Latest Juniper JN0-351 Exam questions and answers [Q12-Q36]

Latest Juniper JN0-351 Exam questions and answers

TestPassKing JN0-351 Exam Practice Test Questions (Updated 67 Questions)

Juniper JN0-351 Exam Syllabus Topics:

Topic	Details
Topic 1	Describe the concepts, operations, or functionalities of IS-IS Describe the concepts, operations, or functionalities of OSPF
Topic 2	Describe the concepts, operations, or functionalities of BGP Identify the concepts, requirements, or functionalities of IP tunneling
Topic 3	Identify the concepts, benefits, applications Demonstrate knowledge of how to configure, monitor
Topic 4	Describe the concepts, benefits, operations Demonstrate knowledge how to configure, monitor
Topic 5	Identify the concepts, benefits, or operations of Layer 2 firewall filters Demonstrate knowledge how to configure, monitor, or troubleshoot Spanning Tree
Topic 6	Demonstrate knowledge how to configure, monitor Port security, including MAC limiting, DHCP snooping

 

NEW QUESTION # 12
Exhibit

You have configured a GRE tunnel. To reduce the risk of dropping traffic, you have configured a keepalive OAM probe to monitor the state of the tunnel; however, traffic drops are still occurring.
Referring to the exhibit, what is the problem?

• A. LLDP needs to be removed from the gr-1/1/10.1 interface.
• B. For GRE tunnels, the OAM protocol requires that the BFD protocols also be used.
• C. The "event link-adjacency-loss" option must be set.
• D. The hold-time value must be two times the keepalive-time value

Answer: D

Explanation:
Explanation
A keepalive OAM probe is a mechanism that can be used to monitor the state of a GRE tunnel and detect any failures in the tunnel path. A keepalive OAM probe consists of sending periodic packets from one end of the tunnel to the other and expecting a reply. If no reply is received within a specified time, the tunnel is considered down and the line protocol of the tunnel interface is changed to down1.
To configure a keepalive OAM probe for a GRE tunnel, you need to specify two parameters: the keepalive-time and the hold-time. The keepalive-time is the interval between each keepalive packet sent by the local router. The hold-time is the maximum time that the local router waits for a reply from the remote router before declaring the tunnel down2.
According to the Juniper Networks documentation, the hold-time value must be two times the keepalive-time value for a GRE tunnel2. This is because the hold-time value must account for both the round-trip time of the keepalive packet and the processing time of the remote router. If the hold-time value is too small, it may cause false positives and unnecessary tunnel flaps.
In the exhibit, the configuration shows that the keepalive-time is set to 10 seconds and the hold-time is set to
15 seconds for the gr-1/1/10.1 interface. This means that the local router will send a keepalive packet every 10 seconds and will wait for 15 seconds for a reply from the remote router. However, this hold-time value is not two times the keepalive-time value, which violates the recommended configuration. This may cause traffic drops if the remote router takes longer than 15 seconds to reply.
Therefore, option D is correct, because the hold-time value must be two times the keepalive-time value for a GRE tunnel. Option A is incorrect, because BFD is not required for GRE tunnels; BFD is another protocol that can be used to monitor tunnels, but it is not compatible with GRE keepalives3. Option B is incorrect, because the "event link-adjacency-loss" option is not related to GRE tunnels; it is an option that can be used to trigger an action when a link goes down4. Option C is incorrect, because LLDP does not need to be removed from the gr-1/1/10.1 interface; LLDP is a protocol that can be used to discover neighboring devices and their capabilities, but it does not interfere with GRE tunnels5.
References:
1: Configuring Keepalive Time and Hold time for a GRE Tunnel Interface 2: keepalive | Junos OS | Juniper Networks 3: Configuring Bidirectional Forwarding Detection 4: event link-adjacency-loss | Junos OS | Juniper Networks 5: Understanding Link Layer Discovery Protocol

NEW QUESTION # 13
Exhibit.

You have configured the four EX Series switches with RSTP, as shown in the exhibit. You discover that whenever a link between switches goes up or down, the switches take longer than expected for RSTP to converge, using the default settings.
In this scenario, which action would solve the delay in RSTP convergence?

