JN0-664 Free Exam Questions and Answers PDF Updated on Apr-2024
Latest JN0-664 Exam Dumps Recently Updated 72 Questions
NEW QUESTION # 28
You are a network architect for a service provider and want to offer Layer 2 services to your customers You want to use EVPN for Layer 2 services in your existing MPLS network.
Which two statements are correct in this scenario? (Choose two.)
- A. EVPN uses Type 2 routes to advertise MAC address and IP address pairs learned using ARP snooping
- B. VXLAN must be configured on all PE routers.
- C. EVPN uses Type 3 routes to join a multicast tree to flood traffic.
- D. Segment routing must be configured on all PE routers.
Answer: A,C
Explanation:
EVPN is a technology that connects L2 network segments separated by an L3 network using a virtual Layer 2 network overlay over the Layer 3 network. EVPN uses BGP as its control protocol to exchange different types of routes for different purposes. Type 2 routes are used to advertise MAC address and IP address pairs learned using ARP snooping from the local CE devices. Type 3 routes are used to join a multicast tree to flood traffic such as broadcast, unknown unicast, and multicast (BUM) traffic.
NEW QUESTION # 29
Which statement is true regarding BGP FlowSpec?
- A. It is used to protect a network from denial-of-service attacks dynamically
- B. It uses a remote triggered black hole to protect a network from a denial-of-service attack.
- C. It verifies that the source IP of the incoming packet has a resolvable route in the routing table
- D. It uses dynamically created routing policies to protect a network from denial-of-service attacks
Answer: D
Explanation:
Explanation
BGP FlowSpec is a feature that extends the Border Gateway Protocol (BGP) to enable routers to exchange traffic flow specifications, allowing for more precise control of network traffic. The BGP FlowSpec feature enables routers to advertise and receive information about specific flows in the network, such as those originating from a particular source or destined for a particular destination. Routers can then use this information to construct traffic filters that allow or deny packets of a certain type, rate limit flows, or perform other actions1. BGP FlowSpec can also help in filtering traffic and taking action against distributed denial of service (DDoS) attacks by dropping the DDoS traffic or diverting it to an analyzer2. BGP FlowSpec rules are internally converted to equivalent Cisco Common Classification Policy Language (C3PL) representing corresponding match and action parameters2. Therefore, BGP FlowSpec uses dynamically created routing policies to protect a network from denial-of-service attacks.
References: 1: https://www.networkingsignal.com/what-is-bgp-flowspec/ 2:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-flowspe
NEW QUESTION # 30
In IS-IS, which two statements are correct about the designated intermediate system (DIS) on a multi-access network segment? (Choose two)
- A. On the multi-access network, each router forms an adjacency to every other router on the segment
- B. A router with a priority of 10 wins the DIS election over a router with a priority of 1.
- C. On the multi-access network, each router only forms an adjacency to the DIS.
- D. A router with a priority of 1 wins the DIS election over a router with a priority of 10.
Answer: B,C
Explanation:
In IS-IS, a designated intermediate system (DIS) is a router that is elected on a multi-access network segment (such as Ethernet) to perform some functions on behalf of other routers on the same segment. A DIS is responsible for sending network link-state advertisements (LSPs), which describe all the routers attached to the network. These LSPs are flooded throughout a single area. A DIS also generates pseudonode LSPs, which represent the multi-access network as a single node in the link-state database. A DIS election is based on the priority value configured on each router's interface connected to the multi-access network. The priority value ranges from 0 to 127, with higher values indicating higher priority. The router with the highest priority becomes the DIS for the area (Level 1, Level 2, or both). If routers have the same priority, then the router with the highest MAC address is elected as the DIS. By default, routers have a priority value of 64. On a multi-access network, each router only forms an adjacency to the DIS, not to every other router on the segment. This reduces the amount of hello packets and LSP
NEW QUESTION # 31
You are configuring anycast RP for load balancing and redundancy in your PIM-SM domain. You want to share active sources between RPs.
In this scenario, what are two solutions that will accomplish this task? (Choose two.)
- A. Configure MSDP on each RP router.
