JNCIP-ENT Exam Objectives (Exam: JN0-643 and JN0-646)

OSPF
Describe the concepts, operation and functionality of OSPFv2 and OSPFv3
OSPF LSA types
OSPF area types and operations
LSA flooding through an OSPF multi-area network
DR/BDR operation
SPF algorithm
Metrics, including external metric types
Authentication options
Route summarization and restriction
Overload
Virtual links
OSPFv2 vs OSPFv3
Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
Implement OSPF routing policy

BGP
Describe the concepts, operation and functionality of BGP
BGP route selection process
Next hop resolution
BGP attributes – concept and operation
BGP communities
Regular expressions
Load balancing – multipath, multihop, forwarding table
NLRI families – inet, inet6
Advanced BGP options
Given a scenario, demonstrate knowledge of how to configure and monitor BGP
Implement BGP routing policy

IP Multicast
Describe the concepts, operation and functionality of IP multicast
Components of IP multicast, including multicast addressing
IP multicast traffic flow
Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
RPF – concept and operation
IGMP, IGMP snooping
PIM dense-mode and sparse-mode
Rendezvous point (RP) – concept, operation, discovery, election
SSM – requirements, benefits, address ranges
Anycast RP
MSDP
Routing policy and scoping
Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM and PIM-SM (including SSM)
Implement IP multicast routing policy

Ethernet Switching and Spanning Tree
Describe the concepts, operation and functionality of advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Given a scenario, demonstrate knowledge of how to configure and monitor advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Describe the concepts, operation and functionality of advanced spanning tree protocols, including MSTP and VSTP
Given a scenario, demonstrate knowledge of how to configure and monitor MSTP and VSTP

Layer 2 Authentication and Access Control
Describe the operation of various Layer 2 authentication and access control features
Authentication process flow
802.1x – concepts and functionality
MAC RADIUS
Captive portal
Server fail fallback
Guest VLAN
Considerations when using multiple authentication/access control methods
Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

IP Telephony Features
Describe the concepts, operation and functionality of features that facilitate IP telephony deployments
Power over Ethernet (PoE)
LLDP and LLDP-MED
Voice VLAN
Given a scenario, demonstrated how to configure and monitor features used to support IP Telephony

Class of Service (CoS)
Describe the concepts, operation and functionality of Junos CoS for Layer 2/3 networks
CoS processing on Junos devices
CoS header fields
Forwarding classes
Classification
Packet loss priority
Policers
Schedulers
Drop profiles
Shaping
Rewrite rules
Given a scenario, demonstrate knowledge of how to configure and monitor CoS for Layer 2/3 networks

Click here to view complete Q&A of JN0-646 exam
Certkingdom Review

Best Cisco JN0-646 Certification, Cisco JN0-646 Training at certkingdom.com

JNCIS-ENT Exam Objectives (Exam: JN0-343 and JN0-346)

Layer 2 Switching and VLANs
Identify the concepts, operation, and functionality of Layer 2 switching for the Junos OS
Enterprise switching platforms
Bridging components
Frame processing
Identify the concepts, benefits, and functionality of VLANs
Ports
Tagging
Native VLANs and voice VLANs
Inter-VLAN routing
Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 2 switching and VLANs
Interfaces and ports
VLANs
Routed VLAN interfaces (RVI)

Spanning Tree
Identify the concepts, benefits, operation, and functionality of the Spanning Tree Protocol
STP and RSTP concepts
Port roles and states
BPDUs
Convergence and reconvergence
Demonstrate knowledge of how to configure and monitor STP and RSTP
STP
RSTP

Layer 2 Security
Identify the concepts, benefits and operation of various protection and security features
BPDU, loop and root protection
Port security, including MAC limiting, DHCP snooping, Dynamic ARP inspection (DAI) and IP source guard
Storm control
Identify the concepts, benefits and operation of Layer 2 firewall filtres
Filter types
Processing order
Match criteria and actions
Demonstrate knowledge of how to configure and monitor Layer 2 security
Protection
Port security
Storm control
Firewall filter configuration and application

Protocol Independent Routing
Identify the concepts, operation and functionality of various protocol-independent routing components
Static, aggregate, and generated routes
Martian addresses
Routing instances, including RIB groups
Load balancing
Filter-based forwarding
Demonstrate knowledge of how to configure and monitor various protocol-independent routing components
Static, aggregate, and generated routes
Load balancing
Filter-based forwarding

Open Shortest Path First (OSPF)
Identify the concepts, operation and functionality of OSPF
Link-state database
OSPF packet types
Router ID
Adjacencies and neighbors
Designated router (DR) and backup designated router (BDR)
OSPF area and router types
LSA packet types
Demonstrate knowledge of how to configure, monitor and troubleshoot OSPF
Areas, interfaces and neighbors
Additional basic options
Routing policy application
Troubleshooting tools
Realms

