New 2023 Latest Questions JN0-649 Dumps - Use Updated Juniper Exam
Latest JN0-649 Exam Dumps Juniper Exam from Training Expert Actual4Labs
NEW QUESTION 21
You are asked to configure 802.1X on your access ports to allow only a single device to authenticate.
In this scenario, which configuration would you use?
- A. single supplicant mode
- B. MAC authentication mode
- C. single-secure supplicant mode
- D. multiple supplicant mode
Answer: C
Explanation:
Single supplicant mode authenticates only the first end device that connects to an authenticator port. All other end devices connecting to the authenticator port after the first has connected successfully, whether they are 802.1X-enabled or not, are permitted access to the port without further authentication. If the first authenticated end device logs out, all other end devices are locked out until an end device authenticates. Single-secure supplicant mode authenticates only one end device to connect to an authenticator port. No other end device can connect to the authenticator port until the first logs out.
NEW QUESTION 22
You are troubleshooting a route problem in the topology shown in the exhibit. The 10.30.0 0/24 route is not reachable from the R3 router. What would cause this problem?
- A. R4 is not advertising the 10.30.0.0/24 route to R3
- B. R3 does not have a route to the BGP next hop of 10.30.0.0/24
- C. R3 does not have an OSPF route for 10.30.0.0/24
- D. R3 does not have an established BGP session with R4.
Answer: B
NEW QUESTION 23
You are asked to enforce user authentication using a captive portal before users access the corporate network.
Which statement is correct in this scenario?
- A. HTTPS is the default protocol for a captive portal.
- B. When enabled, a captive portal must be applied to each individual interface.
- C. All Web browser requests are redirected to the captive portal until authentication is successful.
- D. A captive portal can be bypassed using an allowlist command containing a device's IP address.
Answer: C
Explanation:
You can set up captive portal authentication on your switch to redirect all Web browser requests to a login page that requires users to input a username and password before they are allowed access. Upon successful authentication, users are allowed access to the network and redirected to the original page requested. Junos OS provides a customizable template for the captive portal window that allows you to easily design and modify the look of the captive portal login page. You can modify the design elements of the template to change the look of your captive portal login page and to add instructions or information to the page. You can also modify any of the design elements of a captive portal login page. The first screen displayed before the captive login page requires the user to read the terms and conditions of use. By clicking the Agree button, the user can access the captive portal login page. https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/user-authentication-captive-portal.html
NEW QUESTION 24
Referring to the exhibit, on which three IS-IS routers will the attached bit be set? (Choose three.)
- A. UR5
- B. UR3
- C. R4
- D. R2
- E. R6
Answer: B,D,E
NEW QUESTION 25
You must provide network connectivity to hosts that fail authentication.
In this scenario, what would be used in a network secured with 802.1X to satisfy this requirement?
- A. Configure the native-vlan-id parameter on the port.
- B. Use the server-reject-vlan command to specify a guest VLAN.
- C. Configure a secondary IP address on the port for unauthenticated hosts.
- D. Configure the port as a spanning tree edge port.
Answer: B
Explanation:
For a device configured for 802.1X authentication, specify that when the device receives an Extensible Authentication Protocol Over LAN (EAPoL) Access-Reject message during the authentication process between the device and the RADIUS authentication server, supplicants attempting to access the LAN are granted access and moved to a specific bridge domain or VLAN. Any bridge domain, VLAN name or VLAN ID sent by a RADIUS server as part of the EAPoL Access-Reject message is ignored.
NEW QUESTION 26
You configured static mode power management on an EX4300 to provide PoE power to telephone and access point equipment.
Which statement is correct regarding the PoE power budget?
- A. Power is budgeted to devices on a first come, first served basis as devices are connected.
- B. Power is budgeted to a port even if no device is connected to the port.
- C. The power budgeted to ports will adjust to how much power a device actually uses.
- D. The power budgeted will be based on the device class connected to each port.