- B. Configure anycast PIM with the rp-set statement on each RP router.
- C. Configure MSDP on each source DR router.
- D. Configure anycast PIM with the rp-set statement on each source DR router.
Answer: A,B
NEW QUESTION # 32
You are responding to an RFP for a new MPLS VPN implementation. The solution must use LDP for signaling and support Layer 2 connectivity without using BGP The solution must be scalable and support multiple VPN connections over a single MPLS LSP The customer wants to maintain all routing for their Private network In this scenario, which solution do you propose?
- A. BGP Layer 2 VPN
- B. LDP Layer 2 circuit
- C. translational cross-connect
- D. circuit cross-connect
Answer: B
Explanation:
Explanation
AToM (Any Transport over MPLS) is a framework that supports various Layer 2 transport types over an MPLS network core. One of the transport types supported by AToM is LDP Layer 2 circuit, which is a point-to-point Layer 2 connection that uses LDP for signaling and MPLS for forwarding. LDP Layer 2 circuit can support Layer 2 connectivity without using BGP and can be scalable and efficient by using a single MPLS LSP for multiple VPN connections. The customer can maintain all routing for their private network by using their own CE switches.
NEW QUESTION # 33
What is the correct order of packet flow through configurable components in the Junos OS CoS features?
- A. Behavior Aggregate Classifier -> Multifield Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Scheduler/Shaper/RED -> Rewrite Marker
- B. Multifield Classifier -> Behavior Aggregate Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Rewrite Marker -> Scheduler/Shaper/RED
- C. Behavior Aggregate Classifier -> Input Policer -> Multifield Classifier -> Forwarding Policy Options -> Fabric Scheduler -> Output Policer -> Scheduler/Shaper/RED -> Rewrite Marker
- D. Behavior Aggregate Classifier -> Multifield Classifier -> Input Policer -> Forwarding Policy Options -> Fabric Scheduler -> Scheduler/Shaper/RED -> Output Policer -> Rewrite Marker
Answer: C
Explanation:
Explanation
The correct order of packet flow through configurable components in the Junos OS CoS features is as follows:
* Behavior Aggregate Classifier: This component uses a single field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined or user-defined values.
* Input Policer: This component applies rate-limiting and marking actions to incoming traffic based on the forwarding class and loss priority assigned by the classifier.
* Multifield Classifier: This component uses multiple fields in a packet header to classify traffic into different forwarding classes and loss priorities based on user-defined values and filters.
* Forwarding Policy Options: This component applies actions such as load balancing, filtering, or routing to traffic based on the forwarding class and loss priority assigned by the classifier.
* Fabric Scheduler: This component schedules traffic across the switch fabric based on the forwarding class and loss priority assigned by the classifier.
* Output Policer: This component applies rate-limiting and marking actions to outgoing traffic based on the forwarding class and loss priority assigned by the classifier.
* Scheduler/Shaper/RED: This component schedules, shapes, and drops traffic at the egress interface based on the forwarding class and loss priority assigned by the classifier.
* Rewrite Marker: This component rewrites the code-point bits of packets leaving an interface based on the forwarding class and loss priority assigned by the classifier.
NEW QUESTION # 34
Exhibit
Referring to the exhibit, you are receiving the 192.168 0 0/16 route on both R3 and R4 from your EBGP neighbor You must ensure that R1 and R2 receive both BGP routes from the route reflector In this scenario, which BGP feature should you configure to accomplish this behavior?
- A. add-path
- B. multihop
- C. route-target
- D. multipath
Answer: A
Explanation:
Explanation
BGP add-path is a feature that allows the advertisement of multiple paths through the same peering session for the same prefix without the new paths implicitly replacing any previous paths. This behavior promotes path diversity and reduces multi-exit discriminator (MED) oscillations. BGP add-path is implemented by adding a path identifier to each path in the NLRI. The path identifier can be considered as something similar to a route distinguisher in VPNs, except that a path ID can apply to any address family. Path IDs are unique to a peering session and are generated for each network3. In this question, we have a route reflector (RR) that receives two routes for the same prefix (192.168.0.0/16) from an EBGP neighbor. By default, the RR will only advertise its best path to its clients (R1 and R2). However, we want R1 and R2 to receive both routes from the RR. To achieve this, we need to configure BGP add-path on the RR and enable it to send multiple paths for the same prefix to its clients.
