Category Archives: Juniper

JN0-370 QFabric, Specialist (JNCIS-QF)

JNCIS-QF Exam Objectives (Exam: JN0-370)

QFabric System Concepts
Identify concepts, general functionality and architecture of QFabric systems
Components and architecture
Control/data plane connections
Software architecture and components
System functions
QFabric protocols
Describe site planning considerations and requirements
Pre-installation considerations

System Setup, Configuration and Troubleshooting
Configure and verify the basic elements of QFabric systems
System setup
Initial configuration (e.g., node groups)
Interfaces and LAGs
Demonstrate knowledge of how to monitor and troubleshoot system operations
Data/control plane discovery
Discovery protocol
Interface/port
System functions
System processes and services
Data/control plane connections
Troubleshooting tools – logs, traceoptions, Fabric Analyzer, Fabric Ping and Traceroute, Analyzer, ‘beacon’
Core dumps
System-specific IP address and subnet assignments

Layer 2 Operations and Troubleshooting
Describe Layer 2 concepts, features and operations for QFabric systems
VLAN tagging, LAGs, STP
Connection types
Route exchange
Traffic flow and packet forwarding
Configure and monitor Layer 2 functionality for a QFabric system
Interfaces and VLANs
RSTP
Demonstrate knowledge of how to troubleshoot QFabric system Layer 2 operations
L2 protocol issues
Traffic flow issues

Layer 3 Operations and Troubleshooting
Describe Layer 3 concepts, features and operations for QFabric systems
L3 interfaces and LAGs
Routing (static, OSPF, BGP)
Route and address resolution
Traffic flow and packet forwarding
Configure and monitor Layer 3 functionality for a QFabric system
Interfaces and RVIs
Static routes, routing protocols
Demonstrate knowledge of how to troubleshoot QFabric system Layer 3 operations
L3 protocol issues
Traffic flow issues

Data Center Storage Fundamentals
Identify various data center storage technologies
Storage options
Deployment options and considerations
Storage device types
Storage access protocols
Describe Fibre Channel (FC) and Fibre Channel over Ethernet (FCoE) features
Concepts and components
Describe Data Center Bridging concepts and functionality
Priority-based flow control (PFC)
Enhanced Transmission Selection (ETS)
Quantized Congestion Notification (QCN)
Configure and monitor FCoE for a QFabric system
Interfaces and VLANs
FCoE interfaces and fabrics
Protocols
Demonstrate knowledge of how to troubleshoot FCoE in a QFabric system environment
Device login issues
Class of service issues
Traffic flow issues
Performance issues
Protocol issues
QUESTION 1
Which three statements are correct about the QFabric system control plane? (Choose three.)

A. It discovers and manages paths.
B. It manages FCoE-to-FC conversions.
C. It manages Layer 2 and Layer 3 load balancing between nodes and interconnects.
D. It discovers and provisions the system.
E. It manages routing and switching protocols.

Answer: A,D,E

Explanation:


QUESTION 2
The QFabric system data plane performs which three functions? (Choose three.)

A. It provides connectivity for network devices.
B. It manages routing and switching protocols.
C. It interconnects Node devices with the fabric.
D. It exchanges reachability information.
E. It forwards traffic through devices of the system.

Answer: A,C,E

Explanation:


QUESTION 3
You are determining the DC power requirements for a QFX3000-M QFabric system.
Which two devices support DC power? (Choose two.)

A. a QFX3100 Director device
B. a QFX3600-I Interconnect device
C. a QFX3500 Node device
D. a QFX3800-I Interconnect device

Answer: B,C

Explanation:


QUESTION 4
You configured a BGP peering session between your QFabric system and an attached device, but
the session is not coming up.
What are two reasons for this happening? (Choose two.)

A. The inet protocol family is not configured on the QFabric system.
B. There is a mismatching MED attribute configured.
C. There are no RVIs configured on the QFabric system.
D. The QFabric system is configured with two network Node groups.

Answer: A,C

Explanation:


QUESTION 5
You have recently connected an aggregated interface between a server Node group and a blade
chassis switch and the interface is down.
Which three reasons would explain the interface being down? (Choose three.)

A. The interface is using an unsupported or malfunctioning transceiver.
B. Both sides of the connection have set LACP active.
C. Both sides of the connection have set LACP passive.
D. Aggregated interfaces are only supported on the network Node group.
E. Spanning tree BPDUs have been received on the aggregated interface.

Answer: A,C,E

Explanation:

Click here to view complete Q&A of JN0-370 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-370 Certification, Cisco JN0-370 Training at certkingdom.com

 

JN0-380 Wireless LAN, Specialist (JNCIS-WLAN)

JNCIS-WLAN Exam Objectives (Exam: JN0-380)

Wireless LAN Overview
Identify concepts, general features and functionality of the Juniper Networks wireless LAN product line
WLAN standards
WLC protocols
WLAN authentication, authorization and encryption
Hardware – APs, controllers, servers
Software – RingMaster
Licensing

Planning
Describe the elements of coverage area model and requirements
RF environment
Device requirements
Site visit
Describe the elements of predictive planning with RingMaster
AutoCAD file requirements
Site creation
Area planning
Identify various other planning parameters
Sites, buildings and floors
Coverage areas
RF obstacles
APs
Redundancy options
Data and VoIP capacity options

