• Home
• Juniper Exams
• JN0-351 - Enterprise Routing and Switching, Specialist (JNCIS-ENT)

JN0-351 Juniper Practice Test Questions and Exam Dumps

Question No 1:

Which three protocols are supported by Bidirectional Forwarding Detection (BFD)? (Choose three.)

A. RSTP
B. BGP
C. OSPF
D. LACP
E. FTP

Correct Answer:
B. BGP
C. OSPF
D. LACP

Explanation:

Bidirectional Forwarding Detection (BFD) is a protocol-independent mechanism that provides fast detection of failures in a network path, improving the speed and reliability of network failover. It works by sending control packets between routers or devices to quickly detect if a link or path has gone down, allowing rapid rerouting of traffic and minimizing downtime. BFD is designed to work with various routing and link protocols and is commonly used in large-scale networks, especially in environments where high availability and rapid recovery from failures are critical.

Let’s go through the listed protocols to understand how they interact with BFD:

• Option A: RSTP (Rapid Spanning Tree Protocol):
  RSTP is used to prevent loops in Ethernet networks by dynamically adjusting the network topology. Although RSTP is an evolution of STP (Spanning Tree Protocol), designed to provide faster convergence, it does not natively support BFD. RSTP's primary function is related to the management of network topology and the avoidance of loops, not the rapid detection of failures on a link or router path. Therefore, RSTP is not supported by BFD.

• Option B: BGP (Border Gateway Protocol):
  BGP is a path vector protocol used for inter-domain routing in large networks like the internet. BFD can be used with BGP to quickly detect failures in the network paths between BGP peers. This is particularly useful for large-scale service providers or networks requiring high availability and fast recovery times. By integrating BFD with BGP, a network can reduce the detection time of a failed BGP session from potentially seconds or minutes to milliseconds, which is crucial for maintaining routing stability. Therefore, BFD supports BGP.

• Option C: OSPF (Open Shortest Path First):
  OSPF is a link-state routing protocol used within an autonomous system (AS) to find the best path for routing IP packets. Like BGP, OSPF also supports BFD, which helps to detect failures more rapidly than traditional OSPF timers. By using BFD, OSPF can react faster to link failures and quickly re-compute new paths, improving the overall resilience and speed of the network’s failure recovery process.

• Option D: LACP (Link Aggregation Control Protocol):
  LACP is used for link aggregation, allowing multiple physical links to be combined into a single logical link for redundancy and increased bandwidth. BFD is also supported by LACP, as it helps to monitor the health of aggregated links. If a link within an LACP bundle fails, BFD can quickly detect the failure and trigger the network to switch to a working link within the aggregation group, ensuring that the traffic flow continues without significant disruption.

• Option E: FTP (File Transfer Protocol):
  FTP is an application layer protocol used for transferring files over a TCP/IP network. It does not have a relationship with the transport or detection of network failures, and FTP does not support BFD. BFD operates at a lower layer (typically Layer 2 or Layer 3) to detect failures in the physical or routing paths, and is not relevant to file transfer protocols like FTP.

BFD is widely supported across critical network protocols, particularly those involved in routing and link aggregation, including BGP, OSPF, and LACP. These protocols leverage BFD’s fast failure detection capabilities to maintain network stability and minimize downtime. Meanwhile, protocols like RSTP and FTP are not suited for integration with BFD because they focus on different aspects of network management.

In summary, the three protocols that support BFD are BGP, OSPF, and LACP. Understanding BFD’s role in network resilience and the protocols that support it is essential for optimizing network uptime and ensuring quick recovery from failures.

Question No 2:

Which of the following statements is correct regarding the Graceful Routing Engine Switchover (GRES) feature?

A. The Packet Forwarding Engine (PFE) restarts, and kernel and interface information is lost.
B. GRES has a helper mode and a starting mode.
C. When combined with Non-Stop Routing (NSR), routing is preserved, and the new master Routing Engine (RE) does not restart the Routing Protocol Daemon (rpd).
D. With no other high availability features enabled, routing is preserved, and the new master RE does not restart the Routing Protocol Daemon (rpd).

Correct Answer:
C. When combined with Non-Stop Routing (NSR), routing is preserved, and the new master RE does not restart the Routing Protocol Daemon (rpd).

Explanation:

Graceful Routing Engine Switchover (GRES) is a critical feature used in high availability (HA) scenarios in Juniper Networks devices. It ensures that when the Routing Engine (RE) fails or is taken offline for maintenance, the routing protocols continue running without disruption. GRES minimizes the downtime associated with such failures, ensuring that network traffic is not significantly impacted by the switchover.