Intermediate System to Intermediate System (IS-IS)
Identify the concepts, operation and functionality of IS-IS
Link-state database
IS-IS PDUs
TLVs
Adjacencies and neighbors
Levels and areas
Designated intermediate system (DIS)
Metrics
Demonstrate knowledge of how to configure, monitor and troubleshoot IS-IS
Levels, interfaces and adjacencies
Additional basic options
Routing policy application
Troubleshooting tools

Border Gateway Protocol (BGP)
Identify the concepts, operation and functionality of BGP
BGP basic operation
BGP message types
Attributes
Route/path selection process
IBGP and EBGP functionality and interaction
Demonstrate knowledge of how to configure and monitor BGP
Groups and peers
Additional basic options
Routing policy application

Tunnels
Identify the concepts, requirements and functionality of IP tunneling
Tunneling applications and considerations
GRE
IP-IP
Demonstrate knowledge of how to configure and monitor IP tunnels
GRE
IP-IP

High Availability
Identify the concepts, benefits, applications and requirements for high availability in a Junos OS environment
Link aggregation groups (LAG)
Redundant trunk groups (RTG)
Virtual Chassis
Graceful restart (GR)
Graceful Routing Engine switchover (GRES)
Nonstop active routing (NSR)
Nonstop bridging (NSB)
Bidirectional Forwarding Detection (BFD)
Virtual Router Redundancy Protocol (VRRP)
Unified In-Service Software Upgrade (ISSU)
Demonstrate knowledge of how to configure and monitor high availability components
LAG and RTG
Virtual Chassis
GR, GRES, NSR, and NSB
VRRP
ISSU

QUESTION: No: 1
Which two statements about RSTP are correct? (Choose two.)

A. RSTP is not backwards compatible with STP.
B. RSTP is backwards compatible with STP.
C. RSTP permits multiple root bridges within a Layer 2 domain.
D. RSTP permits only a single root bridge within a Layer 2 domain.

Answer: Click Here to view answers

QUESTION: No: 2
Which two port security features are dependent on the DHCP snooping database? (Choose two.)

A. MAC limiting
B. dynamic ARP inspection
C. IP source guard
D. storm control

Answer: Click Here to view answers

Explanation: B: Dynamic ARP inspection (DAI) prevents Address Resolution Protocol (ARP) spoofing

QUESTION: No: 3
How many bytes of overhead does an IP-IP tunnel add to a packet?

A. 24 bytes
B. 28 bytes
C. 20 bytes
D. 14 bytes

Answer: Click Here to view answers

Explanation: Difference Between GRE and IP-IP Tunnel. Generic Routing Encapsulation (GRE) and

Click here to view complete Q&A of JN0-346 exam
Certkingdom Review

Best Cisco JN0-346 Certification, Cisco JN0-346 Training at certkingdom.com

Junos Troubleshooting Exam Objectives (Exam: JN0-691)

Troubleshooting Methodology
Identify the elements to build a framework for approaching troubleshooting Junos devices
General troubleshooting methodology
Broad troubleshooting steps
Identify tools that can be used to troubleshoot Junos devices
CLI
Craft interface
Logging
Traceoptions
Real-time monitoring
Core files
Port mirroring
Identify tools that can be used for device and network monitoring
SNMP
RMON
Sampling

Chassis Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot chassis-related components of Junos devices
Chassis
RE and PFE components
Fans and power supplies
System
Storage and file system
Boot media and start-up sequence
System software
Backups
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the chassis and core system components of Junos devices
show commands
Logging

Control Plane Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot the control plane of Junos devices
System processes
User processes
ARP
RIB/FIB
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the control plane of Junos devices
show commands
clear commands
monitor commands
Logging
Traceoptions

Data Plane Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot the data plane of Junos devices
PFE issues
Ethernet interfaces
MTU issues
Link flapping
Forwarding table issues
PFE load balancing
Local vs. transit traffic
Firewall filters and policers
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the data plane of Junos devices
request commands
show commands
monitor commands
clear commands
Loopback testing

Layer 2 and Layer 3 Protocol Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot Layer 3 protocols on Junos devices
Routing table information
Routing loops
OSPF neighbors
OSPF adjacencies
BGP peering and peer groups
BGP neighbor states
Identify the concepts, tools and features used to monitor and troubleshoot Layer 2 protocols on Junos devices
VLAN’s
bridging concepts
xSTP protocols
switching table
Given a scenario, demonstrate knowledge of how to perform basic monitoring and troubleshooting of Layer 3 protocols on Junos devices
show commands
clear commands
Traceoptions
Given a scenario, demonstrate knowledge of how to perform basic monitoring and troubleshooting of Layer 2 protocols on Junos devices
show commands
clear commands
Traceoptions

High Availability (HA) Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot HA components for Junos devices
Graceful Routing Engine switchover (GRES)
Graceful restart (GR)
Nonstop active routing/bridging
Virtual router redundancy protocol (VRRP)
Link aggregation groups (LAG)
Unified in-service software upgrade (ISSU)
Given a scenario, demonstrate knowledge of how to perform monitoring and troubleshooting of HA features on Junos devices
monitor commands
show commands
request commands
QUESTION 2
Click the Exhibit button.
Which command removes only the ARP entries associated with the ge-0/0/0.0 interface?