• A. The bridge priority for EX-4 must be set at 4000.
• B. The max-age must be increased to 20
• C. The hello-time must be increased.
• D. The force-version must be removed.

Answer: D

Explanation:
The exhibit shows the configuration of RSTP on EX-4, which has the command force-version stp. This command forces the switch to use the legacy STP protocol instead of RSTP, even though the switch supports RSTP1. This means that EX-4 will not be able to take advantage of the faster convergence and enhanced features of RSTP, such as edge ports, link type, and proposal/agreement sequence2.
The other switches in the network are likely to be running RSTP, as it is the default protocol for EX Series switches3. Therefore, there will be a compatibility issue between EX-4 and the other switches, which will result in longer convergence times and suboptimal performance. The switch will also generate a warning message that says "Warning: STP version mismatch with neighbor" when it receives a BPDU from a RSTP neighbor1.
To solve this problem, the force-version command must be removed from EX-4, so that it can run RSTP natively and interoperate with the other switches in the network. This will enable faster convergence and better stability for the network topology. To remove the command, you can use the delete protocols rstp force-version command in configuration mode1.

NEW QUESTION # 14
Exhibit

Your BGP neighbors, one in the USA and one in France, are not establishing a connection with each other.
Referring to the exhibit, which statement is correct?

• A. The BFD liveness is set too high.
• B. The BFD liveness must be configured on the BGP group.
• C. The BFD liveness must be configured on the BGP neighbor.
• D. The BFD liveness is set too low.

Answer: C

Explanation:
Explanation
The exhibit shows the configuration of BFD liveness detection for BGP at the global level, which applies to all BGP neighbors by default1. However, this configuration does not specify the session mode, which determines whether BFD uses single-hop or multihop mode to communicate with a neighbor2.
For single-hop BGP neighbors, which are directly connected on the same subnet, the session mode can be either automatic or single-hop. For multihop BGPneighbors, which are not directly connected and require multiple hops to reach, the session mode must be multihop2.
Since your BGP neighbors are in different countries, they are likely to be multihop neighbors. Therefore, you need to configure the session mode as multihop for each neighbor individually at the [edit protocols bgp group group-name neighbor address bfd-liveness-detection] hierarchy level2. For example:
protocols { bgp { group usa { neighbor 192.0.2.1 { bfd-liveness-detection { session-mode multihop; } } } group france { neighbor 198.51.100.1 { bfd-liveness-detection { session-mode multihop; } } } } } If you do not configure the session mode for multihop neighbors, BFD will use the default mode of automatic, which will try to use single-hop mode and fail to establish a BFD session with the remote neighbor2. This will prevent BGP from using BFD to detect liveliness and failover.
Therefore, the answer B is correct, as you need to configure the BFD liveness detection on the BGP neighbor level with the appropriate session mode for multihop neighbors.

NEW QUESTION # 15
What is the maximum allowable MTU size for a default GRE tunnel without IPv4 traffic fragmentation?

• A. 1496 bytes
• B. 1476 bytes
• C. 1500 bytes
• D. 1480 bytes

Answer: B

Explanation:
Explanation
The maximum allowable MTU size for a default GRE tunnel without IPv4 traffic fragmentation is 1476 bytes1. This is because GRE packets are formed by the addition of the original packets and the required GRE headers1. These headers are 24-bytes in length and since these headers are added to the original frame, depending on the original size of the packet we may run into IP MTU problems1. The most common IP MTU is 1500-bytes in length (Ethernet)1. When the tunnel is created, it deducts the 24-bytes it needs to encapsulate the passenger protocols and that is the IP MTU it will use1. For example, if we are forming a tunnel over FastEthernet (IP MTU 1500)the IOS calculates the IP MTU on the tunnel as: 1500-bytes from Ethernet -
24-bytes for the GRE encapsulation = 1476-Bytes1.

NEW QUESTION # 16
You implemented the MAC address limit feature with the shutdown action on all interfaces on your switch.
In this scenario, which statement is correct when a violation occurs?

