NEW QUESTION 1
Which two statements are correct about a sham link? (Choose two.)

• A. It creates an OSPF multihop neighborship between two PE routers.
• B. It creates a BGP multihop neighborship between two PE routers.
• C. The PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes
• D. The PEs exchange Type 3 OSPF LSAs instead of Type 1 OSPF LSAs for the L3VPN routes.

Answer: AC

Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents OSPF from preferring an intra-area back door link over the VPN backbone. A sham link creates an OSPF multihop neighborship between the PE routers using TCP port 646. The PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes, which allows OSPF to use the correct metric for route selection1.

NEW QUESTION 2
Exhibit

Referring to the exhibit, what do the brackets [ ] in the AS path identify?

• A. They identify the local AS number associated with the AS path if configured on the router, or if AS path prepending is configured
• B. They identify an AS set, which are groups of AS numbers in which the order does not matter
• C. They identify that the autonomous system number is incomplete and awaiting more information from the BGP protocol.
• D. They identify that a BGP confederation is being used to ensure that there are no routing loops.

Answer: B

Explanation:
The brackets [ ] in the AS path identify an AS set, which are groups of AS numbers in which the order does not matter. An AS set is used when BGP aggregates routes from different ASs into a single prefix. For example, if BGP aggregates routes 10.0.0.0/16 and 10.1.0.0/16 from AS 100 and AS 200, respectively, into a single prefix 10.0.0.0/15, then the AS path for this prefix will be [100 200]. An AS set reduces the length of the AS path and prevents routing loops.

NEW QUESTION 3
Exhibit

A network is using IS-IS for routing.
In this scenario, why are there two TLVs shown in the exhibit?

• A. There are both narrow and wide metric devices in the topology
• B. The interface specified a metric of 100 for L2.
• C. Wide metrics have specifically been requested
• D. Both IPv4 and IPv6 are being used in the topology

Answer: A

Explanation:
TLVs are tuples of (Type, Length, Value) that can be advertised in IS-IS packets. TLVs can carry different kinds of information in the Link State Packets (LSPs). IS- IS supports both narrow and wide metrics for link costs. Narrow metrics use a single octet to encode the link cost, while wide metrics use three octets. Narrow metrics have a maximum value of 63, while wide metrics have a maximum value of 16777215. If there are both narrow and wide metric devices in the topology, IS-IS will advertise two TLVs for each link: one with the narrow metric and one with the wide metric. This allows backward compatibility with older devices that only support narrow metrics12.

NEW QUESTION 4
When building an interprovider VPN, you notice on the PE router that you have hidden routes which are received from your BGP peer with family inet labeled-unica3t configured.
Which parameter must you configure to solve this problem?

• A. Under the family inet labeled-unicast hierarchy, add the explicit null parameter.
• B. Under the protocols ospf hierarchy, add the traffic-engineering parameter.
• C. Under the family inet labeled-unicast hierarchy, add the resolve-vpn parameter.
• D. Under the protocols mpls hierarchy, add the traffic-engineering parameter

Answer: C

Explanation:
The resolve-vpn parameter is a BGP option that allows a router to resolve labeled VPN-IPv4 routes using unlabeled IPv4 routes received from another BGP peer with family inet labeled-unicast configured. This option enables interprovider VPNs without requiring MPLS labels between ASBRs or using VRF tables on ASBRs. In this scenario, you need to configure the resolve-vpn parameter under [edit protocols bgp group external family inet labeled-unicast] hierarchy level on both ASBRs.

NEW QUESTION 5
Exhibit

Referring to the exhibit, which statement is correct?

• A. The vrf-target configuration will allow routes to be shared between CE-1 and CE-2.
• B. The vrf-target configuration will stop routes from being shared between CE-1 and CE-2.
• C. The route-distinguisher configuration will allow overlapping routes to be shared between CE-1 and CE-2.
• D. The route-diatinguisher configuration will stop routes from being shared between CE-1 and CE-2.