Let's break down each option to explain the correct answer:

• Option A: The Packet Forwarding Engine (PFE) restarts, and kernel and interface information is lost.
  
  This statement is incorrect. During a GRES event, the Routing Engine is switched over, but the Packet Forwarding Engine (PFE) does not necessarily restart. The PFE is responsible for forwarding traffic, and it typically continues its operations without disruption. Moreover, with GRES, kernel and interface information can be preserved in some cases depending on whether NSR (Non-Stop Routing) is enabled. GRES is designed to maintain continuity for forwarding traffic, but the statement about the PFE restarting is not accurate.

• Option B: GRES has a helper mode and a starting mode.
  This statement is somewhat misleading. GRES operates in two modes—active mode and standby mode—but the terms "helper mode" and "starting mode" are not standard terminology used in the context of GRES. The main idea behind GRES is to allow the backup RE to take over as the master when a failure occurs, ensuring minimal disruption. The focus is not on “helper” and “starting” modes, but rather on the master and backup RE relationship.

• Option C: When combined with Non-Stop Routing (NSR), routing is preserved, and the new master Routing Engine (RE) does not restart the Routing Protocol Daemon (rpd).
  Option C is the correct statement. When GRES is combined with NSR, it provides full high availability for both the control and data planes. In this scenario, the master RE is seamlessly switched over to the backup RE, and crucially, the routing information is preserved during the switchover. The Routing Protocol Daemon (rpd) does not restart, so routing continues without disruption. NSR ensures that the routing protocol state is synchronized between the two REs, so the backup RE can quickly take over without needing to reestablish routing protocol sessions.

• Option D: With no other high availability features enabled, routing is preserved, and the new master RE does not restart the Routing Protocol Daemon (rpd).
  This statement is incorrect. Without NSR, the rpd would be restarted during the GRES process, leading to potential disruptions in routing. The GRES feature on its own does not guarantee the preservation of routing protocol state; this capability is provided by NSR. Without NSR, the backup RE would need to reinitiate routing sessions, causing potential delays in traffic forwarding.

In summary, GRES helps provide redundancy for the Routing Engine in Juniper devices. When used in conjunction with NSR, GRES ensures that routing protocols continue operating without interruption, as the backup RE takes over seamlessly and the rpd does not need to restart. This is the key advantage of combining GRES and NSR for high availability. Therefore, the correct answer is Option C.

Question No 3:

Which of the following statements is correct when controlling the routes installed by a Routing Information Base (RIB) group?

A. An import policy is applied to the RIB group.
B. Only routes in the last table are installed.
C. A firewall filter must be configured to install routes in the RIB groups.
D. An export policy is applied to the RIB group.

Correct Answer:
A. An import policy is applied to the RIB group.

Explanation:

In networking devices such as routers and switches, the Routing Information Base (RIB) is a critical component responsible for maintaining the routes learned by the device. The RIB group concept allows for the management of multiple RIBs on a device, where each RIB can hold different sets of routing information based on various factors such as routing protocols, policy configurations, or the device's role in the network.

When managing the routes that are installed into RIB groups, different methods and configurations can be employed to control how routes are added, modified, and exported. Let’s break down each of the options to understand the correct approach.

Option A: An import policy is applied to the RIB group.

This is the correct statement. In Juniper Networks devices (such as those running Junos OS), import policies are used to control the routes that are installed into the RIB groups. Import policies allow administrators to filter, modify, or reject routes based on specific conditions before they are installed into the RIB. These policies are applied to routes as they enter the RIB, enabling precise control over which routes are accepted or discarded.

For instance, an import policy can be used to ensure that only routes from certain Autonomous Systems (AS) or with specific attributes (like metric values) are installed. These policies are typically defined using policy statements that match route attributes such as prefix, AS path, or next-hop information.

Option B: Only routes in the last table are installed.

This statement is incorrect. The RIB group allows for multiple RIBs, and routes can be installed into any of these RIBs based on specific configurations and policies. The concept of "only installing routes in the last table" doesn’t apply because routing information can be stored in any RIB group configured on the device, not just the last one.

Option C: A firewall filter must be configured to install routes in the RIB groups.

This statement is incorrect. While firewall filters can be used in certain network configurations (such as filtering traffic based on IP addresses, protocols, etc.), they are not directly involved in installing routes into RIB groups. The installation of routes in the RIB is governed by import policies, not by firewall filters. Firewall filters primarily control traffic flows, not route installation.

Option D: An export policy is applied to the RIB group.