Initial Setup and Installation
Identify wireless LAN hardware, software and licensing requirements
WLAN controllers (WLCs)
RingMaster
Demonstrate knowledge of how to perform setup and initial installation of Juniper Networks wireless LAN hardware and software
AP boot and configuration options
WLC configuration using QuickStart and RingMaster
RingMaster installation and setup

Deployment and Configuration
Describe the elements of planning and data gathering for a deployment project
Data forwarding models
Centralized vs. distributed controllers
Capacity planning and bandwidth considerations
Redundancy planning
Coverage details
Network details
Site visit
Demonstrate knowledge of how to implement services for the Juniper Networks wireless LAN
Service types and characteristics
Radio profile
Service profile
AAA server definitions
Network access rules
Service mapping

Domains and High Availability
Describe the concepts, benefits and operation of domains and high availability
Mobility Domain seed
Synchronization
Redundancy and interleaving
Security
Clustering guidelines
Cluster AP affinity groups
Demonstrate knowledge of how to configure and monitor domains and high availability
Mobility Domain
Clusters
Network Domain

Architecture
Describe various architecture considerations for a Juniper Networks wireless LAN environment
Voice support – SIP recognition, call admission control, QoS
Mesh services – mesh APs, wireless bridging
Spectrum analysis
Remote AP
Client load balancing
Bandwidth control
NAT/PAT implementation options
Advanced RADIUS implementation
Location detection
VLAN pooling
High-latency network support
Adaptive channel (Auto-tune enhancements)
Transmit beam-forming
IPv6 support

Wireless LAN Services
Describe the concepts, operation and functionality of various wireless LAN services
Open, 802.1x, Web Portal, voice, and mesh concepts and characteristics
Services configuration options
Describe and configure 802.1x options
Pass through mode vs offload mode
EAP Protocols
Describe and configure Web portal options
Local vs external Web portal configuration
Certificate and encryption options

Security
Describe the steps and components for securing a WLAN
Threat evaluation
Access control
Securing and separating services
Client protection
Intrusion detection and protection systems (IDS/IPS)
802.1x
Certificates

Management and Reporting
Demonstrate knowledge of how to manage a Juniper Networks wireless LAN environment
RingMaster server and client
WLCs
Hardware upgrades
System recovery
Configuration management (backup and restore)
Demonstrate knowledge of how to implement RingMaster reporting
Report definition and generation
Scheduling

Integration
Describe how the WLS can integrate with other network technologies
RADIUS
DHCP options
LDAP
Snoop
DNS for APs and WLCs

Monitoring and Troubleshooting
Demonstrate knowledge of how to monitor the Juniper Networks wireless LAN environment
SNMP
Polling
Dashboard
System status
Clients
Traffic
Alarms
Security
Event log
Demonstrate knowledge of how to troubleshoot the Juniper Networks wireless LAN environment
Troubleshooting process and flow
Network troubleshooting tools
Trace messages
MSS commands
AP issues
Client issues
Controller issues
Configuration issues
RingMaster issues
Network integration issues
Services issues
Clustering issues


QUESTION 1
Which RingMaster license is needed to enable the RingMaster API?

A. base license
B. USM license
C. Agent license
D. AP license

Answer: C

Explanation:


QUESTION 2
A small business is using Radio Frequency (RF) planning to establish and limit the number of
access points (APs) needed for a coverage area. The company is trying to decide what to use for
the baseline association rate for clients to connect to the access points.
Which two statements are correct? (Choose two.)

A. A baseline association rate of 54 Mbps requires more APs than a baseline association rate of
18 Mbps.
B. A baseline association rate of 18 Mbps requires more APs than a baseline association rate of
54 Mbps.
C. A baseline association rate of 54 Mbps requires the client to be farther away from the AP to
reach the targeted rate.
D. A baseline association rate of 18 Mbps requires the client to be farther away from the AP to
reach the targeted rate.

Answer: A,D

Explanation:


QUESTION 3
You are using the RF Planning tool in RingMaster to configure a data capacity plan for a client.
Which three settings are required on the Data Capacity Options page? (Choose three.)

A. AP authentication mode
B. Per Station Throughput
C. Expected Station Count
D. Coverage Area
E. Station Oversubscription Ratio

Answer: B,C,E

Explanation:


QUESTION 4
Multiple users are complaining that their wireless connections are not working.
Which RingMaster screen would the administrator use for troubleshooting?

A. Alarms
B. Clients
C. Monitor
D. Verification

Answer: C

Explanation:


QUESTION 5
A network administrator must perform a software upgrade of a factory-default wireless LAN
controller (WLC) using the CLI.
Which three actions are required? (Choose three.)

A. Set the inactive boot partition to the active boot partition.
B. Add an upgraded license for the new image.
C. Copy the new image to the inactive boot partition using TFTP.
D. Reboot the controller.
E. Upgrade the connected access points (APs) before upgrading the controller.

