b5f2ea2394b14e091f0921ee7b9a8

MSTI Member VLANs

0 0-9,11-14,16-19,21-4094

1 10,15

2 20

  1. There will be only one MSTI 2 root bridge.

  2. There will be only one CST root bridge.

  3. Sw-1 and Sw-2 are in different MSTP regions.

  4. There will be only one CIST root bridge.

Answer: C

Question No: 159 – (Topic 2)

– Exhibit –

[edit protocols vstp] #39;vlan all#39;

Cannot configure VSTP on all VLANs when more than 253 VLANs are configured.

Configure vstp vlan-group along with STP or RSTP to cover all VLANs [edit protocols]

#39;vstp#39;

Failed to configure vstp on all vlans error: configuration check-out failed

– Exhibit –

Click the Exhibit button.

What are two reasons for the commit error shown in the exhibit? (Choose two.)

  1. The set protocols vstp vlan all configuration is not supported.

  2. There are more than 253 VLANs configured on the switch.

  3. MSTP is not configured with VSTP.

  4. STP or RSTP is not configured along with VSTP on the switch.

Answer: A,B

Explanation: http://kb.juniper.net/KB18259

Question No: 160 – (Topic 2)

Which connection method do OSPF routers use to communicate with each other?

  1. IP protocol number 89

  2. TCP port 179

  3. UDP port 179

  4. IP protocol number 6

Answer: A

Explanation: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

100% Free Download!
Download Free Demo:JN0-643 Demo PDF
100% Pass Guaranteed!
Download 2017 Latesttests JN0-643 Full Exam PDF and VCE

Latesttests ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Latesttests IT Certification PDF and VCE