This statement is incorrect. An export policy is used to control the routes that are exported from the RIB group to other routing tables or peers, but import policies are what control which routes are installed in the RIB group. Export policies can determine which routes are advertised to other devices or routing protocols, but they do not govern the installation of routes into the RIB.

To control which routes are installed into a Routing Information Base (RIB) group, import policies are applied. These policies can filter, modify, or reject routes based on various conditions, giving administrators fine-grained control over the routing decisions made by the device. It is important to distinguish between import and export policies, as they serve different roles in the routing process. While import policies affect the installation of routes into the RIB, export policies control how routes are advertised to other devices or networks.

Question No 4:

You are using OSPF to advertise the subnets for the Denver and Dallas offices. However, the routers directly connected to the Denver and Dallas subnets are not advertising the connected subnets.

Given this scenario, which two statements are correct? (Choose two.)

A. Create static routes on the switches using the local vMX router's loopback interface as the next hop.
B. Configure and apply a routing policy that redistributes the Dallas and Denver subnets using Type 5 LSAs.
C. Configure and apply a routing policy that redistributes the connected Dallas and Denver subnets.
D. Enable the passive option on the OSPF interfaces connected to the Dallas and Denver subnets.

Correct Answer:
C. Configure and apply a routing policy that redistributes the connected Dallas and Denver subnets.
D. Enable the passive option on the OSPF interfaces connected to the Dallas and Denver subnets.

Explanation:

In OSPF (Open Shortest Path First), when subnets directly connected to routers are not advertised, there are several potential reasons and solutions to address the issue. This problem typically occurs when the OSPF process is not advertising those connected subnets, either due to misconfigurations or missing configurations.

Option A: Create static routes on the switches using the local vMX router's loopback interface for the next hop.

This is incorrect. Creating static routes does not solve the issue of OSPF advertising directly connected subnets. Static routes may be useful for routing traffic to specific destinations, but they are not the solution for propagating OSPF routes to other routers. The issue here is related to OSPF advertisements, not the static routing configuration.

Option B: Configure and apply a routing policy that redistributes the Dallas and Denver subnets using Type 5 LSAs.

This is incorrect. Type 5 LSAs (Link-State Advertisements) are used for external routes in OSPF, typically for redistributing routes from other routing protocols into OSPF. Since the issue is with advertising directly connected subnets, using Type 5 LSAs is not appropriate in this case. The correct approach is to ensure that the directly connected subnets are advertised as OSPF internal routes (using Type 1 or Type 3 LSAs).

Option C: Configure and apply a routing policy that redistributes the connected Dallas and Denver subnets.

This is correct. If the routers in the Denver and Dallas offices are not advertising the directly connected subnets, the solution is to ensure that the subnets are redistributed into OSPF. A routing policy that explicitly redistributes these subnets into the OSPF domain will make the connected subnets available to other routers participating in the OSPF process. This redistribution would involve using OSPF's redistribute connected command, which advertises the directly connected networks into OSPF.

Option D: Enable the passive option on the OSPF interfaces connected to the Dallas and Denver subnets.

This is correct. Enabling the passive interface option on OSPF interfaces is a way to prevent OSPF hello packets from being sent on those interfaces, which is useful when you don’t want OSPF to establish neighbor relationships on certain interfaces. However, in this case, if the routers connected to the subnets are not advertising the subnets, it is likely that these interfaces are not being included in the OSPF process. Enabling the passive option might be a necessary step to ensure the subnets are correctly included in the OSPF advertisements without having OSPF neighbor relationships formed on those interfaces.

In this scenario, the two correct actions are to redistribute the connected subnets into OSPF (Option C) and ensure that the passive interfaces are configured correctly (Option D). These actions will allow the routers to advertise the connected subnets and address the issue at hand.

Question No 5:

You want to verify the prefix information being sent from the IP address 10.36.1.4.

Based on the output shown in the exhibit, which two statements are correct? (Choose two.)

A. The routes displayed have traversed one or more autonomous systems.
B. The output shows routes that were received before the application of any BGP import policies.
C. The output shows routes that are active but rejected by an import policy.
D. The routes displayed are being learned from an IBGP peer.

Correct Answer:
A. The routes displayed have traversed one or more autonomous systems.
B. The output shows routes that were received before the application of any BGP import policies.

Explanation:

In BGP (Border Gateway Protocol), routers exchange routing information to determine the best path for data to travel across the network. When you want to verify the prefix information being sent from a specific IP, such as 10.36.1.4, analyzing the BGP output is crucial. The output provides insight into the routing information being received from the BGP peer and how the prefixes are processed.