Answer: A,C,D

Explanation:

Click here to view complete Q&A of JN0-380 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-380 Certification, Cisco JN0-380 Training at certkingdom.com

JN0-355 Junos Pulse Secure Access, Specialist (JNCIS-SA)

JNCIS-SA Exam Objectives (Exam: JN0-355)

Overview
Components and elements
Component functions, interaction and relationships
Junos Pulse Gateway and Virtual Appliance product lines
Licensing
Deployment considerations and integration options
SSL, TLS and digital certificates overview
Access methods

Initial Configuration
Configure the basic elements of a Junos Pulse Secure Access Service environment
Initial configuration via CLI
Initial configuration via admin UI

Roles
Describe the concepts, operation and functionality of roles
Purpose of roles
Role mapping and merging
Customization of the end-user experience
Configure roles
Roles and role options

Policies and Profiles
Describe the concepts, operation and functionality of policies and profiles
Purpose of policies; policy types and elements
Purpose of profiles and profile types
Interrelationship and usage guidelines
Configure policies and profiles
Policies and policy options
Profiles and profile options

Authentication
Describe the authentication process for the Junos Pulse Secure Access Service
Authentication elements
Sign-in process
Digital certificates
Certificate validation process
Advanced authentication options
Configure authentication
Authentication servers
Authentication realms
Role mapping
Sign-in policies
Certificates
Advanced options

Client/Server Communications
Identify and describe client/server applications
WSAM
JSAM
VPN tunneling
Configure client/server applications
SAM
VPN tunneling

Junos Pulse Client
Describe the features, benefits and functionality of the Junos Pulse client
Components and features
Configure the Junos Pulse client
WSAM application access
VPN tunneling

Junos Pulse Collaboration
Describe the features, benefits and functionality of Junos Pulse Collaboration
Components and features
Deployment
Collaboration client
Scheduling meetings
Monitoring meetings
Configure Junos Pulse Collaboration
Collaboration configuration
Meeting options
Pulse Connection

Endpoint Security
Describe the concepts, operation and functionality of endpoint security
TNC architecture
Host Checker
Enhanced Endpoint Security (EES)
Secure Virtual Workspace (SVW)
Cache Cleaner
Enforcement
Configure endpoint security
Host Checker
Enhanced Endpoint Security (EES)
Secure Virtual Workspace (SVW)
Cache Cleaner

Virtualization
Describe the concepts, operation and functionality of virtualization in a Junos Pulse Secure Access Service environment
Concepts and components
Virtual appliances
Virtual Desktop Infrastructure
Configure virtualization
Licensing
Virtual desktops

High Availability
Describe the concepts and requirements for high availability in a Junos Pulse Secure Access Service environment
Clustering
Deployment options and considerations
Licensing
Configure high availability
Clustering configuration
Upgrades

Administration, Management and Troubleshooting
Demonstrate knowledge of how to manage and troubleshoot a Junos Pulse Secure Access Service environment
Configuration file management
Backup and archiving
Logging
System monitoring
Statistics
Policy tracing
Packet capture tools
Connectivity testing tools
Session recording
System snapshot
Client connectivity


QUESTION 1
Which two statements are correct regarding the MAG6611 Junos Pulse Gateway in an
active/active cluster configuration? (Choose two.)

A. Virtual IP (VIP) is available.
B. It supports up to two devices.
C. It supports up to four devices.
D. External load balancing is preferred.

Answer: C,D

Explanation:


QUESTION 2
What is the function of the smart caching setting within a Web caching policy?

A. to send the cache control compress header to the client
B. to remove the cache control headers from the origin server
C. to not modify the cache control header from the origin server
D. to send the appropriate cache control header based on Web content.

Answer: D

Explanation:


QUESTION 3
You have configured RADIUS authentication on the Junos Pulse Secure Access Service. Users
report that their authentication is rejected. The RADIUS administrator reports that the RADIUS
server requires a specific attribute that identifies the Junos Pulse Secure Access Service on the
RADIUS server.
In the Admin UI, which configuration parameter will address this issue?

A. Name
B. NAS-Identifier
C. RADIUS Server
D. Shared Secret

Answer: B

Explanation:


QUESTION 4
What are three benefits that resource profiles provide over resource policies? (Choose three.)

A. Resource profiles provide automatic mapping of users to roles.
B. Resource profiles provide a simplified process for creating bookmarks and resource policies.
C. One profile can be assigned to multiple roles.
D. Resource options can be customized for each profile.
E. Resource profiles provide a simplified process for configuring applications such as VPN
tunneling.

Answer: B,C,D

Explanation:


QUESTION 5
You must deploy VPN tunneling using Network Connect to multiple Microsoft Windows devices.
Due to access restrictions, the users do not have permission to install WSAM.
Which component resolves this issue?

A. Juniper Installer Service
B. Host Checker
C. third-party integrity measurement verifier
D. Windows Secure Application Manager scriptable launcher

Answer: A

Explanation:

Click here to view complete Q&A of JN0-355 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-355 Certification, Cisco JN0-355 Training at certkingdom.com

JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC)

JNCIS-AC Exam Objectives (Exam: JN0-314)

Overview
Identify the concepts, operation, and functionality of Junos Pulse Access Control Service
Junos Pulse Access Control Service components
Component functions and interaction
Identify the components of the access management framework
Interrelationship between realms, roles and policies

Platform Configuration
Demonstrate knowledge how to configure the basic elements of a Junos Pulse Access Control Service environment
Initial Junos Pulse Access Control Service configuration
Choosing the platform (e.g., virtual or physical)
Configure authentication servers
Connectivity verification

Roles
Identify the concepts, operation and functionality of roles
Purpose of roles
Role mapping
Customization of the end-user experience
Demonstrate knowledge of how to configure roles
Roles and role options

End User Access
Identify the Junos Pulse Access Control Service client access options
Junos Pulse
Odyssey Access Client (OAC)
Machine authentication and third party supplicant
Agentless access
Demonstrate knowledge of how to configure Junos Pulse Access Control Service clients
Junos Pulse
Odyssey Access Client (OAC)
Agentless access