• A. By default, the violation will automatically be cleared after 300 seconds and the interface will resume sending and receiving traffic for all learned devices.
• B. By default, you must manually clear the violation for the interface to send and receive traffic again.
• C. By default, the interface will continue to send and receive traffic for all connected devices after a violation has occurred.
• D. By default, devices that are learned before the violation occurs are still allowed to send and receive traffic through the specific interface.

Answer: B

Explanation:
Explanation
When the MAC address limit feature with the shutdown action is implemented on a switch, if a violation occurs, the interface is disabled and a system log entry is generated1. If the switch has been configured with the port-error-disable statement, the disabled interface recovers automatically upon expiration of the specified disable timeout1. However, if the switch has not been configured for auto-recovery from port error disabled conditions, you must manually clearthe violation by running the clear ethernet-switching port-error command for the interface to send and receive traffic again1. This explanation is based on the Enterprise Routing and Switching Specialist (JNCIS-ENT) documents and learning resources available at Juniper Networks1.

NEW QUESTION # 17
Which statement is correct about the IS-IS ISO NET address?

• A. An ISO NET address defined with a system ID of 0000.0000.0000 must be selected as the DIS.
• B. The Area ID must match on all devices within a L2 area.
• C. An ISO NET address must be unique for each device in the network.
• D. You can only define a single ISO NET address per device.

Answer: C

Explanation:
An ISO NET address is a type of network address used by the IS-IS routing protocol. It identifies a point of connection to the network, such as a router interface, and is also called a Network Service Access Point (NSAP)1.
An ISO NET address consists of three parts: an area ID, a system ID, and a selector2. The area ID identifies the IS-IS area to which the device belongs. The system ID uniquely identifies the device within the area. The selector identifies a specific service or function on the device, such as routing or management2.
An ISO NET address must be unique for each device in the network, because it is used by IS-IS to establish adjacencies, exchange routing information, and compute shortest paths2. If two devices have the same ISO NET address, they will not be able to communicate with each other or with other devices in the network. Therefore, it is important to assign different ISO NET addresses to each device in the network.

NEW QUESTION # 18
Which two mechanisms are part of building and maintaining a Layer 2 bridge table? (Choose two.)

• A. blocking
• B. listening
• C. learning
• D. flooding

Answer: C,D

Explanation:
Option B is correct. Flooding is a mechanism used in Layer 2 bridging where the switch sends incoming packets to all its ports except for the port where the packet originated1. This is done when the switch doesn't know the destination MAC address or when the packet is a broadcast or multicast1.
Option C is correct. Learning is another mechanism used in Layer 2 bridging where the switch learns the source MAC addresses of incoming packets and associates them with the port on which they were received23. This information is stored in a MAC address table, also known as a bridge table23.
Option A is incorrect. Blocking is a state in Spanning Tree Protocol (STP) used to prevent loops in a network2. It's not a mechanism used in building and maintaining a Layer 2 bridge table2.
Option D is incorrect. Listening is also a state in Spanning Tree Protocol (STP) where the switch listens for BPDUs to make sure no loops occur in the network before transitioning to the learning state2. It's not a mechanism used in building and maintaining a Layer 2 bridge table2.

NEW QUESTION # 19
What are two characteristics of RSTP alternate ports? (Choose two.)

• A. RSTP alternate ports provide an alternate lower cost path to the root bridge.
• B. RSTP alternate ports provide an alternate higher cost path to the root bridge.
• C. RSTP alternate ports block traffic while receiving superior BPDUs from a neighboring switch.
• D. RSTP alternate ports are active ports used to forward frames toward the root bridge.

Answer: B,C

Explanation:
A is correct because RSTP alternate ports block traffic while receiving superior BPDUs from a neighboring switch. An alternate port is a backup port for a root port, which means it receives better BPDUs from another bridge than the current root port1. However, an alternate port does not forward any traffic, as it is in a discarding state2. It only listens to BPDUs and waits for the root port to fail. If the root port fails, the alternate port can immediately transition to a forwarding state and become the new root port1.
C is correct because RSTP alternate ports provide an alternate higher cost path to the root bridge. An alternate port is selected based on the same criteria as the root port, which are the lowest bridge ID, the lowest path cost, the lowest sender port ID, and the lowest receiver port ID3. However, an alternate port receives a higher cost BPDU than the root port, otherwise it would be the root port itself1. Therefore, an alternate port provides an alternate higher cost path to the root bridge than the root port.