A. clear arp | match ge-0/0/0.0
B. clear arp hostname”10.200.14.130|10.210.14.139|10.210.14.190″
C. C.clear arp | except “ge-0/0/3|ge-0/0/4.104|ge-0/0/5.105”
D. clear arp interface ge-0/0/0

Answer: A

QUESTION 3
Which two statements are true about the Junos chassis daemon? (Choose two.)

A. You can parse the chassis daemon log to view the details and time lines for hardware events that have occurred.
B. Theshow log dcdcommand allows you to view chassis related events.
C. You cannot parse the chassis daemon log to view the details andtimelines for hardware events that have occurred.
D. Theshow log chassisdcommand allows you to view chassis related events.

Answer: A,D

QUESTION 4
What are three categories of core files on a Junos device? (Choose three.)

A. PFE
B. Process
C. FPC
D. Kernel
E. PIC

Answer: B,D,E

QUESTION 5
You must verify end-to-end connectivity within your network.
Which two troubleshooting tools meet this objective? (Choose two.)

A. ping
B. SNMP
C. traceroute
D. RMON

Answer: A,C

Click here to view complete Q&A of JN0-691 exam
Certkingdom Review

Best Cisco JN0-691 Certification, Cisco JN0-691 Training at certkingdom.com

Junos Troubleshooting Exam Objectives (Exam: JN0-691)

Troubleshooting Methodology
Identify the elements to build a framework for approaching troubleshooting Junos devices
General troubleshooting methodology
Broad troubleshooting steps
Identify tools that can be used to troubleshoot Junos devices
CLI
Craft interface
Logging
Traceoptions
Real-time monitoring
Core files
Port mirroring
Identify tools that can be used for device and network monitoring
SNMP
RMON
Sampling

Chassis Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot chassis-related components of Junos devices
Chassis
RE and PFE components
Fans and power supplies
System
Storage and file system
Boot media and start-up sequence
System software
Backups
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the chassis and core system components of Junos devices
show commands
Logging

Control Plane Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot the control plane of Junos devices
System processes
User processes
ARP
RIB/FIB
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the control plane of Junos devices
show commands
clear commands
monitor commands
Logging
Traceoptions

Data Plane Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot the data plane of Junos devices
PFE issues
Ethernet interfaces
MTU issues
Link flapping
Forwarding table issues
PFE load balancing
Local vs. transit traffic
Firewall filters and policers
Given a scenario, demonstrate knowledge of how to monitor and troubleshoot the data plane of Junos devices
request commands
show commands
monitor commands
clear commands
Loopback testing

Layer 2 and Layer 3 Protocol Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot Layer 3 protocols on Junos devices
Routing table information
Routing loops
OSPF neighbors
OSPF adjacencies
BGP peering and peer groups
BGP neighbor states
Identify the concepts, tools and features used to monitor and troubleshoot Layer 2 protocols on Junos devices
VLAN’s
bridging concepts
xSTP protocols
switching table
Given a scenario, demonstrate knowledge of how to perform basic monitoring and troubleshooting of Layer 3 protocols on Junos devices
show commands
clear commands
Traceoptions
Given a scenario, demonstrate knowledge of how to perform basic monitoring and troubleshooting of Layer 2 protocols on Junos devices
show commands
clear commands
Traceoptions

High Availability (HA) Monitoring and Troubleshooting
Identify the concepts, tools and features used to monitor and troubleshoot HA components for Junos devices
Graceful Routing Engine switchover (GRES)
Graceful restart (GR)
Nonstop active routing/bridging
Virtual router redundancy protocol (VRRP)
Link aggregation groups (LAG)
Unified in-service software upgrade (ISSU)
Given a scenario, demonstrate knowledge of how to perform monitoring and troubleshooting of HA features on Junos devices
monitor commands
show commands
request commands

QUESTION 1
Which CLI command is used to restart a software process?

A. restart
B. reboot
C. commit
D. reload

Answer: A

Explanation: To restart a process one have to use restart <process name>, reboot is not even a
valid command.
Possible completions:
restart Restart software process

QUESTION 2
Which CLI command applies the candidate configuration to the active configuration?