Answer: C

Explanation:
The route distinguisher (RD) is a BGP attribute that is used to create unique VPN IPv4 prefixes for each VPN in an MPLS network. The RD is a 64-bit value that consists of two parts: an administrator field and an assigned number field. The administrator field can be an AS number or an IP address, and the assigned number field can be any arbitrary value chosen by the administrator. The RD is prepended to the IPv4 prefix to create a VPN IPv4 prefix that can be advertised across the MPLS network without causing any overlap or conflict with other VPNs. In this question, we have two PE routers (PE-1 and PE-2) that are connected to two CE devices (CE-1 and CE-2) respectively. PE-1 and PE-2 are configured with VRFs named Customer-A and Customer-B respectively.

NEW QUESTION 6
Exhibit

You want to use both links between R1 and R2 Because of the bandwidth difference between the two links, you must ensure that the links are used as much as possible.
Which action will accomplish this goal?

• A. Define a policy to tag routes with the appropriate bandwidth community.
• B. Disable multipath.
• C. Ensure that the metric-out parameter on the Gigabit Ethernet interface is higher than the 10 Gigibit Ethernet interface.
• D. Enable per-prefix load balancing.

Answer: D

Explanation:
VPLS is a Layer 2 VPN technology that allows multiple sites to connect over a shared IP/MPLS network as if they were on the same LAN. VPLS tunnels can be signaled using either Label Distribution Protocol (LDP) or Border Gateway Protocol (BGP). In this question, we have two links between R1 and R2 with different bandwidths (10 Gbps and 1 Gbps). We want to use both links as much as possible for VPLS traffic. To achieve this, we need to enable per-prefix load balancing on both routers. Per-prefix load balancing is a feature that allows a router to distribute traffic across multiple equal-cost or unequal- cost paths based on the destination prefix of each packet. This improves the utilization of multiple links and provides better load sharing than per-flow load balancing, which distributes traffic based on a hash of source and destination addresses4. Per-prefix load balancing can be enabled globally or per interface using the load-balance per-packet command.
Reference: 4: https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/137544-technote-mpls-00.html

NEW QUESTION 7
You want to ensure that L1 IS-IS routers have only the most specific routes available from L2 IS-IS routers. Which action accomplishes this task?

• A. Configure the ignore-attached-bit parameter on all L2 routers.
• B. Configure all routers to allow wide metrics.
• C. Configure all routers to be L1.
• D. Configure the ignore-attached-bit parameter on all L1 routers

Answer: D

Explanation:
The attached bit is a flag in an IS-IS LSP that indicates whether a router is connected to another area or level (L2) of the network. By default, L2 routers set this bit when they advertise their LSPs to L1 routers, and L1 routers use this bit to select a default route to reach other areas or levels through L2 routers. However, this may result in suboptimal routing if there are multiple L2 routers with different paths to other areas or levels. To ensure that L1 routers have only the most specific routes available from L2 routers, you can configure the ignore-attached-bit parameter on all L1 routers. This makes L1 routers ignore the attached bit and install all interarea routes learned from L2 routers in their routing tables.

NEW QUESTION 8
What is the correct order of packet flow through configurable components in the Junos OS CoS features?

• A. Multifield Classifier -> Behavior Aggregate Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Rewrite Marker -> Scheduler/Shaper/RED
• B. Behavior Aggregate Classifier -> Multifield Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Scheduler/Shaper/RED -> Rewrite Marker
• C. Behavior Aggregate Classifier -> Input Policer -> Multifield Classifier -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Scheduler/Shaper/RED -> Rewrite Marker
• D. Behavior Aggregate Classifier -> Multifield Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Scheduler/Shaper/RED -> Output Policer -> Rewrite Marker