NEW QUESTION # 35
Which two statements are correct about a sham link? (Choose two.)
- A. It creates an OSPF multihop neighborship between two PE routers.
- B. The PEs exchange Type 3 OSPF LSAs instead of Type 1 OSPF LSAs for the L3VPN routes.
- C. It creates a BGP multihop neighborship between two PE routers.
- D. The PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes
Answer: A,D
Explanation:
Explanation
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents OSPF from preferring an intra-area back door link over the VPN backbone. A sham link creates an OSPF multihop neighborship between the PE routers using TCP port 646. The PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes, which allows OSPF to use the correct metric for route selection1.
NEW QUESTION # 36
Which two statements are correct about a sham link? (Choose two.)
- A. It creates an OSPF multihop neighborship between two PE routers.
- B. The PEs exchange Type 3 OSPF LSAs instead of Type 1 OSPF LSAs for the L3VPN routes.
- C. It creates a BGP multihop neighborship between two PE routers.
- D. The PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes
Answer: A,D
Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents OSPF from preferring an intra-area back door link over the VPN backbone. A sham link creates an OSPF multihop neighborship between the PE routers using TCP port 646. The PEs exchange Type 1 OSPF LSAs instead of Type 3 OSPF LSAs for the L3VPN routes, which allows OSPF to use the correct metric for route selection1.
NEW QUESTION # 37
Exhibit
You must ensure that the VPN backbone is preferred over the back door intra-area link as long as the VPN is available. Referring to the exhibit, which action will accomplish this task?
- A. Create an OSPF sham link between the PE routers.
- B. Configure an import routing policy on the CE routers that rejects OSPF routes learned on the backup intra-area link.
- C. Enable OSPF traffic-engineering.
- D. Configure the OSPF metric on the backup intra-area link that is higher than the L3VPN link.
Answer: A
Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents OSPF from preferring an intra-area back door link over the VPN backbone. To create a sham link, you need to configure the local and remote addresses of the PE routers under the [edit protocols ospf area area-id] hierarchy level1.
NEW QUESTION # 38
Exhibit.
Referring to the exhibit; the 10.0.0.0/24 EBGP route is received on R5; however, the route is being hidden.
What are two solutions that will solve this problem? (Choose two.)
- A. On R4, create a policy to change the BGP next hop to 172.16.1.1 and apply it to IBGP as an export policy
- B. Add the internal interface prefix to the BGP routing tables.
- C. On R4, create a policy to change the BGP next hop to itself and apply it to IBGP as an export policy
- D. Add the external interface prefix to the IGP routing tables
Answer: C,D
Explanation:
Explanation
the default behavior for iBGP is to propagate EBGP-learned prefixes without changing the next-hop. This can cause issues if the next-hop is not reachable via the IGP. One solution is to use the next-hop self command on R4, which will change the next-hop attribute to its own loopback address. This way, R5 can reach the next-hop via the IGP and install the route in its routing table.
Another solution is to add the external interface prefix (120.0.4.16/30) to the IGP routing tables of R4 and R5.
This will also make the next-hop reachable via the IGP and allow R5 to use the route. According to 2, this is a possible workaround for a pure IP network, but it may not work well for an MPLS network.
NEW QUESTION # 39
Which two statements are correct about the customer interface in an LDP-signaled pseudowire? (Choose two)
- A. When the encapsulation is vlan-ccc or extended-vlan-ccc, the configured VLAN tag is not included in the control plane LDP advertisement
- B. When the encapsulation is ethemet-ccc, tagged and untagged frames are both accepted in the data plane.