Firewall Enforcement

Identify the concepts, operation and functionality of firewall enforcement
Purpose of resource policies
Resource policies for firewall enforcement
User-based firewall policies
Captive portal
Demonstrate knowledge of how to configure firewall enforcement
Junos Pulse Access Control Service configuration
SRX Series device configuration
User-based firewall policies
Captive portal

Layer 2 Enforcement
Identify the concepts, operation and functionality of Layer 2 enforcement techniques
802.1X security
RADIUS (related to 802.1X)
MAC authentication
Multiple supplicant authentication on EX Series devices
Demonstrate knowledge of how to configure Layer 2 enforcement
Junos Pulse Access Control Service configuration
EX Series device configuration
SRX Series device configuration

Endpoint Defense
Identify the concepts, operation and functionality of endpoint defense
Host Checker
Authentication policies and role restrictions
Demonstrate knowledge of how to configure endpoint defense
Host Checker
Authentication policies and role restrictions

Authentication Options

Identify the concepts, operation and functionality of user authentication
Authentication process
Authentication options
Demonstrate knowledge of how to configure authentication
Authentication servers including LDAP, RADIUS, AD/NT, anonymous
Authentication realms

Management and Troubleshooting

Demonstrate knowledge of how to manage and troubleshoot a Junos Pulse Access Control Service environment, including Junos Pulse Access Control Service and SRX Series devices
Logging (e.g., RADIUS logging, policy tracing)
System Monitoring
File Management
Information collection
Component connectivity
End user connectivity and enforcement

High Availability
Identify the concepts and requirements for high availability in a Junos Pulse Access Control Service environment
Clustering
Deployment options and considerations
Demonstrate knowledge of how to configure high availability
Junos Pulse Access Control Service configuration
SRX Series device configuration

Integration
Identify the concepts and requirements for Junos Pulse Access Control Service integration with other components
Integration with IF-MAP client
Integration with STRM
Integration with SRX Series devices
Integration with EX Series devices
Demonstrate knowledge of how to configure integration
IF-MAP federation
Syslog


QUESTION 1
A customer wants to create a custom Junos Pulse configuration. Which two are required?
(Choose two)

A. Connection set
B. Configuration set
C. Custom installer
D. Component set

Answer: A,D

Explanation:


QUESTION 2
What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?

A. Checkpoint firewall
B. SRX Series device
C. DP sensor
D. MX Series device

Answer: B

Explanation:


QUESTION 3
A customer is trying to decide which 802.1X inner protocol to use on their network. The customer
requires that no passwords be sent across the network in plain text, that the protocol be supported
by the Windows native supplicant, and that the protocol supports password changes at Layer 2.
Which protocol would meet the customer’s needs?

A. EAP-TLS
B. EAP-MD5
C. PAP
D. EAP-MSCHAPv2

Answer: D

Explanation:


QUESTION 4
You navigate to “UAC” > “Infranet Enforcer” > “Auth Table Mapping” in the admin GUI. You see
one policy, which is the unmodified, original default policy.
Which statement is true?

A. Dynamic auth table mapping is not enabled.
B. A successful authentication attempt will result in a new authentication table entry, which will be
delivered only to the Junos enforcer protecting the network from which the user has authenticated.
C. To create a static auth table mapping, you must delete the default policy.
D. The default policy applies only to the factory-default role User.

Answer: A

Explanation:


QUESTION 5
You have a Junos Pulse Secure Access Service acting as an IF-MAP client, configured to federate
all user roles to a Junos Pulse Access Control Service acting as an IF-MAP Federation server. A
remote user using Junos Pulse logs in to the Junos Pulse Secure Access Service; the Junos
Pulse Secure Access Service provisions a remote access session for that user.
What happens next?

A. The Junos Pulse Secure Access Service redirects the user to the Junos Pulse Secure Access
Service for authentication
B. The Junos Pulse Access Control Service provisions enforcement points to enable resource
access for that user.
C. The Junos Pulse Secure Access Service publishes user session and role information to the IFMAP
Federation server,
D. The Junos Pulse Secure Access Service provisions enforcement points to enable resource
access for that user.

Answer: C

Explanation:

 

Click here to view complete Q&A of JN0-314 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-314 Certification, Cisco JN0-314 Training at certkingdom.com

JN0-360 Juniper Networks Certified Internet Specialist (JNCIS-SP)

JNCIS-SP Exam Objectives (Exam: JN0-360)

Protocol-Independent Routing
Identify the concepts, operation and functionality of various protocol-independent routing components
Static, aggregate, and generated routes
Martian addresses
Routing instances, including RIB groups
Load balancing
Filter-based forwarding
Demonstrate knowledge of how to configure and monitor various protocol-independent routing components
Static, aggregate, and generated routes
Load balancing
Filter-based forwarding

Open Shortest Path First (OSPF)
Identify the concepts, operation and functionality of OSPF
Link-state database
OSPF packet types
Router ID
Adjacencies and neighbors
Designated router (DR) and backup designated router (BDR)
OSPF area and router types
LSA packet types
Demonstrate knowledge of how to configure, monitor and troubleshoot OSPF
Areas, interfaces and neighbors
Additional basic options
Routing policy application
Troubleshooting tools