Answer: B
NEW QUESTION 27
Your EX Series switch has IP telephones and computers connected to a single switch port. You are considering implementing the voice VLAN feature to help with this setup. In this scenario, which two statements are correct? (Choose two.)
- A. The voice VLAN feature will enable incoming tagged data and voice traffic to be associated with separate VLANs.
- B. Assigning the incoming voice and data traffic to separate VLANs enables the ability to prioritize the traffic using CoS.
- C. The interfaces must be configured as access ports.
- D. The voice VLAN feature must be used with LLDP-MED to associate VLAN ID and 802.1p values with the traffic.
Answer: B,C
NEW QUESTION 28
You notice a mass withdrawal of routes for some of the network hosts. You determine that the link on the ESI interface is down.
Which route type is used in this scenario?
- A. Type 5
- B. Type 2
- C. Type 1
- D. Type 3
Answer: C
Explanation:
https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-bgp-multihoming- overview.html#jd0e270 This is a Type 1 mandatory route, used for fast convergence and for advertising the split horizon label. It is also known as the mass withdraw route.
NEW QUESTION 29
You are asked to troubleshoot voice quality issues on your newly implement VoIP network. You notice that the voice packets are being dropped. You have verified that the packets are correctly marked for expedited forwarding queue.
Referring to the exhibit, what must you configure to solve the problem?
You are asked to troubleshoot voice quality issues on your newly implement VoIP network. You notice that the voice packets are being dropped. You have verified that the packets are correctly marked for expedited forwarding queue.
Referring to the exhibit, what must you configure to solve the problem?
- A. You must configure a multifield classifier to put the VoIP traffic in the correct queue.
- B. You must configure a scheduler to allocate bandwidth to the expedited forwarding queue.
- C. You must configure a policer to ensure that the queue is not being starved.
- D. You must configure a rewrite rule to ensure that the traffic is scheduled properly in the device.
Answer: B
NEW QUESTION 30
A Layer 2 connection does not expend across data centers. The IP subnet in a Layer 2 domain is confined within a single data center.
Which EVPN route type is used to communicate prefixes between the data centers?
- A. Type 2
- B. Type 1
- C. Type 5
- D. Type 4
Answer: C
Explanation:
https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/evpn-route-type5-understanding.html#:~:text=In%20the%20control%20plane%2C%20EVPN,subnet%20connectivity%20across%20data%20centers.
NEW QUESTION 31
You are designing a multicast topology to support IPv4 IPTV broadcasts in your organization. The design should support multiple multicast senders with overlapping group addresses while preventing interference between them. Client devices currently do not support IGMPv3.
Which approach would fulfill these requirements?
- A. Implement MLD
- B. Implement bidirectional PIM
- C. Assign group addresses in the 224/4 range and implement PIM-DM
- D. Implement PIM-SM and SSM with SSM maps to support IGMPv2 clients
Answer: C
NEW QUESTION 32
You are using 802.1X in your access network consisting of EX Series switches. You recently had a failure with your RADIUS server which resulted in authenticating client devices being denied access to the network. You want to change this behavior so that authenticating clients are directed to a remediation VLAN. Which RADIUS server failback setting satisfies this requirement?
- A. sustain
- B. permit
- C. move
- D. deny
Answer: C
Explanation:
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/radius-server-configuration- ex-series-cli.html#id-configuring-radius-server-fail-fallback-cli-procedure Permit authentication, allowing traffic to flow from the end device through the interface as if the end device were successfully authenticated by the RADIUS server.
Deny authentication, preventing traffic from flowing from the end device through the interface.
This is the default.
Move the end device to a specified VLAN if the switch receives a RADIUS access-reject message. The configured VLAN name overrides any attributes sent by the server. (The VLAN must already exist on the switch.) Sustain authenticated end devices that already have LAN access and deny unauthenticated end devices. If the RADIUS servers time out during reauthentication, previously authenticated end devices are reauthenticated and new users are denied LAN access.