- C. When the encapsulation is ethernet-ccc, only frames without a VLAN tag are accepted in the data plane
- D. When the encapsulation is vLan-ccc or extended-vlan-ccc, the configured VLAN tag is included in the control plane LDP advertisement
Answer: B,D
Explanation:
Explanation
The customer interface in an LDP-signaled pseudowire is the interface on the PE router that connects to the CE device. An LDP-signaled pseudowire is a type of Layer 2 circuit that uses LDP to establish a point-to-point connection between two PE routers over an MPLS network. The customer interface can have different encapsulation types depending on the type of traffic that is carried over the pseudowire. The encapsulation types are ethernet-ccc, vlan-ccc, extended-vlan-ccc, atm-ccc, frame-relay-ccc, ppp-ccc, cisco-hdlc-ccc, and tcc-ccc. Depending on the encapsulation type, the customer interface can accept or reject tagged or untagged frames in the data plane, and include or exclude VLAN tags in the control plane LDP advertisement. The following table summarizes the behavior of different encapsulation types:
NEW QUESTION # 40
Which two statements about IS-IS are correct? (Choose two.)
- A. PSNPs contain only descriptions of LSPs.
- B. CSNPs are flooded periodically.
- C. PSNPs are flooded periodically.
- D. CSNPs contain only descriptions of LSPs.
Answer: A,B
Explanation:
LSPs contain information about the state and cost of links in the network, and are flooded periodically throughout the network. PSNPs are used to acknowledge receipt of LSPs and request retransmission of missing or corrupted LSPs. PSNPs contain only descriptions of LSPs, such as their sequence numbers and checksums. CSNPs contain a complete list of all link-state PDUs in the IS-IS database. CSNPs are sent periodically on all links, and the receiving systems use the information in the CSNP to update and synchronize their link-state PDU databases.
NEW QUESTION # 41
When building an interprovider VPN, you notice on the PE router that you have hidden routes which are received from your BGP peer with family inet labeled-unica3t configured.
Which parameter must you configure to solve this problem?
- A. Under the family inet labeled-unicast hierarchy, add the resolve-vpn parameter.
- B. Under the protocols mpls hierarchy, add the traffic-engineering parameter
- C. Under the family inet labeled-unicast hierarchy, add the explicit null parameter.
- D. Under the protocols ospf hierarchy, add the traffic-engineering parameter.
Answer: A
Explanation:
The resolve-vpn parameter is a BGP option that allows a router to resolve labeled VPN-IPv4 routes using unlabeled IPv4 routes received from another BGP peer with family inet labeled-unicast configured. This option enables interprovider VPNs without requiring MPLS labels between ASBRs or using VRF tables on ASBRs. In this scenario, you need to configure the resolve-vpn parameter under [edit protocols bgp group external family inet labeled-unicast] hierarchy level on both ASBRs.
NEW QUESTION # 42
Which three mechanisms are used by Junos platforms to evaluate incoming traffic for CoS purposes? (Choose three )
- A. rewrite rules
- B. fixed classifiers
- C. behavior aggregate classifiers
- D. traffic shapers
- E. multifield classifiers
Answer: B,C,E
Explanation:
Junos platforms use different mechanisms to evaluate incoming traffic for CoS purposes, such as:
Behavior aggregate classifiers: These classifiers use a single field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined or user-defined values.
Fixed classifiers: These classifiers use a fixed field in a packet header to classify traffic into different forwarding classes and loss priorities based on predefined values.
Multifield classifiers: These classifiers use multiple fields in a packet header to classify traffic into different forwarding classes and loss priorities based on user-defined values and filters.
Rewrite rules and traffic shapers are not used to evaluate incoming traffic for CoS purposes, but rather to modify or shape outgoing traffic based on CoS policies.
NEW QUESTION # 43
Exhibit
Referring to the exhibit, which statement is correct?
- A. The vrf-target configuration will stop routes from being shared between CE-1 and CE-2.
- B. The route-diatinguisher configuration will stop routes from being shared between CE-1 and CE-2.
- C. The vrf-target configuration will allow routes to be shared between CE-1 and CE-2.
- D. The route-distinguisher configuration will allow overlapping routes to be shared between CE-1 and CE-2.