Intermediate System to Intermediate System (IS-IS)
Identify the concepts, operation and functionality of IS-IS
Link-state database
IS-IS PDUs
TLVs
Levels and areas
Designated intermediate system (DIS)
Metrics
Demonstrate knowledge of how to configure, monitor and troubleshoot OSPF
Areas, interfaces and neighbors
Additional basic options
Routing policy application
Troubleshooting tools

Border Gateway Protocol (BGP)
Identify the concepts, operation and functionality of BGP
BGP basic operation
BGP message types
Attributes
Route/path selection process
IBGP and EBGP functionality and interaction
Demonstrate knowledge of how to configure and monitor BGP
Groups and peers
Additional basic options
Routing policy application

Layer 2 Bridging and VLANs
Identify the concepts, operation, and functionality of Layer 2 bridging for the Junos OS
Service Provider switching platforms
Bridging elements and terminology
Frame processing
Virtual Switches
Provider bridging (e.g., Q-in-Q tunneling)
Identify the concepts, benefits, and functionality of VLANs
Port modes
Tagging
MVRP
IRB
Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 2 bridging and VLANs
Interfaces and ports
VLANs
MVRP
IRB
Provider bridging

Spanning-Tree Protocols
Identify the concepts, benefits, operation, and functionality of Spanning Tree Protocol and its variants
STP, RSTP, MSTP and VSTP concepts
Port roles and states
BPDUs
Convergence and reconvergence
Spanning-tree security
Demonstrate knowledge of how to configure, monitor and troubleshoot STP and its variants
Spanning-tree protocols – STP, RSTP, MSTP, VSTP
BPDU, loop and root protection

Multiprotocol Label Switching (MPLS) and MPLS VPNs
Identify the concepts, operation, and functionality of MPLS
MPLS terminology
MPLS packet header
End-to-end packet flow and forwarding
Labels and the label information base (LIB)
MPLS and routing tables
RSVP
LDP
Identify the concepts, benefits, operation, and functionality of MPLS VPNs
VPN routing tables
Layer 3 VPN terminology and components
BGP Layer 2 VPN terminology and components
LDP Layer 2 circuit terminology and components
Virtual private LAN service (VPLS) terminology and components
MPLS VPN control plane traffic flow
MPLS VPN data plane traffic flow
Demonstrate knowledge of how to configure and monitor MPLS
MPLS forwarding
RSVP-signaled and LDP-signaled LSPs

IPv6
Identify the concepts, operation and functionality of IPv6
IPv4 vs. IPv6
Address types, notation and format
Address scopes
Autoconfiguration
Tunneling
Demonstrate knowledge of how to configure and monitor IPv6
Interfaces
Static routes
Dynamic routing – OSPFv3, IS-IS, BGP
IPv6 over IPv4 tunneling

Tunnels
Identify the concepts, requirements and functionality of IP tunneling
Tunneling applications and considerations
GRE
IP-IP
Demonstrate knowledge of how to configure and monitor IP tunnels
GRE configuration
IP-IP configuration

High Availability
Identify the concepts, benefits, applications and requirements of high availability
Link aggregation groups (LAG) and multichassis LAGs (MC-LAGs)
Graceful restart (GR)
Graceful Routing Engine switchover (GRES)
Nonstop active routing (NSR)
Nonstsop bridging (NSB)
Bidirectional Forwarding Detection (BFD)
Virtual Router Redundancy Protocol (VRRP)
Unified In-Service Software Upgrade (ISSU)
Ethernet Ring Protection (ERP)
Demonstrate knowledge of how to configure and monitor high availability component
LAG, MC-LAG
Additional basic options
GR, GRES, NSR and NSB
VRRP
ISSU


QUESTION 1
Which two statements are true about MPLS VPNs? (Choose two.)

A. With Layer 3 VPNs, the provider’s routers participate in the customer’s Layer 3 routing.
B. MPLS VPNs are designed to run over private networks rather than the public Internet.
C. With Layer 2 VPNs, the provider does not participate in the routing of the customer’s private IP traffic.
D. MPLS VPN tunnels are always encrypted.

Answer: A,C

Explanation:


QUESTION 2
Which label operation is performed by an MPLS transit router?

A. inject
B. pop
C. push
D. swap

Answer: D

Explanation: http://www.juniper.net/techpubs/software/junos-security/junos-security96/junossecurity-
swconfig-interfaces-and-routing/mpls-ov.html


QUESTION 3
Which Junos platform supports provider bridging?

A. T Series devices
B. SRX Series devices
C. MX Series devices
D. MAG Series devices

Answer: B

Explanation: http://www.juniper.net/techpubs/en_US/junos10.0/information-products/pathway-
pages/mx-series/ethernet-switching-mx-series.html


QUESTION 4
In which environment would you run BGP?

A. a company spread across multiple floors of a building
B. a company with a single office
C. a home network
D. the public Internet

Answer: D

Explanation:


QUESTION 5
For a network running single-area OSPF, how would you decrease the size of the link-state
database (LSDB)?

A. Implement RIP as an overlay protocol on all devices.
B. Add more devices to the OSPF network to help with LSDB processing.
C. Reduce the frequency of hello timers throughout the network.
D. Implement OSPF areas.