NEW QUESTION 33
Click the Exhibit button.
There is a functioning OSPFv3 neighborship between Router-1 and Router-2 over the ge-0/0/1 link. However, the 172.100.100.0/24 and 172.101.101.100/24 routes are not being shared through OSPFv3.
Referring to the configuration shown in the exhibit, which two actions must you take to solve the problem? (Choose two.)
- A. Add interface ge-0/0/1 under the IPv4 unicast realm for both routers.
- B. Add the lo0 interface under OSPFv3 for both routers.
- C. Add the IPv6 family protocol under ge-0/0/2 for both routers.
- D. Add interface ge-0/0/2 under OSPFv3 for both routers.
Answer: A,C
NEW QUESTION 34
Which EVPN route type is used for fast convergence and for advertising the split horizon label?
- A. Type 5
- B. Type 2
- C. Type 1
- D. Type 4
Answer: C
NEW QUESTION 35
Referring to the exhibit, which statement is true?
- A. The current device was allowed after authentication attempts to the RADIUS server failed
- B. Additional users will automatically be allowed to connect to ge-0/0/15
- C. Only 802. 1X authentication will be used for devices connecting to ge-0/0/15
- D. The current device is authenticated using MAC RADIUS
Answer: A
NEW QUESTION 36
Referring to the exhibit, which statement is correct?
- A. This router is an ABR.
- B. This router originated the LSA.
- C. This router is connected to 27 different areas.
- D. This router is an ASBR.
Answer: B
NEW QUESTION 37
You want to create an OSPF area that only contains intra-area route information in the form of Type 1 and Type 2 LSAs.
In this scenario, which area is needed to accomplish this task?
- A. stub area
- B. totally stubby area
- C. non-to-stubby area
- D. totally non-to-stubby area
Answer: B
Explanation:
A totally stubby area (TSA) is a stub area in which summary link-state advertisement (type 3 LSAs) are not sent. A default summary LSA, with a prefix of 0.0. 0.0/0 is originated into the stub area by an ABR, so that devices in the area can forward all traffic for which a specific route is not known, via ABR.
NEW QUESTION 38
Your enterprise network uses routing instances to support multitenancy. Your Junos devices use BGP to peer to multiple BGP devices. You must ensure that load balancing is achieved within the routing instance.
Which two statements would accomplish this task? (Choose two.)
- A. Configure the multipath option at the [edit protocols bgp group] hierarchy.
- B. Configure the multipath option at the [edit protocols bgp group <group-name> neighbor] hierarchy.
- C. Configure the multipath option at the [edit routing-instances <instance-name> routing-options] hierarchy.
- D. Configure a load-balance per-packet policy and apply it at the [edit routing-options forwarding-table] hierarchy.
Answer: A,D
Explanation:
Fortunately, the Juniper Networks BGP implementation supports the notion of a bandwidth community. This extended community encodes the bandwidth of a given next hop, and when combined with multipath, the load-balancing algorithm distributes flows across the set of next hops proportional to their relative bandwidths. Put another way, if you have a 10-Mbps and a 1-Mbps next hop, on average nine flows will map to the high-speed next hop for every one that uses the low speed.
Use of BGP bandwidth community is supported only with per-packet load balancing.
The configuration task has two parts:
Configure the external BGP (EBGP) peering sessions, enable multipath, and define an import policy to tag routes with a bandwidth community that reflects link speed.
Enable per-packet (really per-flow) load balancing for optimal distribution of traffic.
https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/load-balancing-bgp-session.html
NEW QUESTION 39
You are troubleshooting an EVPN-VXLAN IP fabric and observe the loop shown in the exhibit.
Which two steps would you take to further troubleshoot this problem? (Choose two.)
- A. Issue the show route table bgp.evpn.0 command on Leaf2 and verify that Type 3 routes are present.
- B. Verify that the same ESI is configured on the two links from the source.