A. load
B. merge
C. copy run start
D. commit

Answer: D

Explanation: Copy run start is a Cisco specific command and is nowhere to be found in Junos.
>commit Commit current set of changes

QUESTION 3
Which operational CLI command would you use to troubleshoot hardware-related problems?

A. show system
B. show chassis
C. show route
D. show cli

Answer: B

Explanation: Show route will only show you routing, show chassis will show you hardware related
information.
>show chassis ?
Possible completions:
alarms Show alarm status
cluster Show chassis cluster information
craft-interface Show craft interface status
environment Show component status and temperature, cooling system speeds
fan Show fan and fan tray information
firmware Show firmware and operating system version for components
forwarding Show forwarding process (fwdd) status
fpc Show Flexible PIC Concentrator status
hardware Show installed hardware components
location Show physical location of chassis
mac-addresses Show media access control addresses
pic Show Physical Interface Card state, type, and uptime
routing-engine Show Routing Engine status
temperature-thresholds Show chassis temperature threshold settings
usb Show chassis USB status

QUESTION 4
In the Junos OS, which type of file dumps the program’s environment in the form of memory
pointers, instructions, and register data to a file in the event of a panic or other serious
malfunction?

A. log file
B. backup file
C. configuration file
D. core file

Answer: D

Explanation: Junos will under a panic create a core-dump file, definitely not a backup file.
> show system core-dumps
/var/crash/*core*: No such file or directory
/var/tmp/*core*: No such file or directory
/var/tmp/pics/*core*: No such file or directory
/var/crash/kernel.*: No such file or directory
/tftpboot/corefiles/*core*: No such file or directory

QUESTION 5
Which operational CLI command would you use to display information about the system and
software processes?

A. show system
B. show chassis
C. show route
D. show cli

Answer: A

Explanation: Show route will only show you routing, show system will show you software related
information:
>show system ?
Possible completions:
alarms Show system alarm status
audit Show file system MD5 hash and permissions
auto-snapshot Show auto-snapshot status when system booted from alternate slice
autoinstallation Show autoinstallation information
autorecovery Show autorecovery information
boot-messages Show boot time messages
buffers Show buffer statistics
certificate Show installed X509 certificates
commit Show pending commit requests (if any) and commit history
configuration Show configuration information
connections Show system connection activity
core-dumps Show system core files
directory-usage Show local directory information
download Show status of downloads
firmware Show all firmware version information
health Show online diagnostic status
license Show feature licenses information
login Show system login state
memory Show system memory usage
processes Show system process table
queues Show queue statistics
reboot Show any pending halt or reboot requests
resource-cleanup Show resource cleanup information
rollback Show rolled back configuration
services Show service applications information
snapshot Show snapshot information
software Show loaded JUNOS extensions
statistics Show statistics for protocol
storage Show local storage data
threads Show system threads table
uptime Show time since system and processes started
users Show users who are currently logged in
virtual-memory Show kernel dynamic memory usage

Click here to view complete Q&A of JN0-690 exam
Certkingdom Review

Best Cisco JN0-690 Certification, Cisco JN0-690 Training at certkingdom.com

JNCSP-ENT Exam Objectives (Exam: JN0-694)

IGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot OSPFv2 and OSPFv3 issues on Junos devices
Routing issues
Neighbor/adjacency issues
Configuration issues

BGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot BGP issues on Junos devices
Peering issues
Routing issues
Next hop resolution issues
Configuration issues

Routing Policy Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot routing policy issues on Junos devices
Forwarding table policy issues
Routing instance issues
IGP policy issues
BGP policy issues
Configuration issues

Layer 2 Switching Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Spanning Tree issues on Junos devices
STP
RSTP
MSTP
VSTP
Configuration issues
Given a scenario, demonstrate knowledge of how to troubleshoot other Layer 2 switching and High Availability issues on Junos devices
VLAN issues
Q-in-Q tunneling and L2PT issues
Layer 2 port security issues
Authentication and access control issues
Virtual chassis
Configuration issues

Multicast Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot multicast issues on Junos devices
RP issues
SPT issues
PIM issues
IGMP issues
Configuration issues

Class of Service (CoS) Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot CoS issues
Classification and rewrite issues
Policer issues
Queuing/scheduling issues
Packet drop issues
Configuration issues

QUESTION 1
You are implementing Q-in-Q tunneling on an EX Series switch. You want the tunnel to support all
C-VLANs; however, only some VLANs are able to send traffic across the tunnel. Switch-1 has the
following configuration:
[edit vlans]
user@Switch-1# show
v100 {
vlan-id 100;
interface {
ge-0/0/0.10;
ge-0/0/1.20;
}
dot1q-tunneling {
customer-vlans [ ];
}
}
What would solve this problem?