Answer: D

Explanation:

Click here to view complete Q&A of JN0-360 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-360 Certification, Cisco JN0-360 Training at certkingdom.com

JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT)

JNCIS-ENT Exam Objectives (Exam: JN0-343 and JN0-346)

Layer 2 Switching and VLANs
Identify the concepts, operation, and functionality of Layer 2 switching for the Junos OS
Enterprise switching platforms
Bridging components
Frame processing
Identify the concepts, benefits, and functionality of VLANs
Ports
Tagging
Native VLANs and voice VLANs
Inter-VLAN routing
Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 2 switching and VLANs
Interfaces and ports
VLANs
Routed VLAN interfaces (RVI)

Spanning Tree
Identify the concepts, benefits, operation, and functionality of the Spanning Tree Protocol
STP and RSTP concepts
Port roles and states
BPDUs
Convergence and reconvergence
Demonstrate knowledge of how to configure and monitor STP and RSTP
STP
RSTP

Layer 2 Security

Identify the concepts, benefits and operation of various protection and security features
BPDU, loop and root protection
Port security, including MAC limiting, DHCP snooping, Dynamic ARP inspection (DAI) and IP source guard
Storm control
Identify the concepts, benefits and operation of Layer 2 firewall filtres
Filter types
Processing order
Match criteria and actions
Demonstrate knowledge of how to configure and monitor Layer 2 security
Protection
Port security
Storm control
Firewall filter configuration and application

Protocol Independent Routing

Identify the concepts, operation and functionality of various protocol-independent routing components
Static, aggregate, and generated routes
Martian addresses
Routing instances, including RIB groups
Load balancing
Filter-based forwarding
Demonstrate knowledge of how to configure and monitor various protocol-independent routing components
Static, aggregate, and generated routes
Load balancing
Filter-based forwarding

Open Shortest Path First (OSPF)
Identify the concepts, operation and functionality of OSPF
Link-state database
OSPF packet types
Router ID
Adjacencies and neighbors
Designated router (DR) and backup designated router (BDR)
OSPF area and router types
LSA packet types
Demonstrate knowledge of how to configure, monitor and troubleshoot OSPF
Areas, interfaces and neighbors
Additional basic options
Routing policy application
Troubleshooting tools
Realms

Intermediate System to Intermediate System (IS-IS)
Identify the concepts, operation and functionality of IS-IS
Link-state database
IS-IS PDUs
TLVs
Adjacencies and neighbors
Levels and areas
Designated intermediate system (DIS)
Metrics
Demonstrate knowledge of how to configure, monitor and troubleshoot IS-IS
Levels, interfaces and adjacencies
Additional basic options
Routing policy application
Troubleshooting tools

Border Gateway Protocol (BGP)
Identify the concepts, operation and functionality of BGP
BGP basic operation
BGP message types
Attributes
Route/path selection process
IBGP and EBGP functionality and interaction
Demonstrate knowledge of how to configure and monitor BGP
Groups and peers
Additional basic options
Routing policy application

Tunnels
Identify the concepts, requirements and functionality of IP tunneling
Tunneling applications and considerations
GRE
IP-IP
Demonstrate knowledge of how to configure and monitor IP tunnels
GRE
IP-IP

High Availability
Identify the concepts, benefits, applications and requirements for high availability in a Junos OS environment
Link aggregation groups (LAG)
Redundant trunk groups (RTG)
Virtual Chassis
Graceful restart (GR)
Graceful Routing Engine switchover (GRES)
Nonstop active routing (NSR)
Nonstop bridging (NSB)
Bidirectional Forwarding Detection (BFD)
Virtual Router Redundancy Protocol (VRRP)
Unified In-Service Software Upgrade (ISSU)
Demonstrate knowledge of how to configure and monitor high availability components
LAG and RTG
Virtual Chassis
GR, GRES, NSR, and NSB
VRRP
ISSU

QUESTION 1
Which statement describes the default Junos OS behavior for OSPF?

A. External LSAs are advertised in a stub area.
B. An ABR does not announce a default route into a stub area.
C. Stub area internal routers generate a default route.
D. Only totally stubby areas need a default route.

Answer: B

Explanation:


QUESTION 2
What are two valid BPDU types? (Choose two.)

A. topology change notification
B. configuration change
C. configuration
D. root bridge

Answer: A,C

Explanation:


QUESTION 3
Which of the following is enabled by default on an EX Series switch?

A. MAC move limiting
B. storm control
C. IP source guard
D. dynamic ARP inspection

Answer: B

Explanation:


QUESTION 4
Which three statements correctly describe the default BGP advertisement behavior in the Junos
OS? (Choose three.)

A. Routes learned through EBGP are advertised to IBGP peers.
B. Routes learned through EBGP are advertised to other EBGP peers.
C. Routes learned through IBGP are advertised to other IBGP peers.
D. Routes learned through IBGP will be advertised to EBGP peers.
E. Routes learned through an IGP are automatically advertised to EBGP peers.

Answer: A,B,D

Explanation:


QUESTION 5
When loop protection is enabled on an interface, what happens when the port stops receiving BPDUs?

A. The port is placed in a loop-inconsistent role.
B. The port is placed into listening mode.
C. The port is transitioned into a forwarding state.
D. The interface is disabled.

Answer: A

Explanation:


QUESTION 6
Which OSPF LSA type is sent by all routers in an area to advertise its connected subnets?

A. router
B. network
C. external
D. summary

Answer: A

Explanation:


QUESTION 7
Which command correctly assigns AS 65432 as the local router’s autonomous system?