NEW QUESTION # 20
Which two statements about redundant trunk groups on EX Series switches are correct? (Choose two.)

• A. Redundant trunk groups load balance traffic across two designated uplink interfaces.
• B. If the active link fails, then the secondary link automatically takes over.
• C. Redundant trunk groups use spanning tree to provide loop-free redundant uplinks.
• D. Layer 2 control traffic is permitted on the secondary link.

Answer: B,D

Explanation:
C is correct because Layer 2 control traffic is permitted on the secondary link of a redundant trunk group (RTG) on EX Series switches. Layer 2 control traffic includes protocols such as LLDP, LACP, and STP, which are used to exchange information and coordinate actions between switches1. According to the Juniper Networks documentation2, Layer 2 control traffic is allowed to pass through both the active and the secondary links of an RTG, but data traffic is only forwarded through the active link. This allows the switches to maintain their Layer 2 adjacencies and monitor the link status on both links.
D is correct because if the active link fails, then the secondary link automatically takes over in an RTG on EX Series switches. An RTG consists of two trunk links: an active or primary link, and a secondary or backup link2. The active link is used to forward data traffic, while the secondary link is in standby mode. If the active link fails or becomes unavailable, the secondary link immediately transitions to a forwarding state and takes over the data traffic without waiting for normal STP convergence2. This provides fast recovery and redundancy for the network.

NEW QUESTION # 21
What is the default MAC age-out timer on an EX Series switch?

• A. 300 minutes
• B. 30 minutes
• C. 300 seconds
• D. 30 seconds

Answer: C

Explanation:
Explanation
The default MAC age-out timer on an EX Series switch is 300 seconds12. The MAC age-out timer is the maximum time that an entry can remain in the MAC table before it "ages out," or is removed31. This configuration can influence efficiency of network resource use by affecting the amount of traffic that is flooded to all interfaces1. When traffic is received for MAC addresses no longer in the Ethernet routing table, the router floods the traffic to all interfaces1.

NEW QUESTION # 22
Which three protocols support BFD? (Choose three.)

• A. RSTP
• B. LACP
• C. FTP
• D. BGP
• E. OSPF

Answer: B,D,E

Explanation:
Explanation
BFD is a protocol that can be used to quickly detect failures in the forwarding path between two adjacent routers or switches. BFD can be integrated with various routing protocols and link aggregation protocols to provide faster convergence and fault recovery.
According to the Juniper Networks documentation, the following protocols support BFD on Junos OS devices1:
BGP: BFD can be used to monitor the connectivity between BGP peers and trigger a session reset if a failure is detected. BFD can be configured for both internal and external BGP sessions, as well as for IPv4 and IPv6 address families2.
OSPF: BFD can be used to monitor the connectivity between OSPF neighbors and trigger a state change if a failure is detected. BFD can be configured for both OSPFv2 and OSPFv3 protocols, as well as for point-to-point and broadcast network types3.
LACP: BFD can be used to monitor the connectivity between LACP members and trigger a link state change if a failure is detected. BFD can be configured for both active and passive LACP modes, as well as for static and dynamic LAGs4.
Other protocols that support BFD on Junos OS devices are:
IS-IS: BFD can be used to monitor the connectivity between IS-IS neighbors and trigger a state change if a failure is detected. BFD can be configured for both level 1 and level 2 IS-IS adjacencies, as well as for point-to-point and broadcast network types.
RIP: BFD can be used to monitor the connectivity between RIP neighbors and trigger a route update if a failure is detected. BFD can be configured for both RIP version 1 and version 2 protocols, as well as for IPv4 and IPv6 address families.
VRRP: BFD can be used to monitor the connectivity between VRRP routers and trigger a priority change if a failure is detected. BFD can be configured for both VRRP version 2 and version 3 protocols, as well as for IPv4 and IPv6 address families.
The protocols that do not support BFD on Junos OS devices are:
RSTP: RSTP is a spanning tree protocol that provides loop prevention and rapid convergence in layer 2 networks. RSTP does not use BFD to detect link failures, but relies on its own hello mechanism that sends BPDU packets every 2 seconds by default.
FTP: FTP is an application layer protocol that is used to transfer files between hosts over a TCP connection. FTP does not use BFD to detect connection failures, but relies on TCP's own retransmission and timeout mechanisms.
References:
1: [Configuring Bidirectional Forwarding Detection] 2: [Configuring Bidirectional Forwarding Detection for BGP] 3: [Configuring Bidirectional Forwarding Detection for OSPF] 4: [Configuring Bidirectional Forwarding Detection for Link Aggregation Control Protocol] : [Configuring Bidirectional Forwarding Detection for IS-IS] : [Configuring Bidirectional Forwarding Detection for RIP] : [Configuring Bidirectional Forwarding Detection for VRRP] : [Understanding Rapid Spanning Tree Protocol] : [Understanding FTP]

