[Free] 2019(Nov) EnsurePass Juniper JN0-346 Dumps with VCE and PDF 11-20

Get Full Version of the Exam

Question No.11

Which two port security features are dependent on the DHCP snooping database? (Choose two.)

  1. MAC limiting

  2. dynamic ARP inspection

  3. IP source guard

  4. storm control

Correct Answer: BC


B: Dynamic ARP inspection (DAI) prevents Address Resolution Protocol (ARP) spoofing attacks. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made on the basis of the results of those comparisons.

C: IP source guard mitigates the effects of IP address spoofing attacks on the Ethernet LAN. With IP source guard enabled, the source IP address in the packet sent from an untrusted access interface is validated against the source MAC address in the DHCP snooping database. The packet is forwarded if the source IP-MAC binding is valid; if the binding is not valid, the packet is discarded. You enable IP source guard on a VLAN. EX Series switches support IPv6 source guard also.



Question No.12

Click the Exhibit button. Switch-1 in the exhibit receives a packet from User A with a destination MAC address of 00:26:88:02:74:48. Which statement is correct?


  1. Switch-1 floods the packet out ge-0/0/6, ge-0/0/7, and ge-0/0/8.

  2. Switch-1 sends the packet out ge-0/0/7 only.

  3. Switch-1 sends the packet out ge-0/0/8 only.

  4. Switch-1 floods the packet out ge-0/0/7 and ge-0/0/8.

Correct Answer: D


A switch populates its mac-address table with mac addresses registered on incoming frames. As a result, when the switch needs to forward a frame destined to that specific mac-address, it will know out of which port to send the frame. Flooding however occurs when the switch does not know of the destination mac-address ?say the switch has not learnt that mac address yet; or maybe that specific entry expired so it got flushed away from the mac-address table. To ensure the framereaches its intended destination, the switch will replicate that frame out of all ports, less the port where the frame was received ?that#39;s flooding.



Question No.13

What would be used to combine multiple switches into a single management platform?

  1. redundant trunk groups

  2. Virtual Chassis

  3. graceful Routing Engine switchover

  4. Virtual Router Redundancy Protocol

Correct Answer: B


Many Juniper Networks EX Series switches support the Virtual Chassis flexible, scaling switch solution. You can connect individual switches together to form one unit and manage the unit as a single chassis.


http://www.juniper.net/documentation/en_US/junos14.1/topics/concept/virtual-chassis-ex4200- overview.html

Question No.14

Which statement about IS-IS adjacencies is true?

  1. Adjacency formation between Level 2 routers must have different area IDs.

  2. Adjacency formation between Level 2 routers must have the same area ID.

  3. Adjacency formation between Level 1 routers must have the same area ID.

  4. Adjacency formation between Level 1 routers must have different area IDs.

Correct Answer: C


IS-IS hello PDUs establish adjacencies with other routers and have three different formats: one for point-to-point hello packets, one for Level 1 broadcast links, and one for Level 2 broadcast links. Level 1 routers must share the same area address to form anadjacency, while Level 2 routers do not have this limitation.



Question No.15

Click the Exhibit button. You are notified that clients connected to your EX Series switch are not receiving IP addresses from the DHCP server. You examine the switch configuration and notice

that DHCP snooping has been enabled. In this scenario, what would cause the problem?


  1. The location information is not being inserted into the DHCP option 82 requests.

  2. The dynamic ARP inspection feature needs to be enabled on the ge-0/0/0 interface.

  3. The DHCP relay setting in theforwarding-optionshierarchy has not been configured.

  4. The DHCPserver#39;s ge-0/0/0 interface has not been configured as a trusted interface.

Correct Answer: B


You can configure DHCP snooping, dynamic ARP inspection (DAI), MAC limiting, persistent MAC learning, and MAC move limiting on the access ports of EX Series switches toprotect the switches and the Ethernet LAN against address spoofing and Layer 2 denial- of-service (DoS) attacks. You can also configure a trusted DHCP server and specific (allowed) MAC addresses for the switch interfaces.