A. set protocols bgp local-as 65432
B. set routing-options local-as 65432
C. set protocols bgp autonomous-system 65432
D. set routing-options autonomous-system 65432

Answer: D

Explanation:

Click here to view complete Q&A of JN0-343 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco JN0-343 Certification, Cisco JN0-343 Training at certkingdom.com

JN0-332 Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

JN0-332 NCIS-SEC Exam Objectives

Junos Security Overview
Identify concepts, general features and functionality of Junos OS security
Junos security architecture
Branch vs. high-end platforms
Major hardware components of SRX Series services gateways
Packet flow
Packet-based vs. session-based forwarding

Zones
Identify concepts, benefits and operation of zones
Zone types
Dependencies
Host inbound packet behavior
Transit packet behavior
Demonstrate knowledge of how to configure, monitor and troubleshoot zones
Zone configuration steps
Hierarchy priority (Inheritance)
Monitoring and troubleshooting

Security Policies
Identify the concepts, benefits and operation of security policies
Policy types (default policy)
Policy components
Policy ordering
Host inbound traffic examination
Transit traffic examination
Scheduling
Rematching
ALGs
Address books
Applications
Demonstrate knowledge of how to configure, monitor and troubleshoot security policies
Policies
ALGs
Address books
Custom applications
Monitoring and troubleshooting

Firewall User Authentication
Describe the concepts, benefits and operation of firewall user authentication
User Firewall
User authentication types
Authentication server support
Client groups

Screens
Identify the concepts, benefits and operation of Screens
Attack types and phases
Screen options
Demonstrate knowledge of how to configure, monitor and troubleshoot Screens
Screen configuration steps
Monitoring and troubleshooting

NAT
Identify the concepts, benefits and operation of NAT
NAT types
NAT/PAT processing
Address persistence
NAT proxy ARP
Configuration guidelines
Demonstrate knowledge of how to configure, monitor and troubleshoot NAT
NAT configuration steps
Monitoring and troubleshooting

IPSec VPNs
Identify the concepts, benefits and operation of IPSec VPNs
Secure VPN characteristics and components
IPSec tunnel establishment
IPSec traffic processing
Junos OS IPSec implementation options
Demonstrate knowledge of how to configure, monitor and troubleshoot IPSec VPNs
IPSec VPN configuration steps
Monitoring and troubleshooting

High Availability (HA) Clustering
Identify the concepts, benefits and operation of HA
HA features and characteristics
Deployment requirements and considerations
Chassis cluster characteristics and operation
Cluster modes
Cluster and node IDs
Redundancy groups
Cluster interfaces
Real-time objects
State synchronization
Ethernet switching considerations
IPSec considerations
Manual failover
Demonstrate knowledge of how to configure, monitor and troubleshoot clustering
Cluster preparation
Cluster configuration steps
Monitoring and troubleshooting

Unified Threat Management (UTM)
Identify concepts, general features and functionality of UTM
Packet flow and processing
Design considerations
Policy flow
Platform support
Licensing
Describe the purpose, configuration and operation of antispam filtering
Methods
Whitelists vs. blacklists
Order of operations
Traffic examination
Configuration steps using the CLI
Monitoring and troubleshooting
Describe the purpose, configuration and operation of antivirus protection
Scanning methods
Antivirus flow process
Scanning options and actions
Configuration steps using the CLI
Monitoring and troubleshooting
Describe the concepts, benefits and operation of content and Web filtering
Filtering features and solutions
Configuration steps using the CLI
Monitoring and troubleshooting

QUESTION 1
Which type of Web filtering by default builds a cache of server actions associated with each URL it
has checked?

A. Websense Redirect Web filtering
B. integrated Web filtering
C. local Web filtering
D. enhanced Web filtering

Answer: B

Explanation:


QUESTION 2
Which security or functional zone name has special significance to the Junos OS?

A. self
B. trust
C. untrust
D. junos-global

Answer: D

Explanation:


QUESTION 3
Which command do you use to display the status of an antivirus database update?

A. show security utm anti-virus status
B. show security anti-virus database status
C. show security utm anti-virus database
D. show security utm anti-virus update

Answer: A

Explanation:


QUESTION 4
Which zone is system-defined?

A. security
B. functional
C. junos-global
D. management

Answer: C

Explanation:


QUESTION 5
You want to allow your device to establish OSPF adjacencies with a neighboring device connected
to interface ge-0/0/3.0. Interface ge-0/0/3.0 is a member of the HR zone. Under which
configuration hierarchy must you permit OSPF traffic?

A. [edit security policies from-zone HR to-zone HR]
B. [edit security zones functional-zone management protocols]
C. [edit security zones protocol-zone HR host-inbound-traffic]
D. [edit security zones security-zone HR host-inbound-traffic protocols]

Answer: D

Explanation:

Click here to view complete Q&A of JN0-332 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Juniper JN0-332 Training at certkingdom.com

Juniper kills MobileNext mobile packet product line

Juniper MobileNext was a high-profile competitor to Cisco’s Starent gateway that was designed to enable non-interrupted delivery of high-definition voice and video over 2G/3G and LTE mobile networks

Juniper has killed a high-profile product for the core of mobile operator networks after combining business units to focus on potential growth opportunities.

Juniper has exterminated or what it calls end-of-lifed (EOL) its MobileNext mobile packet core product line, software introduced in 2009 as part of “Project Falcon” for its MX edge routers that was designed to enable non-interrupted delivery of high-definition voice and video to users over 2G/3G and LTE mobile networks. MobileNext was launched at Mobile World Congress in early 2011 to allow Juniper’s MX 3D to function as a broadband gateway, an authentication and management control plane for 2G/3G and LTE mobile packet cores, and as a policy manager for subscriber management systems.