NEW QUESTION # 23
You are concerned about spoofed MAC addresses on your LAN.
Which two Layer 2 security features should you enable to minimize this concern? (Choose two.)

• A. dynamic ARP inspection
• B. IP source guard
• C. DHCP snooping
• D. static ARP

Answer: A,C

Explanation:
A is correct because dynamic ARP inspection (DAI) is a Layer 2 security feature that prevents ARP spoofing attacks. ARP spoofing is a technique that allows an attacker to send fake ARP messages to associate a spoofed MAC address with a legitimate IP address. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DAI validates ARP packets by checking the source MAC address and IP address against a trusted database, which is usually built by DHCP snooping1. DAI discards any ARP packets that do not match the database or have invalid formats1.
C is correct because DHCP snooping is a Layer 2 security feature that prevents DHCP spoofing attacks.
DHCP spoofing is a technique that allows an attacker to act as a rogue DHCP server and offer fake IP addresses and other network parameters to unsuspecting clients. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DHCP snooping filters DHCP messages by classifying switch ports as trusted or untrusted. Trusted ports are allowed to send and receive any DHCP messages, while untrusted ports are allowed to send only DHCP requests and receive only valid DHCP replies from trusted ports2. DHCP snooping also builds a database of MAC addresses, IP addresses, lease times, and binding types for each client2.

NEW QUESTION # 24
You have two OSPF routers forming an adjacency. R1 has a priority of 32 and a router ID of 192.168.1.2. R2 has a priority of 64 and a router ID of 192.168.1.1. The routers were started at the same time and all other OSPF settings are the default settings.
Which statement is correct in this scenario?

• A. At least three routers are required for a DR/BDR election
• B. R2 will be the BDR.
• C. Router IDs must match for an adjacency to form.
• D. R1 will be the BDR.

Answer: D

Explanation:
Explanation
In OSPF, the Designated Router (DR) and Backup Designated Router (BDR) are elected based on the priority of the routers1. The router with the highest priority becomes the DR, and the router with the second highest priority becomes the BDR1. If there is a tie in priority, then the router with the highest Router ID is chosen1.
In this scenario, R2 has a higher priority (64) than R1 (32), so R2 will become the DR1. Since R1 has the second highest priority, it will become the BDR1. Therefore, option D is correct.

NEW QUESTION # 25
Which two events cause a router to advertise a connected network to OSPF neighbors? (Choose two.)

• A. When a static route to the 224.0.0.6 address is created.
• B. When a static route to the 224.0.0.5 address is created.
• C. When an interface has the OSPF passive option enabled.
• D. When an OSPF adjacency is established.

Answer: B,D

Explanation:
A is correct because when an OSPF adjacency is established, a router will advertise a connected network to OSPF neighbors. An OSPF adjacency is a logical relationship between two routers that agree to exchange routing information using the OSPF protocol1. To establish an OSPF adjacency, the routers must be in the same area, have compatible parameters, and exchange hello packets1. Once an OSPF adjacency is formed, the routers will exchange database description (DBD) packets, which contain summaries of their link-state databases (LSDBs)1. The LSDBs include information about the connected networks and their costs2. Therefore, when an OSPF adjacency is established, a router will advertise a connected network to OSPF neighbors through DBD packets.
D is correct because when a static route to the 224.0.0.5 address is created, a router will advertise a connected network to OSPF neighbors. The 224.0.0.5 address is the multicast address for all OSPF routers3. A static route to this address can be used to send OSPF hello packets to all OSPF neighbors on a network segment3. This can be useful when the network segment does not support multicast or when the router does not have an IP address on the segment3. When a static route to the 224.0.0.5 address is created, the router will send hello packets to this address and establish OSPF adjacencies with other routers on the segment3. As explained above, once an OSPF adjacency is formed, the router will advertise a connected network to OSPF neighbors through DBD packets.