- C. Verify that the same ESI is configured on the link from the host and that it matches the source.
- D. Issue the show route table bgp.evpn.0 command on Leaf2 and verify that Type 4 routes are present.
Answer: A,D
Explanation:
Type 2 route, MAC with IP advertisement route-Type 2 routes are per-VLAN routes, so only PEs that are part of a VNI need these routes. EVPN allows an end host's IP and MAC addresses to be advertised within the EVPN Network Layer reachability information (NLRI). This allows for control plane learning of ESI MAC addresses. Because there are many Type 2 routes, a separate route-target auto-derived per VNI helps to confine their propagation. This route type is supported by all EVPN switches and routers. Type 5 route, IP prefix Route-An IP prefix route provides encoding for inter-subnet forwarding. In the control plane, EVPN Type 5 routes are used to advertise IP prefixes for inter-subnet connectivity across data centers. To reach a tenant using connectivity provided by the EVPN Type 5 IP prefix route, data packets are sent as Layer 2 Ethernet frames encapsulated in the VXLAN header over the IP network across the data centers.
NEW QUESTION 40
Referring to the exhibit, which statement is correct?
- A. The route is learned from only one neighbor.
- B. The route is learned from a multihop BGP session.
- C. The route is learned from three different neighbors.
- D. The route is learned from a multipath BGP session.
Answer: A
NEW QUESTION 41
You have configured class mode power management on an EX4300 to provide PoE power to telephone and security camera equipment. You want to ensure that security camera power takes priority over telephone power.
Which two actions would solve this problem? (Choose two.)
- A. Connect the security cameras to the lowest port numbers on the switch.
- B. Set the power priority to low on ports connected to security cameras.
- C. Set the power priority to high on ports connected to security cameras.
- D. Set the maximum power settings on ports connected to security cameras.
Answer: A,C
Explanation:
https://www.juniper.net/documentation//en_US/junos/topics/concept/poe-overview.html#jd0e1522 Thus you must set interfaces that connect to critical powered devices, such as security cameras and emergency phones, to high priority. Among PoE interfaces that have the same assigned priority, power priority is determined by the port number, with lower-numbered ports having higher priority.
NEW QUESTION 42
You are asked to merge a RIP network with your OSPF network. As a first step, you establish connectivity between the RIP network and the OSPF network. The RIP network connects to an NSSA area. Which two statements are true in this scenario? (Choose two.)
- A. By default, external OSPF routes have a higher route preference than RIP routes.
- B. To share RIP routes with the OSPF network, an export policy will be required on the ASBR.
- C. Be default, RIP routes have a higher route preference than external OSPF routes.
- D. To share RIP routes with the OSPF network, an export policy will be required on the ABR.
Answer: A,B
Explanation:
Route Preference Values
OSPF Internal = 10
RIP = 100
OSPF External = 150
NEW QUESTION 43
You are configuring BGP policies for a site with a dual-homed connection as shown In the exhibit.
You need all outbound traffic to egress the network through the link to ISP B by default. The ISPs should not be able to override this behavior through BGP attributes.
Which BGP attribute would you modify on the ISP-received routes to accomplish this objective?
- A. MED
- B. origin
- C. local preference
- D. next-hop
Answer: C
NEW QUESTION 44
Referring to the exhibit, which two statements are correct? (Choose two.)
- A. The maximum wattage that this switch can allocate to attached Ethernet devices is 100 watts.
- B. The ge-0/0/10 interface supports PoE+.
- C. PoE is not enabled on the ge-0/0/0 interface.
- D. If the total power consumption exceeds 90 watts, the ge-0/0/11 interface will continue to receive power.
Answer: A,C
NEW QUESTION 45
......
Juniper JN0-649 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
Updated Test Engine to Practice JN0-649 Dumps & Practice Exam: https://gocertify.actual4labs.com/Juniper/JN0-649-actual-exam-dumps.html