Answer: D
Explanation:
Explanation
The route distinguisher (RD) is a BGP attribute that is used to create unique VPN IPv4 prefixes for each VPN in an MPLS network. The RD is a 64-bit value that consists of two parts: an administrator field and an assigned number field. The administrator field can be an AS number or an IP address, and the assigned number field can be any arbitrary value chosen by the administrator. The RD is prepended to the IPv4 prefix to create a VPN IPv4 prefix that can be advertised across the MPLS network without causing any overlap or conflict with other VPNs. In this question, we have two PE routers (PE-1 and PE-2) that are connected to two CE devices (CE-1 and CE-2) respectively. PE-1 and PE-2 are configured with VRFs named Customer-A and Customer-B respectively.
NEW QUESTION # 44
Exhibit
Referring to the exhibit, PE-1 and PE-2 are getting route updates for VPN-B when neither of them service that VPN Which two actions would optimize this process? (Choose two.)
- A. Configure the family route-target statement on the RR.
- B. Configure the resolution rib bgp.l3vpn.0 resolution-ribs inet.0 statement on the RR.
- C. Configure the family route-target statement on the PEs.
- D. Configure the resolution rib bgp.l3vpn.0 resolution-ribs inet.0 statement on the PEs.
Answer: A,B
Explanation:
BGP route target filtering can be configured on PE devices or on route reflectors (RRs). Configuring BGP route target filtering on RRs is more efficient and scalable, as it reduces the number of BGP sessions and updates between PE devices. To configure BGP route target filtering on RRs, the following steps are required:
Configure the family route-target statement under the BGP group or neighbor configuration on the RRs. This enables the exchange of the route-target address family between the RRs and their clients (PE devices).
Configure the resolution rib bgp.l3vpn.0 resolution-ribs inet.0 statement under the routing-options configuration on the RRs. This enables the RRs to resolve next hops for VPN routes using the inet.0 routing table.
NEW QUESTION # 45
You are configuring a BGP signaled Layer 2 VPN across your MPLS enabled core network. Your PE-2 device connects to two sites within the s VPN In this scenario, which statement is correct?
- A. By default on PE-2, the remote site IDs are automatically assigned based on the order that you add the interfaces to the site configuration.
- B. By default on PE-2, the site's local ID is automatically assigned a value of 0 and must be configured to match the total number of attached sites.
- C. You must create a unique Layer 2 VPN routing instance for each site on the PE-2 device.
- D. You must use separate physical interfaces to connect PE-2 to each site.
Answer: A
Explanation:
BGP Layer 2 VPNs use BGP to distribute endpoint provisioning information and set up pseudowires between PE devices. BGP uses the Layer 2 VPN (L2VPN) Routing Information Base (RIB) to store endpoint provisioning information, which is updated each time any Layer 2 virtual forwarding instance (VFI) is configured. The prefix and path information is stored in the L2VPN database, which allows BGP to make decisions about the best path.
In BGP Layer 2 VPNs, each site has a unique site ID that identifies it within a VFI. The site ID can be manually configured or automatically assigned by the PE device. By default, the site ID is automatically assigned based on the order that you add the interfaces to the site configuration. The first interface added to a site configuration has a site ID of 1, the second interface added has a site ID of 2, and so on.
Option D is correct because by default on PE-2, the remote site IDs are automatically assigned based on the order that you add the interfaces to the site configuration. Option A is not correct because by default on PE-2, the site's local ID is automatically assigned a value of 0 and does not need to be configured to match the total number of attached sites. Option B is not correct because you do not need to create a unique Layer 2 VPN routing instance for each site on the PE-2 device. You can create one routing instance for all sites within a VFI. Option C is not correct because you do not need to use separate physical interfaces to connect PE-2 to each site. You can use subinterfaces or service instances on a single physical interface.
NEW QUESTION # 46
Exhibit
CE-1 must advertise ten subnets to PE-1 using BGP Once CE-1 starts advertising the subnets to PE-1, the BGP peering state changes to Active.
Referring to the CLI output shown in the exhibit, which statement is correct?
- A. The prefix limit has been reached on PE-1
- B. CE-1 is advertising its entire routing table.