NEW QUESTION # 26
You are a network operator who wants to add a second ISP connection and remove the default route to the existing ISP You decide to deploy the BGP protocol in the network.
What two statements are correct in this scenario? (Choose two.)

• A. IBGP peers advertise routes received from IBGP peers to other IBGP peers.
• B. IBGP updates the next-hop attribute to ensure reachability within an AS.
• C. EBGP peers advertise routes received from IBGP peers to other EBGP peers.
• D. IBGP peers advertise routes received from EBGP peers to other IBGP peers.

Answer: B,D

Explanation:
A is correct because IBGP updates the next-hop attribute to ensure reachability within an AS. This is because the next-hop attribute is the IP address of the router that advertises the route to a BGP peer. If the next-hop attribute is not changed by IBGP, it would be the IP address of an external router, which may not be reachable by all routers within the AS. Therefore, IBGP updates the next-hop attribute to the IP address of the router that received the route from an EBGP peer1.
B is correct because IBGP peers advertise routes received from EBGP peers to other IBGP peers. This is because BGP follows the rule of advertising only the best route to a destination, and EBGP routes have a higher preference than IBGP routes. Therefore, IBGP peers advertise routes learned from an EBGP peer to all BGP peers, including both EBGP and IBGP peers1.

NEW QUESTION # 27
Which statement is correct about IP-IP tunnels?

• A. IP-IP tunnels only support encapsulating non-IP traffic.
• B. IP-IP tunnels only support encapsulating IP traffic.
• C. The TTL in the inner packet is decremented during transit to the tunnel endpoint.
• D. There are 24 bytes of overhead with IP-IP encapsulation.

Answer: B

Explanation:
Explanation
IP-IP tunnels are a type of tunnels that use IP as both the encapsulating and encapsulated protocol. IP-IP tunnels are simple and easy to configure, but they do not provide any security or authentication features. IP-IP tunnels only support encapsulating IP traffic, which means that the payload of the inner packet must be an IP packet. IP-IP tunnels cannot encapsulate non-IP traffic, such as Ethernet frames or MPLS labels1.
Option A is correct, because IP-IP tunnels only support encapsulating IP traffic. Option B is incorrect, because IP-IP tunnels only support encapsulating non-IP traffic. Option C is incorrect, because the TTL in the inner packet is not decremented during transit to the tunnel endpoint. The TTL in the outer packet is decremented by each router along the path, but the TTL in the inner packet is preserved until it reaches the tunnel endpoint2.
Option D is incorrect, because there are 20 bytes of overhead with IP-IP encapsulation. The overhead consists of the header of the outer packet, which has a fixed size of 20 bytes for IPv43.
References:
1: IP-IP Tunneling 2: What is tunneling? | Tunneling in networking 3: IPv4 - Header

NEW QUESTION # 28
Exhibit

What does the * indicate in the output shown in the exhibit?

• A. The switch ports have a router attached.
• B. The interface is active.
• C. The interface is down.
• D. All interfaces have elected a root bridge.

Answer: B

Explanation:
The exhibit shows the output of the command show vlans brief, which displays brief information about VLANs and their associated interfaces1.
The output has four columns: Routing instance, VLAN name, Interfaces, and Tagging.
The * symbol indicates that the interface is active, meaning that it is up and forwarding traffic1. This can be verified by the command , which displays the status of the interfaces2.

NEW QUESTION # 29
Which two statements are correct about tunnels? (Choose two.)

• A. Tunnel endpoints must have a valid route to the remote tunnel endpoint.
• B. Tunnels add additional overhead to packet size.
• C. IP-IP tunnels are stateful.
• D. BFD cannot be used to monitor tunnels.