A. Add family ethernet-switching to the tunnel-side interface on Switch-1.
B. Implement RSTP.
C. Q-in-Q tunneling will not work in this scenario; use a Layer 2 VPN instead.
D. Remove the customer-vlans statement.

Answer: C

Explanation:

QUESTION 2
You are troubleshooting a problem where an OSPF adjacency between two neighboring routers will not form.
What are two reasons for this problem? (Choose two.)

A. One or both of the connected interfaces are missing the family inet statement.
B. One or both of the connected interfaces are missing the family iso statement.
C. The connected interfaces are not on the same subnet.
D. Another IGP is running on one or both of the routers, overriding OSPF.

Answer: B,D

Explanation:

QUESTION 3
Your Junos device is dropping certain traffic flows, while allowing other traffic flows to pass through the device unaffected.
Which CoS component is causing this problem?

A. BA classification
B. RED
C. MF classification
D. Rewrite rules

Answer: D

Explanation:

QUESTION 4
Two neighboring routers are able to form an OSPF adjacency, but are not able to establish an IBGP neighborship.
What are two reasons for the IBGP neighborship problem? (Choose two.)

A. One of the devices has a misconfigured BGP peer address.
B. One or both of the connected interfaces are missing the family iso statement.
C. OSPF has a lower route preference than BGP.
D. A firewall filter on one of the interfaces is blocking TCP traffic.

Answer: B,C

Explanation:

Click here to view complete Q&A of JN0-694 exam
Certkingdom Review

Best Cisco JN0-694 Certification, Cisco JN0-694 Training at certkingdom.com

JNCSP-SP Exam Objectives (Exam: JN0-692)

IGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot OSPF, OSPFv3 and IS-IS issues on Junos devices
Routing issues
Neighbor/adjacency issues
Configuration issues

BGP Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot BGP issues on Junos devices
Peering issues
Routing issues
Next hop resolution issues
Route reflectors and confederations
Configuration issues

Routing Policy Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot routing policy issues on Junos devices
Forwarding table policy issues
IGP policy issues
BGP policy issues
MPLS policy issues
Configuration issues

MPLS and MPLS VPNs Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot MPLS and MPLS VPN issues on Junos devices
MPLS signaling plane issues
MPLS forwarding plane issues
Layer 3 VPN signaling plane issues
Layer 3 VPN forwarding plane issues
Layer 2 VPN signaling plane issues
Layer 2 VPN forwarding plane issues
VPLS signaling plane issues
VPLS forwarding plane issues
EVPNs
Configuration issues

Multicast Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot multicast issues on Junos devices
RP issues
SPT issues
PIM issues
NG M-VPNs
Configuration issues

Class of Service (CoS) Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot CoS issues
Classification and rewrite issues
Policer issues
Queuing/scheduling issues
Packet drop issues
Configuration issues

QUESTION 1
Which two statements are true about the OSPF 2-Way state? (Choose two.)

A. It is the normal state for neighbors that are the DR and BDR.
B. It is the normal state for two neighbors that are neither the DR nor BDR.
C. It indicates that a device cannot accept any more full adjacencies.
D. It indicates that communication between two neighbors is bidirectional.

Answer: B,D

Explanation:

QUESTION 2
What is the primary mechanism that prevents BGP routing loops?

A. SPF tree
B. routing policy
C. the underlying IGP’s loop prevention mechanism
D. AS path

Answer: D

Explanation:

QUESTION 3
What are two types of valid BGP messages? (Choose two.)

A. Open
B. Notification
C. Hello
D. Request

Answer: A,B

Explanation:

QUESTION 4
Your network is configured with a full mesh of MPLS LSPs between all devices. However, when
you enter the show route table inet.2 command on any device, no LSP routing information is
displayed.
Which statement explains why this is occurring?

A. The inet.2 table does not contain LSP routing information.
B. IGP routes have a better route preference, causing the LSPs to be hidden.
C. Advanced super-user permissions are required to access the inet.2 table.
D. A filter is applied that is preventing the LSPs from being installed in the inet.2 table.

Answer: A

Explanation:

QUESTION 5
You are experiencing packet drops in your network.
Which two CoS components would be responsible? (Choose two.)