Let’s break down the key options:

Option A: The routes displayed have traversed one or more autonomous systems.

This is correct. If the BGP output indicates that the route is being learned via an AS path, it implies that the routes have traversed one or more autonomous systems. The AS path in BGP is a list of AS numbers that the route has traversed, which can be seen in the BGP output. If the AS path includes multiple AS numbers, the route has traversed several autonomous systems, meaning it is an external BGP (EBGP) route or has passed through different ASes.

Option B: The output shows routes that were received before the application of any BGP import policies.

This is correct. The routes displayed in BGP output are typically shown before the application of any import policies. Import policies are applied after the route is received but before it is installed in the BGP routing table. If the output shows the raw received routes, then it is showing the routes before any import policy filtering is applied.

Option C: The output shows routes that are active but rejected by an import policy.

This is incorrect. If the output shows routes that are active, it typically means they are accepted and installed in the BGP routing table. If a route was rejected by an import policy, it would not be marked as active in the output; rather, it would be in a “rejected” or “filtered” state. So, the output would not show these routes as active if they were rejected.

Option D: The routes displayed are being learned from an IBGP peer.

This is incorrect. While the output could indeed show routes learned from an IBGP peer, there’s no explicit mention of this in the question, nor can we definitively identify it without the output or additional context. If the routes are learned from an IBGP peer, the output should indicate this, often with an IBGP tag or indicator.

In this case, the correct answers are Option A and Option B, as they correctly identify that the routes have traversed one or more autonomous systems and were received before the application of import policies. These two aspects of the BGP output are crucial for understanding how prefixes are being handled in the network.

Question No 6:

What is the default keepalive interval in seconds for BGP (Border Gateway Protocol)?

A. 10 seconds
B. 60 seconds
C. 30 seconds
D. 90 seconds

Correct Answer:
C. 30 seconds

Explanation:

In Border Gateway Protocol (BGP), the keepalive time is an important configuration parameter that defines how often a router sends keepalive messages to its BGP peers to maintain the connection. These messages help ensure that the BGP session remains active and that both routers are aware that the connection is still functional.

BGP Session Basics:

• BGP is a path vector protocol used for inter-domain (or inter-AS) routing. To maintain stable routing across the internet, BGP routers need to exchange updates about network reachability.

• A BGP session is established using a TCP connection, and the keepalive timer helps ensure that both peers are still reachable and alive.

• If a router does not receive a keepalive message from its BGP peer within a certain timeout period, the session is considered dead, and the router will remove that peer from its routing table, which could lead to routing instability.

Default Keepalive Timer:

• The default keepalive time in BGP is 30 seconds. This means that BGP routers send keepalive messages to their peers every 30 seconds to verify that the connection is still up.

• Keepalive messages are sent even if there are no route updates to send. This ensures that both peers stay aware of each other’s status and that the BGP session is kept alive.

Other Timers in BGP:

• In addition to the keepalive timer, there are two other important timers in BGP:
  
  

1. Hold time: The hold time is the maximum amount of time a router will wait to receive a keepalive or a route update from a BGP peer before considering the peer as down. The default hold time is 180 seconds, which means if the router does not receive a keepalive within this time frame, the session will be considered down.

2. Connect retry time: This is the amount of time BGP will wait before trying to re-establish a connection after a failure.

Customizing the Keepalive Timer:

Although the default value is 30 seconds, BGP timers are often customized depending on network requirements. For instance, in environments that require rapid convergence, the keepalive timer might be reduced. However, reducing the timer too much can cause excessive message traffic, which could overwhelm the routers.

The default keepalive interval for BGP is 30 seconds, meaning BGP routers send keepalive messages every 30 seconds to maintain their session and ensure continuous connectivity. This timer plays a vital role in the stability and reliability of BGP peering sessions.

Question No 7:

Which two of the following statements are correct regarding tunnels in networking? (Choose two.)

A. BFD (Bidirectional Forwarding Detection) cannot be used to monitor tunnels.
B. Tunnel endpoints must have a valid route to the remote tunnel endpoint.
C. IP-IP tunnels are stateful.
D. Tunnels add additional overhead to packet size.

Correct Answer:
B. Tunnel endpoints must have a valid route to the remote tunnel endpoint.
D. Tunnels add additional overhead to packet size.

Explanation:

In networking, tunnels are used to create virtual communication paths between two endpoints over an existing physical network. Tunnels encapsulate data packets, allowing them to traverse intermediate networks securely or privately. Understanding the key properties and behaviors of tunnels is essential for network design and troubleshooting. Let's explore the statements in more detail.