Answer: A,B

Explanation:
Explanation
A tunnel is a connection between two computer networks, in which data is sent from one network to another through an encrypted link. Tunnels are commonly used to secure data communications between two networks or to connect two networks that use different protocols.
Option B is correct, because tunnel endpoints must have a valid route to the remote tunnel endpoint. A tunnel endpoint is the device that initiates or terminates a tunnel connection. For a tunnel to be established, both endpoints must be able to reach each other over the underlying network. This means that they must have a valid route to the IP address of the remote endpoint1.
Option D is correct, because tunnels add additional overhead to packet size. Tunnels work by encapsulating packets: wrapping packets inside of other packets. This means that the original packet becomes the payload of the surrounding packet, and the surrounding packet has its own header and trailer. The header and trailer of the surrounding packet add extra bytes to the packet size, which is called overhead. Overhead can reduce the efficiency and performance of a network, as it consumes more bandwidth and processing power2.
Option A is incorrect, because BFD can be used to monitor tunnels. BFD is a protocol that can be used to quickly detect failures in the forwarding path between two adjacent routers or switches. BFD can be integrated with various routing protocols and link aggregation protocols to provide faster convergence and fault recovery.
BFD can also be used to monitor the connectivity of tunnels, such as GRE, IPsec, or MPLS.
Option C is incorrect, because IP-IP tunnels are stateless. IP-IP tunnels are a type of tunnels that use IP as both the encapsulating and encapsulated protocol. IP-IP tunnels are simple and easy to configure, but they do not provide any security or authentication features. IP-IP tunnels are stateless, which means that they do not keep track of the state or status of the tunnel connection. Stateless tunnels do not require any signaling or negotiation between the endpoints, but they also do not provide any error detection or recovery mechanisms.
References:
1: What is Tunneling? | Tunneling in Networking 2: What Is Tunnel In Networking, Its Types, And Its Benefits? : [Configuring Bidirectional Forwarding Detection] : [IP-IP Tunneling]

NEW QUESTION # 30
You want to use filter-based forwarding (FBF) on your Internet peering router to load-balance traffic to two directly connected ISPs based on the source address.
Which two statements are correct in this scenario? (Choose two.)

• A. RIB groups are used to hide routes in the inet. 0 routing table.
• B. FBF uses the forwarding routing instance type.
• C. FBF uses the no-forwarding routing instance type.
• D. RIB groups are used to copy routes from the inet. o routing table.

Answer: B,D

Explanation:
Option B is correct. Filter-based forwarding (FBF), also known as Policy Based Routing (PBR), uses the forwarding routing instance type12.
Option C is correct. Routing Information Base (RIB) groups are used to copy routes from one routing table to another34. In the context of FBF, RIB groups can be used to copy routes from the inet.0 routing table34.
Option A is incorrect. FBF does not use the no-forwarding routing instance type15.
Option D is incorrect. RIB groups are not used to hide routes in the inet.0 routing table34. They are used to share or copy routes between different routing tables34.

NEW QUESTION # 31
Refer to the exhibit.

Referring to the output shown in the exhibit, which statement is correct?

• A. An MTU mismatch exists between the OSPF neighbors.
• B. The state is normal for a DRother neighbor
• C. The state is normal for a DR neighbor.
• D. An area ID mismatch exists between the OSPF neighbors

Answer: B

Explanation:
Explanation
In OSPF, the state of the neighbor relationship is determined by the exchange of OSPF packets between routers1. The state "2Way" as shown in the exhibit indicates that bi-directional communication has been established between the two OSPF routers1. This is the normal state for a neighbor that is not the Designated Router (DR) or Backup Designated Router (BDR) on a broadcast, non-broadcast multi-access (NBMA), or point-to-multipoint network1. These neighbors are often referred to as "DRothers"1. Therefore, option B is correct.

NEW QUESTION # 32
Exhibit

Which command displays the output shown in the exhibit?