A. policing
B. RED
C. classification
D. rewriting

Answer: A,B

Explanation:

Click here to view complete Q&A of JN0-692 exam
Certkingdom Review

Best Cisco JN0-692 Certification, Cisco JN0-692 Training at certkingdom.com

JNCIS-FWV Exam Objectives (Exam: JN0-533)

System Setup and Initial Configuration
Identify the concepts and components of ScreenOS software
Security architecture components
Packet flow and decision process
IPv6 packet handling
ScreenOS firewall/VPN product lines
System components
Demonstrate knowledge of how to configure basic elements of ScreenOS software
Interfaces
Zones
Management access and services
User accounts and authentication
Administrative lockout options
DNS configuration
NTP configuration
Describe how to configure and monitor interfaces
VLANs, aggregated Ethernet
Management interface
Bridge Group
Tunnel interfaces
Loopback interface
Interface modes
Redundant Ethernet
Identify the concepts and functionality of virtual systems (vsys)
vsys interfaces and zones
Inter-vsys routing
Profiles
CPU resource management

Layer 3 Operations
Identify the concepts and functionality of Layer 3 operations (IPv4 and IPv6)
Routing lookup flow
Virtual routers
Static and default routing
Dynamic routing – RIP, OSPF, BGP
Considerations for routing over VPNs
Route optimization and aggregation
Route redistribution; access lists and route maps
Source-based vs. policy-based routing
IPv6 modes
Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 3 operations (IPv4 and IPv6)
Zones
Interfaces
IP addressing
Virtual router
Static/default routes, including floating static routes
RIP
OSPF
BGP
Redistribution
Access lists and route maps
Source-based and policy-based routing
Layer 3 verification
Layer 3 troubleshooting – get vrouter, debug, flow filter, session table

Security Policies
Identify the concepts and functionality of security policies
Zones and policies
Policy components
Policy options
Policy ordering
Policy scheduling
Global policies
Multicell policies
Address books
Policing and guaranteed bandwidth
Services
Demonstrate knowledge of how to configure, monitor and troubleshoot security policies
Address books and address groups
Services and service groups
Policy verification
Policy troubleshooting – debug, get session

NAT
Identify the concepts and functionality of NAT
Interface-based vs. policy-based NAT
NAT type usage
Source NAT (NAT-src)
Dynamic IP addresses (DIP)
Destination NAT (NAT-dst)
Virtual IP addresses (VIP)
Mapped IP addresses (MIP)
Precedence
Demonstrate knowledge of how to configure, monitor and troubleshoot NAT
Policy-based NAT
Dynamic IP addresses (DIP)
Reachability/Routing
VIP and MIP
NAT verification
NAT troubleshooting – debug, get session, and traffic logs

IPsec VPNs
Identify the concepts and functionality of IPsec VPNs
Secure VPN characteristics and components
Encapsulating Security Payload (ESP)
Authentication Header (AH)
IPsec tunnel establishment – Internet Key Exchange (IKE)
Hub-and-spoke IPsec VPNs
Policy-based vs. route-based IPsec VPNs
Next-hop tunnel binding (NHTB)
Next Hop Resolution Protocol (NHRP)
Fixed vs. dynamic peers
Tunnel interfaces
Preshared keys
VPN Monitor
Demonstrate knowledge of how to configure, monitor and troubleshoot IPsec VPNs
Interfaces
Objects
IKE
Policy
Routing
VPN Monitor
IPsec VPN verification
IPsec VPN troubleshooting – system/event log, debug, get ike, get sa

High Availability
Identify the concepts and requirements for high availability (HA) in a ScreenOS firewall/VPN environment
NetScreen Redundancy Protocol (NSRP) characteristics
NSRP modes; usage guidelines
Links, ports and zones
Virtual security device (VSD), virtual security interfaces (VSI) and VSD groups
VSD states
Run-time objects (RTOs)
HA probes
Failover tuning
IP tracking
Virtual Router Redundancy Protocol (VRRP)
Redundant interfaces
Links between the firewalls
Redundant VPN gateways
Demonstrate knowledge of how to configure, monitor and troubleshoot HA
HA link
Cluster settings
Interfaces
VSD settings
RTO synchronization
Tracking and monitoring
Redundant interface
HA verification
HA monitoring for VPNs – IKE heartbeats, dead peer detection
HA troubleshooting – debug, get interface, get nsrp stats

Attack Prevention
Describe the purpose, configuration and operation of Screens
Attack types and phases
Screen options
Best practices
Configuration, verification and troubleshooting
Describe the purpose, configuration and operation of deep inspection (DI)
Attack object database
Custom attack objects
Signature database update methods
DI policies and actions
Licensing
Configuration, verification and troubleshooting
Describe the purpose, configuration and operation of Unified Threat Management (UTM)
Antispam profiles
Actions
Spam block list (SBL)
Antivirus scanning methods and options
Antivirus flow process
Licensing
Web filtering features and solutions
Data flow
Search order
White lists, black lists and categories
Configuration, verification and troubleshooting

System Administration, Management and Monitoring
Demonstrate knowledge of how to manage and monitor a ScreenOS firewall/VPN environment
File management
Password recovery
Licensing
Logs
Syslog
SNMP
Alarms
Counters

QUESTION 1
Which ScreenOS security feature helps protect against port scans and denial of service attacks?