- C. CE-1 is unreachable
- D. CE-1 is configured with an incorrect peer AS
Answer: D
Explanation:
The problem in this scenario is that CE-1 is configured with an incorrect peer AS number for its BGP session with PE-1. The CLI output shows that CE-1 is using AS 65531 as its local AS number and AS 65530 as its peer AS number. However, PE-1 is using AS 65530 as its local AS number and AS 65531 as its peer AS number. This causes a mismatch in the BGP OPEN messages and prevents the BGP session from being established. To solve this problem, CE-1 should configure its peer AS number as 65530 under [edit protocols bgp group external] hierarchy level.
NEW QUESTION # 47
Exhibit
Referring to the exhibit, CE-1 is providing NAT services for the hosts at Site 1 and you must provide Internet access for those hosts Which two statements are correct in this scenario? (Choose two.)
- A. You must configure a static route in the main routing instance for the 203.0.113.1/32 prefix that uses the VPN-A.inet.0 table as the next hop.
- B. You must configure a RIB group on PE-1 to leak the 10 1 2.0/24 prefix from the VPN-A.inet.0 table to the inet.0 table.
- C. You must configure a static route in the main routing instance for the 10 1 2.0/24 prefix that uses the VPN-A.inet.0 table as the next hop
- D. You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPN-A.inet.0 table.
Answer: A,C
Explanation:
Explanation
To provide Internet access for the hosts at Site 1, you need to configure static routes in the main routing instance on PE-1 that point to the VPN-A.inet.0 table as the next hop. This allows PE-1 to forward traffic from the Internet to CE-1 using MPLS labels and vice versa. You need to configure two static routes: one for the
10.1.2.0/24 prefix that represents the private network of Site 1, and one for the 203.0.113.1/32 prefix that represents the public IP address of CE-1.
NEW QUESTION # 48
After a recent power outage, your manager asks you to investigate ways to automatically reduce the impact caused by suboptimal routing in your OSPF and OSPFv3 network after devices reboot.
Which three configuration statements accomplish this task? (Choose three.)
- A. set protocols ospf3 overload
- B. set protocols ospf3 realm ipv4-unicast overload timeout 900
- C. set protocols oapf3 overload timeout 900
- D. set protocols ospf overload timeout 900
- E. set protocols ospf overload
Answer: A,D
Explanation:
Explanation
To reduce the impact of suboptimal routing in OSPF and OSPFv3 after devices reboot, you can use the overload feature to prevent a router from being used as a transit router for a specified period of time. This allows the router to stabilize its routing table before forwarding traffic for other routers. To enable the overload feature, you need to do the following:
* For OSPF, configure the overload statement under [edit protocols ospf] hierarchy level. You can also specify a timeout value in seconds to indicate how long the router should remain in overload state after it boots up. For example, set protocols ospf overload timeout 900 means that the router will be in overload state for 15 minutes after it boots up.
* For OSPFv3, configure the overload statement under [edit protocols ospf3] hierarchy level. You can also specify a realm (ipv4-unicast or ipv6-unicast) and a timeout value in seconds to indicate how long the router should remain in overload state after it boots up for each realm. For example, set protocols ospf3 realm ipv4-unicast overload timeout 900 means that the router will be in overload state for 15 minutes after it boots up for IPv4 unicast routing.
NEW QUESTION # 49
......
The JN0-664 certification exam is designed to test the skills and knowledge required to configure and troubleshoot Junos-based service provider routing and switching networks. JN0-664 exam covers a wide range of topics, including OSPF, BGP, IS-IS, MPLS, Layer 2 VPNs, Layer 3 VPNs, multicast, QoS, and security. JN0-664 exam also tests candidates' knowledge of Junos automation and scripting tools.
Juniper JN0-664 Real 2024 Braindumps Mock Exam Dumps: https://www.free4torrent.com/JN0-664-braindumps-torrent.html
JN0-664 Exam Questions | Real JN0-664 Practice Dumps: https://drive.google.com/open?id=1UioBiomnWZGg-D4OYDsjl56SbIWwmb8C