Option A: BFD cannot be used to monitor tunnels.

This statement is incorrect. BFD (Bidirectional Forwarding Detection) can indeed be used to monitor tunnels, just like it can be used to monitor other network paths. BFD provides rapid detection of failures in forwarding paths, including tunnels, by sending periodic control packets. If a BFD session detects a failure in the tunnel, it can trigger failover mechanisms to ensure network reliability.

Option B: Tunnel endpoints must have a valid route to the remote tunnel endpoint.

This statement is correct. For a tunnel to be established and function properly, both endpoints must have a valid route to the other endpoint. Tunnels rely on the underlying network for transport, so if either endpoint cannot reach the other via a valid route, the tunnel will not be able to function. The routing protocols (such as static routes or dynamic routing protocols) must ensure connectivity between the tunnel's endpoints.

Option C: IP-IP tunnels are stateful.

This statement is incorrect. IP-IP tunnels, such as those used in IPsec or GRE (Generic Routing Encapsulation), are stateless. The term "stateless" means that the tunnel itself does not maintain any session information or state about the traffic passing through it. Each packet is processed independently as it enters and exits the tunnel. Stateful behavior would imply that the tunnel keeps track of session information, which is not the case with standard IP-IP tunneling.

Option D: Tunnels add additional overhead to packet size.

This statement is correct. Tunnels typically involve encapsulation of the original packet inside a new packet. This encapsulation adds headers and additional metadata to each packet, increasing the overall packet size. The amount of overhead depends on the tunneling protocol being used. For example, GRE and IPsec tunnels add significant overhead in the form of extra headers, which can reduce the effective payload size.

The correct answers are Option B and Option D. Tunnels must have a valid route to the remote endpoint for proper functioning, and they inherently add overhead to the packet size due to encapsulation. Understanding these aspects helps ensure the efficient configuration and operation of tunnels in a network.

Question No 8:

Which of the following statements is correct regarding IP-IP tunnels?

A. IP-IP tunnels only support encapsulating IP traffic.
B. IP-IP tunnels only support encapsulating non-IP traffic.
C. The TTL (Time to Live) in the inner packet is decremented during transit to the tunnel endpoint.
D. There are 24 bytes of overhead with IP-IP encapsulation.

Correct Answer:
A. IP-IP tunnels only support encapsulating IP traffic.

Explanation:

IP-IP tunnels are a form of tunneling used in networking to encapsulate IP packets within another IP packet, allowing them to traverse networks that might not otherwise support the original IP traffic. Let's break down each statement to understand the correct answer and the relevant concepts.

Option A: IP-IP tunnels only support encapsulating IP traffic.

This statement is correct. An IP-IP tunnel is designed to encapsulate IP packets inside other IP packets. The primary function of this type of tunnel is to allow an IP packet from one network to travel through an intermediate network (which could use a different IP range or addressing scheme) by creating a virtual tunnel. This encapsulation enables the IP packet to reach its destination without altering its original content or format. Hence, only IP traffic can be encapsulated using IP-IP tunnels.

Option B: IP-IP tunnels only support encapsulating non-IP traffic.

This statement is incorrect. IP-IP tunnels are specifically intended to encapsulate IP packets, not non-IP traffic. Non-IP traffic can be encapsulated in other types of tunnels, such as Generic Routing Encapsulation (GRE) or MPLS (Multiprotocol Label Switching) tunnels, but IP-IP tunnels exclusively handle IP traffic.

Option C: The TTL in the inner packet is decremented during transit to the tunnel endpoint.

This statement is incorrect. In an IP-IP tunnel, the TTL (Time to Live) field in the inner packet is not decremented during transit through the tunnel. The TTL is only decremented when the packet is routed through regular network hops, not during tunneling. The outer header, which is responsible for routing the tunnel itself, has its own TTL field. The inner packet retains its TTL value while being encapsulated.

Option D: There are 24 bytes of overhead with IP-IP encapsulation.

This statement is incorrect. The overhead for IP-IP encapsulation is typically 20 bytes, corresponding to the size of the outer IP header (20 bytes for an IPv4 header without options). Additional overhead may be added if additional features, such as options in the IP header, are used, but the basic overhead for IP-IP encapsulation is 20 bytes, not 24.

The correct statement is Option A: IP-IP tunnels are specifically designed to encapsulate only IP traffic. Understanding the function and limitations of IP-IP tunnels is essential for efficient network configuration, especially when managing encapsulation, routing, and packet forwarding across diverse network infrastructures.