Step-by-Step Procedure

Configurebasic port security on the switch: Etc.



Question No.16

Which two statements are correct about a Virtual Chassis? (Choose two.)

  1. A Virtual Chassis is managed using a single virtual console port.

  2. Each device must be managed separately.

  3. All members in a Virtual Chassis must be running the same Junos version.

  4. You must use the same EX Series switch for all members in a Virtual Chassis.

Correct Answer: AC


A: You can connect a PCor laptop directly to a console port of any member switch to set up and configure the Virtual Chassis. When you connect to the console port of any member switch, the console session is redirected to the master switch.

C: In a Virtual Chassis, each member switch must be running the same version of Juniper Networks Junos operating system (Junos OS).

Question No.17

Which three statements are correct about the voice VLAN feature? (Choose three.)

  1. It allows the access port to accept tagged voice and untagged data packets.

  2. It allows you to apply independent CoS actions to data and voice packets.

  3. It can be used with LLDP-MED to dynamically assign the VLAN ID value to IP phones.

  4. It allows trunk ports to accept tagged voice and untagged data packets.

  5. It must use the same VLAN ID as data traffic on a defined interface.

Correct Answer: ABC


A (not D): The Voice VLAN feature in EX-series switches enables access ports to accept bothdata (untagged) and voice (tagged) traffic and separate that traffic into different VLANs.

B: To assign differentiated priority to Voice traffic, it is recommended that class of service (CoS) is configured prior to enabling the voice VLAN feature. Typically, voice traffic is treated with a higher priority than common user traffic. Without differentiated treatment through CoS, all traffic, regardless of the type, is subject to the same delay during times of congestion.

C: In conjunction with Voice VLAN, you can utilize Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) to provide the voice VLAN ID and 802.1p values to the attached IP phones. This dynamic method associates each IP phone with the appropriate voice VLAN and assigns the necessary802.1p values, which are used by CoS, to differentiate service for voice traffic within a network.

References: https://kb.juniper.net/InfoCenter/index?page=contentamp;id=KB11062amp;actp=searc h

Question No.18

Click the Exhibit button. Referring to the exhibit, what does the asterisk (*) following the ge- 0/0/5.0 interface indicate?


  1. It indicates the interface is a trunk port.

  2. It indicates the interface is not active.

  3. It indicates the interface is an access port.

  4. It indicates the interface is active.

Correct Answer: D


An asterisk (*) beside the interface indicates that the interface is UP.

References: http://www.juniper.net/documentation/en_US/junos14.1/topics/reference/command- summary/show-vlans-bridging-qfx-series.html

Question No.19

Which device is used to separate collision domains?

  1. switch

  2. router

  3. hub

  4. firewall Correct Answer: A Explanation:

Modern wired networks use a network switch to reduce or eliminate collisions. By connecting each device directly to a port on the switch, either each port on a switch becomes itsown collision domain (in the case of half duplex links) or the possibility of collisions is eliminated entirely in the

case of full duplex links.

References: https://en.wikipedia.org/wiki/Collision_domain

Question No.20

Router-1 and Router-2 need to connect through the Internet using a tunneling technology. Hosts that are connected to Router-1 and Router-2 will be sending traffic up to 1500 bytes. The maximum segment size is supported across the path is 1520 bytes. Which tunneling technology will allow this communication to take place?

  1. GRE tunnel

  2. IPsec VPN transport mode

  3. IPsec VPN tunnel mode

  4. IP-IP tunnel

Correct Answer: D


Difference Between GRE and IP-IP Tunnel.

Generic Routing Encapsulation (GRE) and IP-in-IP (IPIP) are two rather similar tunneling mechanisms which are often confused.

In terms of less overhead, the GRE header is 24 bytes and an IP header is 20 bytes.

Get Full Version of the Exam
JN0-346 Dumps
JN0-346 VCE and PDF