A. session-based stateful firewall
B. IPsec VPNs
C. security policies
D. Screen options

Answer: B

Explanation:

QUESTION 2
What is the initial default username and password for all ScreenOS devices?

A. administrator/password
B. root/password
C. netscreen/netscreen
D. admin/netscreen1

Answer: D

Explanation:

QUESTION 3
What is a virtual system?

A. a mechanism to logically partition a single ScreenOS device into multiple logical devices
B. a collection of subnets and interfaces sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks

Answer: C

Explanation:

QUESTION 4
What is a zone?

A. a set of rules that controls traffic from a specified source to a specified destination using a
specified service
B. a collection of subnets and interfaces sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks

Answer: C

Explanation:

QUESTION 5
What is the function of NAT?

A. It performs Layer 3 routing.
B. It evaluates and redirects matching traffic into secure tunnels.
C. It provides translation between IP addresses.
D. It performs Layer 2 switching.

Answer: B

Explanation:

Click here to view complete Q&A of JN0-533 exam
Certkingdom Review

Best Cisco JN0-533 Certification, Cisco JN0-533 Training at certkingdom.com

JNCDS-DC Exam Objectives (Exam: JN0-1300)

Data Center Considerations
Describe the concepts of Data Center Design
Physical considerations including placement, cabling, power, heating and cooling
Access switch placement
Traditional multi-tiered design
Data Center monitoring
Data Center Support and Serviceability

Ethernet Fabric Architectures
Describe the design consideration of Data Center Ethernet Fabric Architectures
Virtual Chassis
Virtual Chassis Fabric
Qfabric
Fusion

IP Fabric Architecture
Describe the design considerations of a Data Center IP Fabric
Clos Layer 3 overlay networking
Clos Layer 3 control plane options
Clos Layer 3 BGP design

Data Center Interconnect
Describe the design considerations for interconnecting Data Centers
CCC
Layer 3 VPNs
Pseudowire connections
VPLS
EVPN
VXLAN

Data Center Security
Describe the design consideration for securing the Data Center
Micro-perimeterization
Micro-segmentation
Virtual routers
Firewalls
Security automation
Device sprawl
Data classification
Risk management

Virtualization in the Data Center
Describe the design considerations for virtualization in the Data Center
NFV
ETSI standards
Virtualization security
SDN

Traffic Engineering in the Data Center
Describe the design considerations for traffic shaping in the Data Center
QoS
CoS
DCBX

High Availability in the Data Center
Describe the design considerations for high availability in the data center
Business continuity
Device-level high availability features
Intra-DC high availability
Inter-DC high availability
QUESTION 1
What are two valid types of software-defined networking architectures? (Choose two.)

A. hardware-based
B. controller-based
C. policy-based
D. actuation-based

Answer: B,C

Explanation:

QUESTION 2
Your customer wants to implement better quality of service for multiple mission critical
applications.
How many bits of the Differentiated Services (DiffServ) field of a packet would be used as codepoints
to achieve this goal?

A. eight
B. two
C. six
D. ten

Answer: C

Explanation:

QUESTION 3
The Junos Fusion architecture is comprised of which two components? (Choose two.)

A. interconnect devices
B. satellite devices
C. node devices
D. aggregation devices

Answer: B,D

Explanation:
The Junos Fusion architecture consists of two major components: “Aggregation” devices and
“Satellite” devices, which Juniper also calls Linux Forwarding Engines (LFEs). These components
work together as a single switching system,flattening the network to a single tier without
compromising resiliency.
Reference: https://www.juniper.net/assets/us/en/local/pdf/whitepapers/2000610-en.pdf

QUESTION 4
Which control plane protocol does EVPN use for MAC address mobility?

A. VPLS
B. STP
C. MP-BGP
D. E-LAN

Answer: A

Explanation:

Click here to view complete Q&A of JN0-1300 exam
Certkingdom Review

Best Cisco JN0-1300 Certification, Cisco JN0-1300 Training at certkingdom.com

JNCDA Exam Objectives (Exam: JN0-1100)

Customer Design Requirements
Describe customer business drivers which are limited by the current design
Identify the applications that the network will support and rate them in order of importance
Identify boundaries and scope for a design proposal
Identify the components of the network

Customer Organizational Structure
Describe how the customer’s business model drives design
Describe customer key stake holders and success criteria
Describe the customer’s IT organization

Physical Design Considerations
Identify the environmental requirements
Identify HA requirements
Identify basic network technologies

Logical Design Considerations
Identify the demographics of network users
Identify basic network management considerations involved in network design

Industry Alternatives
Identify industry solution alternatives
Identify major network technologies

QUESTION 1
Your company’s network consists of your headquarters location plus several dozen remote offices.
Remote office users are often unable to access data housed in the headquarters data center due
to connectivity issues. You must update the network to provide reliable access to corporate assets
for remote office users.
Which technology is critical to your design project?