• A. show route forwarding-table family ethernet-switching
• B. show ethernet-switching table extensive
• C. show ethernet-switching table
• D. show route forwarding-table

Answer: C

Explanation:
The output shown in the exhibit is a brief display of the Ethernet switching table, which shows the learned Layer 2 MAC addresses for each VLAN and interface1.
The command show ethernet-switching table displays the Ethernet switching table with brief information, such as the destination MAC address, the VLAN name, the forwarding state, and the interface name1.
The command show route forwarding-table displays the routing table information for each protocol family, such as inet, inet6, mpls, iso, and so on2. It does not show the Ethernet switching table or the MAC addresses.
The command show ethernet-switching table extensive displays the Ethernet switching table with extensive information, such as the destination MAC address, the VLAN name, the forwarding state, the interface name, the VLAN index, and the tag type1. It shows more details than the brief output shown in the exhibit.
The command show route forwarding-table family ethernet-switching displays the routing table information for the ethernet-switching protocol family, whichshows the destination MAC address, the next-hop MAC address, and the interface name3. It does not show the VLAN name or the forwarding state.

NEW QUESTION # 33
You need to configure a LAG between your switches. In this scenario, which two statements are correct?
(Choose two.)

• A. Member links are not required to be contiguous ports.
• B. Duplex and speed settings are required to match on both participating devices.
• C. Member links are required to be contiguous ports.
• D. Duplex and speed settings are not required to match on both participating devices.

Answer: A,B

Explanation:
B is correct because duplex and speed settings are required to match on both participating devices. According to the Juniper Networks documentation1, all the interfaces in a LAG must have the same speed and be in full-duplex mode. This ensures that the LAG can operate as a single logical link without any performance or compatibility issues.
C is correct because member links are not required to be contiguous ports. According to the Juniper Networks documentation2, you can group any Ethernet interfaces on a switch into a LAG, regardless of their physical location or slot number. This provides flexibility and scalability for configuring LAGs on switches.

NEW QUESTION # 34
Which statement is correct about the storm control feature?

• A. The storm control configuration only applies to traffic being sent between the forwarding and control plane.
• B. The storm control feature is enabled in the factory-default configuration on EX Series switches.
• C. The storm control feature requires a special license on EX Series switches.
• D. The storm control feature is not supported on aggregate Ethernet interfaces.

Answer: B

Explanation:
Option A is correct. The storm control feature is enabled in the factory-default configuration on EX Series switches12. On EX2200, EX3200, EX3300, EX4200, and EX6200 switches, the factory default configuration enables storm control for broadcast and unknown unicast traffic on all switch interfaces2. On EX4300 switches, the factory default configuration enables storm control on all Layer 2 switch interfaces1.
Option B is incorrect. The storm control feature does not require a special license on EX Series switches34.
Option C is incorrect. There's no information available that suggests the storm control feature is not supported on aggregate Ethernet interfaces.
Option D is incorrect. The storm control configuration applies to traffic at the ingress of an interface5, not just between the forwarding and control plane.

NEW QUESTION # 35
Which statement about aggregate routes is correct?

• A. Aggregate routes can only be used for static routing but not for dynamic routing protocols.
• B. Aggregate routes are automatically generated for all of the subnets in a routing table.
• C. Aggregate routes are always preferred over more specific routes, even when the specific routes have a better path.
• D. Aggregate routes are used for advertising summarized network prefixes.

Answer: D

Explanation:
Explanation
Aggregate routes are used for advertising summarized network prefixes12. They help minimize the number of routing tables in an IP network by consolidating selected multiple routes into a single route advertisement1. This approach is in contrast to non-aggregation routing, in which every routing table contains a unique entry for each route1.
Therefore, option D is correct. Options A, B, and C are not correct because:
Aggregate routes can be used with both static routing and dynamic routing protocols1.
Aggregate routes are not automatically generated for all of the subnets in a routing table. They need to be manually configured1.
Aggregate routes are not always preferred over more specific routes. The route selection process in Junos OS considers several factors, including route preference and metric, before determining the active route1.

NEW QUESTION # 36
......

Pass Your Juniper Exam with JN0-351 Exam Dumps: https://www.testpassking.com/JN0-351-exam-testking-pass.html

Pass JN0-351 Exam Info and Free Practice Test: https://drive.google.com/open?id=1Oc_fc7aRV-DGXKed2exhorCET3fc5fOt