MobileNext was intended to compete with Cisco’s ASR 5000 LTE gateway, obtained from its acquisition of Starent. But the product was struggling to gain traction in the market and was one of a handful of new Juniper products straining company financials as they went through lengthy evaluation cycles with potential customers.

Juniper is killing the entire MobileNext offering, which consists of three products: the Mobile Broadband Gateway; the Mobile Control Gateway; and the Mobile Policy Manager. The company claims, however, that its mobility strategy for the operator core remains intact.
“We have made the decision to end-of-life the MobileNext solution,” a Juniper spokesperson says. “However, our strategy remains unchanged: to virtualize mobile networks and deliver innovation through our existing portfolio of backhaul, security, routing and edge services with products such as the MX Series 3D Universal Edge Routers, SRX Series Services Gateways and JunosV App Engine software virtualization platform. We will continue to work with our partners to deliver best-in-class solutions that help customers improve network economics and accelerate delivery of new mobile services.”

Juniper will now address mobile packet core requirements through software-defined network (SDN) and network functions virtualization (NFV) capabilities, according to an internal memo authored by Daniel Hua, senior vice president of Juniper’s Routing Business Unit, and obtained by Network World.

“Despite our decision to EOL MobileNext we remain committed to executing on all existing commitments to our customers and to the mobility space longer term. We believe we can meet the needs of our customers by providing the underlying virtualized mobile infrastructure (routing, switching, SDN and NFV to enable customers to make this transition as well as offer specific virtualized network functions.”

Indeed, Juniper earlier this year announced a virtualized, SDN version of the Mobile Control Gateway based on the JunosV App Engine, which is shipping now on the MX router.

MobileNext’s demise comes as Juniper merges its Edge Services Business Unit into its Routing Business Unit. Hua explains the rationale for this in his memo:

“The compelling reason driving this organization alignment is to increase synergy and focus under the umbrella of a single routing business unit. We believe this step will ensure close alignment of our embedded and virtual services with our market-leading MX and PTX platforms. Many of the network edge services were originally developed as extensions of the Junos OS within RBU. We are realigning these services back to its original function allowing us to strengthen and further innovate in the areas of our Access, Edge, and Core offerings through tighter integration of network services.”

Sources say Juniper is also scaling down development of its Junos Content video and media delivery product line, formerly known as Media Flow and obtained from the $100 million acquisition of Ankeena Networks in 2010. Junos Content is designed to optimize mobile and fixed networks for efficient video and media delivery to smartphones and other mobile devices.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com

Microsoft, Juniper, others in coding consortium issue guidelines for safer applications

An industry consortium dedicated to assuring the security of software has issued guidelines to lower the risk that vulnerabilities that could be exploited by attackers will wind up in finished code.

In particular, the Software Assurance Forum for Excellence in Code (SAFECode) is addressing how to prevent vulnerabilities that may worm their way in during the Agile software development process.

MORE: SAP designs facility for ‘agile’ cloud application development

RELATED: ‘Rugged Manifesto’ promotes secure coding

Cisco CCNA Training, Cisco CCNA Certification

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 
Agile is a framework for incremental software development by teams that work together in stages called sprints to develop the first iteration of code then revisit it regularly to refine the product based on new requirements and input from users.

SAFECode’s new paper, “Practical Security Stories and Security Tasks for Agile Development Environments,” presents Agile teams with a list of specific goals they may be trying to achieve at the outset and tasks necessary to achieve each one.

These tasks are refined at the end of each sprint in preparation for the next one, but they set Agile teams on a path that will lead to a safer end product, says Edward Bonver, a principal senior software engineer at Symantec who participates in SAFECode. The organization is made up of some major vendors: Adobe, EMC, Juniper, Microsoft, Nokia, SAP, Siemens and Symantec.

The paper lays down 36 goals Agile teams may wish to pursue while working on software products and is meant to supplement an earlier best practices paper written by the group. These goals are gleaned from the experiences of coding teams within SAFECode’s members as effective ways to approach Agile coding.

Called stories, these specific goals are written in plain language and from a particular perspective. For example, one story reads: “As a(n) architect/developer, I want to ensure AND as [quality assurance], I want to verify that cross-site scripting attacks are prevented.”

The story is accompanied by a set of tasks to accomplish this goal, each one marked with the category of team members who should work on each task. One task associated with the story in the example above is directed toward developers and testers and reads: “[D/T] When generating dynamic web pages, filter the input for any browser-executable content that is not intended (for example, from user-originated fields in a database). Consider all forms of input of content that might eventually be presented to and consumed by a browser, like events generated outside the system, log messages, arguments in a URL, form field values, etc. Perform this filtering at server-side, close to use.”

Depending on how much is accomplished toward that goal after the first sprint, it may remain as a task for the next one or be refined to address new issues that crop up. The task list is meant to guide Agile teams toward accomplishing goals that will lower risk of vulnerabilities, but not by setting down a rigid set of steps that may not be applicable to all projects.

“Incorporating security in Agile was a challenge,” for SAFECode member companies, Bonver says. “They decided to share their experiences, what they had success doing.”

Cisco CCNA Training, Cisco CCNA Certification

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com