Answer: C

Explanation:
The correct order of packet flow through configurable components in the Junos OS CoS features is as follows:
✑ Behavior Aggregate Classifier: This component uses a single field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined or user-defined values.
✑ Input Policer: This component applies rate-limiting and marking actions to incoming traffic based on the forwarding class and loss priority assigned by the classifier.
✑ Multifield Classifier: This component uses multiple fields in a packet header to classify traffic into different forwarding classes and loss priorities based on user- defined values and filters.
✑ Forwarding Policy Options: This component applies actions such as load balancing, filtering, or routing to traffic based on the forwarding class and loss priority assigned by the classifier.
✑ Fabric Scheduler: This component schedules traffic across the switch fabric based on the forwarding class and loss priority assigned by the classifier.
✑ Output Policer: This component applies rate-limiting and marking actions to outgoing traffic based on the forwarding class and loss priority assigned by the classifier.
✑ Scheduler/Shaper/RED: This component schedules, shapes, and drops traffic at the egress interface based on the forwarding class and loss priority assigned by the classifier.
✑ Rewrite Marker: This component rewrites the code-point bits of packets leaving an interface based on the forwarding class and loss priority assigned by the classifier.

NEW QUESTION 9
Exhibit

Referring to the exhibit, which two statements are true? (Choose two.)

• A. This route is learned through EBGP
• B. This is an EVPN Type-2 route.
• C. The device advertising this route into EVPN is 192.168.101.5.
• D. The devices advertising this route into EVPN are 10 0 2 12 and 10.0.2.22.

Answer: BC

Explanation:
This is an EVPN Type-2 route, also called a MAC/IP advertisement route, that is used to advertise host IP and MAC address information to other VTEPs in an EVPN network. The route type field in the EVPN NLRI has a value of 2, indicating a Type-2 route. The device advertising this route into EVPN is 192.168.101.5, which is the IP address of the VTEP that learned the host information from the local CE device. This IP address is carried in the MPLS label field of the route as part of the VXLAN encapsulation.

NEW QUESTION 10
You are asked to protect your company's customers from amplification attacks. In this scenario, what is Juniper's recommended protection method?

• A. ASN prepending
• B. BGP FlowSpec
• C. destination-based Remote Triggered Black Hole
• D. unicast Reverse Path Forwarding

Answer: C

Explanation:
amplification attacks are a type of distributed denial-of-service (DDoS) attack that exploit the characteristics of certain protocols to amplify the traffic sent to a victim. For example, an attacker can send a small DNS query with a spoofed source IP address to a DNS server, which will reply with a much larger response to the victim. This way, the attacker can generate a large amount of traffic with minimal resources.
One of the methods to protect against amplification attacks is destination-based Remote Triggered Black Hole (RTBH) filtering. This technique allows a network operator to drop traffic destined to a specific IP address or prefix at the edge of the network, thus preventing it from reaching the victim and consuming bandwidth and resources. RTBH filtering can be implemented using BGP to propagate a special route with a next hop of 192.0.2.1 (a reserved address) to the edge routers. Any traffic matching this route will be discarded by the edge routers.

NEW QUESTION 11
Exhibit

You want to implement the BGP Generalized TTL Security Mechanism (GTSM) on the network
Which three statements are correct in this scenario? (Choose three)

• A. You can implement BGP GTSM between R2, R3, and R4
• B. BGP GTSM requires a firewall filter to discard packets with incorrect TTL.
• C. You can implement BGP GTSM between R2 and R1.
• D. BGP GTSM requires a TTL of 1 to be configured between neighbors.
• E. BGP GTSM requires a TTL of 255 to be configured between neighbors.