A. IPsec
B. WAN acceleration
C. WAN aggregation
D. QoS

Answer: A

Explanation:

QUESTION 2
What is a feature provided by devices in the WAN aggregation site of a large enterprise WAN
deployment?

A. Internet gateway
B. MACsec
C. power redundancy
D. DHCP

Answer: A

Explanation:

QUESTION 3
Which two groups within the IT organization will likely need training if a new type of network
equipment is deployed throughout the enterprise? (Choose two.)

A. application development
B. systems administrators
C. network engineering
D. network operations

Answer: C,D

Explanation:

QUESTION 4
You want to use standard cabling instead of crossover cabling in an environment without MDIX.
In which two situations would this apply? (Choose two.)

A. server-to-switch
B. computer-to-switch
C. computer-to-computer
D. switch-to-switch

Answer: A,B

Explanation:

QUESTION 5
What are three use cases for Data Center Interconnect? (Choose three.)

A. security
B. Layer 2 extension
C. disaster recovery
D. geoclustering
E. ease of management

Answer: B,C,E

Explanation:

Click here to view complete Q&A of JN0-1100 exam
Certkingdom Review

Best Cisco JN0-1100 Certification, Cisco JN0-1100 Training at certkingdom.com

JNCSP-SEC Exam Objectives (Exam: JN0-696)

Security Policy Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot security policy evaluation issues on Junos devices
Transit traffic issues
To-the-device traffic issues
Default and global policy issues
Zone issues
Address book issues
Filter-based forwarding
NAT issues
Configuration issues

IPSec VPN Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot IPSec VPN issues on Junos device
Route-based VPN issues
Policy-based VPN issues
IKE phase 1 issues
IKE phase 2 issues
Configuration issues

Application-Aware Security Services Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos AppSecure issues
AppID issues
AppTrack issues
AppFW issues
AppDoS issues
AppQoS issues
Configuration issues

Intrusion Prevention Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot Junos Intrusion Prevention System (IPS) issues
Licensing and platform issues
Signature database issues
IPS and security policy issues
Configuration issues

Unified Threat Management (UTM) Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot UTM issues on Junos devices
Licensing and platform issues
Antivirus issues
Antispam issues
Content-filtering issues
Web-filtering issues
UTM and security policy issues
Configuration issues

High Availability (HA) Clustering Troubleshooting
Given a scenario, demonstrate knowledge of how to troubleshoot chassis cluster issues on Junos devices
Cluster architecture issues
Cluster component issues
Cluster mode issues
Configuration issues

QUESTION 1
You are having problems establishing an IPsec tunnel between two SRX Series devices.
What are two explanations for this problem? (Choose two.)

A. proposal mismatch
B. antivirus configuration
C. preshared key mismatch
D. TCP MSS clamping is disabled

Answer: B,D

Explanation:

QUESTION 2
Two SRX Series devices are having problems establishing an IPsec VPN session. One of the
devices has a firewall filter applied to its gateway interface that rejects UDP traffic.
What would resolve the problem?

A. Disable the IKE Phase 1 part of the session establishment.
B. Disable the IKE Phase 2 part of the session establishment.
C. Change the configuration so that session establishment uses TCP.
D. Edit the firewall filter to allow UDP port 500.

Answer: A

Explanation:

QUESTION 3
Your SRX Series device has the following configuration:
user@host> show security policies
…
Policy: my-policy, State: enabled, Index: 5, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: snmp
Action: reject
From zone: trust, To zone: untrust
…
When traffic matches my-policy, you want the device to silently drop the traffic; however, you
notice that the device is replying with ICMP unreachable messages instead.
What is causing this behavior?

A. the snmp application
B. the reject action
C. the trust zone
D. the untrust zone

Answer: C

Explanation:

QUESTION 4
You want to allow remote users using PCs running Windows 7 to access the network using an
IPsec VPN. You implement a route-based hub-and-spoke VPN; however, users report that they
are not able to access the network.
What is causing this problem?

A. The remote clients do not have proper licensing.
B. Hub-and-spoke VPNs cannot be route-based; they must be policy-based.
C. The remote clients’ OS is not supported.
D. Hub-and-spoke VPNs do not support remote client access; a dynamic VPN must be
implemented instead.

Answer: B

Explanation:

Click here to view complete Q&A of JN0-696 exam
Certkingdom Review

Best Cisco JN0-696 Certification, Cisco JN0-696 Training at certkingdom.com