Answer: ADE

Explanation:
BGP GTSM is a technique that protects a BGP session by comparing the TTL value in the IP header of incoming BGP packets against a valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded. The valid TTL range is from 255 – the configured hop count + 1 to 255. When GTSM is configured, the BGP packets sent by the device have a TTL of 255. GTSM provides best protection for directly connected EBGP sessions, but not for multihop EBGP or IBGP sessions because the TTL of packets might be modified by intermediate devices.
In the exhibit, we can see that R2, R3, and R4 are in the same AS (AS 20) and R1 is in a different AS (AS 10). Based on this information, we can infer the following statements:
✑ You can implement BGP GTSM between R2, R3, and R4. This is not correct because R2, R3, and R4 are IBGP peers and GTSM does not provide effective protection for IBGP sessions. The TTL of packets between IBGP peers might be changed by intermediate devices or routing protocols.
✑ BGP GTSM requires a firewall filter to discard packets with incorrect TTL. This is not correct because BGP GTSM does not require a firewall filter to discard packets with incorrect TTL. BGP GTSM uses TCP option 19 to negotiate GTSM capability between peers and uses TCP option 20 to carry the expected TTL value in each packet. The receiver checks the expected TTL value against the actual TTL value and discards packets with incorrect TTL values.
✑ You can implement BGP GTSM between R2 and R1. This is correct because R2 and R1 are EBGP peers and GTSM provides effective protection for directly connected EBGP sessions. The TTL of packets between directly connected EBGP peers is not changed by intermediate devices or routing protocols.
✑ BGP GTSM requires a TTL of 1 to be configured between neighbors. This is not correct because BGP GTSM requires a TTL of 255 to be configured between neighbors. The sender sets the TTL of packets to 255 and the receiver expects the TTL of packets to be 255 minus the configured hop count.
✑ BGP GTSM requires a TTL of 255 to be configured between neighbors. This is correct because BGP GTSM requires a TTL of 255 to be configured between neighbors. The sender sets the TTL of packets to 255 and the receiver expects the TTL of packets to be 255 minus the configured hop count.

NEW QUESTION 12
In IS-IS, which two statements are correct about the designated intermediate system (DIS) on a multi-access network segment? (Choose two)

• A. A router with a priority of 10 wins the DIS election over a router with a priority of 1.
• B. A router with a priority of 1 wins the DIS election over a router with a priority of 10.
• C. On the multi-access network, each router forms an adjacency to every other router on the segment
• D. On the multi-access network, each router only forms an adjacency to the DIS.

Answer: AD

Explanation:
In IS-IS, a designated intermediate system (DIS) is a router that is elected on a multi-access network segment (such as Ethernet) to perform some functions on behalf of other routers on the same segment. A DIS is responsible for sending network link-state advertisements (LSPs), which describe all the routers attached to the network. These LSPs are flooded throughout a single area. A DIS also generates pseudonode LSPs, which represent the multi-access network as a single node in the link-state database. A DIS election is based on the priority value configured on each router’s interface connected to the multi-access network. The priority value ranges from 0 to 127, with higher values indicating higher priority. The router with the highest priority becomes the DIS for the area (Level 1, Level 2, or both). If routers have the same priority, then the router with the highest MAC address is elected as the DIS. By default, routers have a priority value of 64. On a multi-access network, each router only forms an adjacency to the DIS, not to every other router on the segment. This reduces the amount of hello packets and LSP

NEW QUESTION 13
Exhibit.

Referring to the exhibit; the 10.0.0.0/24 EBGP route is received on R5; however, the route is being hidden.
What are two solutions that will solve this problem? (Choose two.)

• A. On R4, create a policy to change the BGP next hop to itself and apply it to IBGP as an export policy
• B. Add the external interface prefix to the IGP routing tables
• C. Add the internal interface prefix to the BGP routing tables.
• D. On R4, create a policy to change the BGP next hop to 172.16.1.1 and apply it to IBGP as an export policy

Answer: AB

Explanation:
the default behavior for iBGP is to propagate EBGP-learned prefixes without changing the next-hop. This can cause issues if the next-hop is not reachable via the IGP. One solution is to use the next-hop self command on R4, which will change the next-hop attribute to its own loopback address. This way, R5 can reach the next-hop via the IGP and install the route in its routing table.
Another solution is to add the external interface prefix (120.0.4.16/30) to the IGP routing tables of R4 and R5. This will also make the next-hop reachable via the IGP and allow R5 to use the route. According to2, this is a possible workaround for a pure IP network, but it may not work well for an MPLS network.

NEW QUESTION 14
You are responding to an RFP for a new MPLS VPN implementation. The solution must use LDP for signaling and support Layer 2 connectivity without using BGP The solution must be scalable and support multiple VPN connections over a single MPLS LSP The customer wants to maintain all routing for their Private network
In this scenario, which solution do you propose?

• A. circuit cross-connect
• B. BGP Layer 2 VPN
• C. LDP Layer 2 circuit
• D. translational cross-connect

Answer: C

Explanation:
AToM (Any Transport over MPLS) is a framework that supports various Layer 2 transport types over an MPLS network core. One of the transport types supported by AToM is LDP Layer 2 circuit, which is a point-to-point Layer 2 connection that uses LDP for signaling and MPLS for forwarding. LDP Layer 2 circuit can support Layer 2 connectivity without using BGP and can be scalable and efficient by using a single MPLS LSP for multiple VPN connections. The customer can maintain all routing for their private network by using their own CE switches.

NEW QUESTION 15
Exhibit

You are running a service provider network and must transport a customer's IPv6 traffic across your IPv4-based MPLS network using BGP You have already configured mpis ipv6- tunneling on your PE routers.
Which two statements are correct about the BGP configuration in this scenario? (Choose two.)

• A. You must configure family inet6 labcled-unicast between PE routers.
• B. You must configure family inet6 unicaat between PE and CE routers.
• C. You must configure family inet6 add-path between PE and CE routers.
• D. You must configure family inet6 unicast between PE routers

Answer: AB

Explanation:
To transport IPv6 traffic over an IPv4-based MPLS network using BGP, you need to configure two address families: family inet6 labeled-unicast and family inet6 unicast. The former is used to exchange IPv6 routes with MPLS labels between PE routers, and the latter is used to exchange IPv6 routes without labels between PE and CE routers. The mpis ipv6-tunneling command enables the PE routers to encapsulate the IPv6 packets with an MPLS label stack and an IPv4 header before sending them over the MPLS network.

NEW QUESTION 16
Exhibit

Referring to the exhibit, which three statements are correct about route 10 0 0.0/16 when using the default BGP advertisement rules'? (Choose three.)

• A. R1 will prepend AS 65531 when advertising 10 0.0 0/16 to R2.
• B. R1 will advertise 10.0.0.0/16 to R2 with 192 168 1 1 as the next hop.
• C. R2 will advertise 10.0.0.0/16 to R3 with 192.168.1 1 as the next hop
• D. R4 will advertise 10 0.0 0/16 to R6 with 172.16 1 1 as the next hop
• E. R2 will advertise 10.0.0.0/16 to R4 with 172.16.1.1 as the next hop

Answer: BDE

Explanation:
The problem in this scenario is that R1 and R8 are not receiving each other’s routes because of private AS numbers in the AS path. Private AS numbers are not globally unique and are not advertised to external BGP peers. To solve this problem, you need to do the following:
✑ Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 64498. This allows R5 and R6 to advertise their own AS number (65412) instead of their peer’s AS number (64498) when sending updates to R7 and R8. This prevents a loop detection issue that would cause R7 and R8 to reject the routes from R5 and R62.
✑ Configure remove-private on advertisements from AS 64497 toward AS 64498 and from AS 64500 toward AS 64499. This removes any private AS numbers from the AS path before sending updates to external BGP peers. This allows R2 and R3 to receive the routes from R1 and R4, respectively3.

NEW QUESTION 17
Which two statements describe PIM-SM? (Choose two)

• A. Routers with receivers send join messages to their upstream neighbors.
• B. Routers without receivers must periodically prune themselves from the SPT.
• C. Traffic is initially flooded to all routers and an S,G is maintained for each group
• D. Traffic is only forwarded to routers that request to join the distribution tree.

Answer: AD

Explanation:
PIM sparse mode (PIM-SM) is a multicast routing protocol that uses a pull model to deliver multicast traffic. In PIM-SM, routers with receivers send join messages to their upstream neighbors toward a rendezvous point (RP) or a source-specific tree (SPT). The RP or SPT acts as the root of a shared distribution tree for a multicast group. Traffic is only forwarded to routers that request to join the distribution tree by sending join messages. PIM-SM does not flood traffic to all routers or prune routers without receivers, as PIM dense mode does.

NEW QUESTION 18
......