Saturday 31 December 2016

JN0-643 Enterprise Routing and Switching, Professional (JNCIP-ENT)

JNCIP-ENT Exam Objectives (Exam: JN0-643 and JN0-646)

OSPF
Describe the concepts, operation and functionality of OSPFv2 and OSPFv3
OSPF LSA types
OSPF area types and operations
LSA flooding through an OSPF multi-area network
DR/BDR operation
SPF algorithm
Metrics, including external metric types
Authentication options
Route summarization and restriction
Overload
Virtual links
OSPFv2 vs OSPFv3
Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
Implement OSPF routing policy

BGP
Describe the concepts, operation and functionality of BGP
BGP route selection process
Next hop resolution
BGP attributes - concept and operation
BGP communities
Regular expressions
Load balancing - multipath, multihop, forwarding table
NLRI families - inet, inet6
Advanced BGP options
Given a scenario, demonstrate knowledge of how to configure and monitor BGP
Implement BGP routing policy

IP Multicast
Describe the concepts, operation and functionality of IP multicast
Components of IP multicast, including multicast addressing
IP multicast traffic flow
Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
RPF - concept and operation
IGMP, IGMP snooping
PIM dense-mode and sparse-mode
Rendezvous point (RP) - concept, operation, discovery, election
SSM - requirements, benefits, address ranges
Anycast RP
MSDP
Routing policy and scoping
Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM and PIM-SM (including SSM)
Implement IP multicast routing policy

Ethernet Switching and Spanning Tree
Describe the concepts, operation and functionality of advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Given a scenario, demonstrate knowledge of how to configure and monitor advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Describe the concepts, operation and functionality of advanced spanning tree protocols, including MSTP and VSTP
Given a scenario, demonstrate knowledge of how to configure and monitor MSTP and VSTP

Layer 2 Authentication and Access Control
Describe the operation of various Layer 2 authentication and access control features
Authentication process flow
802.1x - concepts and functionality
MAC RADIUS
Captive portal
Server fail fallback
Guest VLAN
Considerations when using multiple authentication/access control methods
Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

IP Telephony Features
Describe the concepts, operation and functionality of features that facilitate IP telephony deployments
Power over Ethernet (PoE)
LLDP and LLDP-MED
Voice VLAN
Given a scenario, demonstrated how to configure and monitor features used to support IP Telephony

Class of Service (CoS)
Describe the concepts, operation and functionality of Junos CoS for Layer 2/3 networks
CoS processing on Junos devices
CoS header fields
Forwarding classes
Classification
Packet loss priority
Policers
Schedulers
Drop profiles
Shaping
Rewrite rules
Given a scenario, demonstrate knowledge of how to configure and monitor CoS for Layer 2/3 networks

QUESTION 1
Which connection method do OSPF routers use to communicate with each other?

A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6

Answer: A

Explanation:

QUESTION 2
Which statement is true about default BGP route redistribution behavior?

A. IBGP-learned routes are advertised only to other IBGP peers.
B. EBGP-learned routes are redistributed into any IGPs.
C. EBGP-learned routes are advertised only to other EBGP peers.
D. EBGP-learned routes are advertised to other IBGP and EBGP peers.

Answer: D

Explanation:

QUESTION 3
In a PIM-SM network, which type of node helps to build a tree towards an unknown multicast
source?

A. DIS
B. RP
C. DR
D. BSR

Answer: B

Explanation:

QUESTION 4
Which statement is true about MVRP?

A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maps multiple independent spanning-tree instances onto one physical topology.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.

Answer: A

Explanation:

QUESTION 5
Which statement is true about LLDP?

A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maintains a separate spanning-tree instance for each VLAN.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.

Answer: D

Explanation:


Posted by at No comments:
Labels: , , , , , , ,

Tuesday 27 December 2016

JN0-532 FWV, Specialist (JNCIS -FWV)

JNCIS-FWV Exam Objectives (Exam: JN0-532)

VPNs
Identify IKE Phase 1/Phase2 negotiation sequence and proposals
Identify/differentiate IPSec standard elements (encapsulations, SA, SPI, etc.)
List steps for policy-based/route-based VPN configuration
Relate proxy-ID to VPN setup
Identify proper configuration for various hub/spoke configurations (policy, int. placement, etc.)
Identify NHTB requirements/configurations
Configure/verify AC-VPNs
Identify PKI components (certificates, CDL, etc.)
List steps for PKI implementation w/ VPNs
VPN Variations
Configure Dynamic Peer VPNs
Configure Transparent mode VPNs
Configure Overlapping Networks
Describe GRE applications/Configure GRE

Network Management
Configure local management (SSL, SSH, management restrictions).
Interpret internal counters and logs.
Configure SYSLOG.
Discuss logging levels.
Configure SNMP.

Troubleshooting with Debug/Snoop
Enable debug/snoop.
Set debug filters.
Set snoop filters.
Use get commands to validates/troubleshoot routing and policies.
Use debug output to identify routing and policy problems.
Use get commands to validate/troubleshoot address translation.
Use debug output to identify problems.
Use get commands to validate/troubleshoot VPN setup.

Traffic Management
Describe the bandwidth allocation process.
Describe queuing functionality.
List requirements/steps for configuring traffic management.

Virtual Systems
Define VSYS applications
Describe root vs. VSYS administration
Explain VSYS vs. root assignment of routes/NAT pools/etc.
Configure interface-based VSYS
Configure inter-VSYS communications, including NAT.
Use show/debug output to identify VSYS usage.
Configure VSYS resource allocation

NSRP
Distinguish active/passive and active/active.
Describe NSRP operations (HA link, session sync, master election, etc.)
Configure active/passive and active/active NSRP.
Validate NSRP operations.
Adjust operations (secondary link, failover settings).
Configure redundant interface.

Dynamic Routing/Routing over VPNs
Configure RIP over VPNs
Configure OSPF over VPNs
Configure/verify OSPF routing
Configure OSPF options
Configure/verify BGP
Configure redistribution/filters/route maps
Configure static routes incl. floating static routes
Configure/verify source routing
Configure/verify policy routing

Attack Prevention
Describe SCREEN functions
Describe/configure Deep Inspection
Describe/configure anti-virus functionality
Configure web filtering

Multicast
Configure/verify IGMP
Configure/verify PIM-SM

QUESTION 1
You have created a VPN to a dynamic peer. Which two configured parameters must match?
(Choose two.)

A. static side peer-id
B. dynamic side local-id
C. static side IP address
D. dynamic side IP address

Answer: A,B

QUESTION 2
Which three events would cause ScreenOS devices to generate SNMP traps? (Choose three.)

A. cold starts
B. traffic alarms
C. warm reboots
D. self log events
E. traffic log events

Answer: A,B,C

QUESTION 3
Which command shows the filter applied to snoop captures?

A. get snoop
B. snoop info
C. get ffilter
D. get ffilter ip-proto snoop

Answer: B
Posted by at No comments:
Labels: , , , , , , ,

Friday 23 December 2016

JN0-661 Service Provider Routing and Switching JNCIP-SP

JNCIP-SP Exam Objectives (Exam: JN0-661)

OSPF
Describe the concepts, operation and functionality of OSPFv2 or OSPFv3
OSPF area types and operations
LSA flooding through an OSPF multi-area network
DR/BDR operation
SPF algorithm
Metrics, including external metric types
Summarize and restrict routes
Virtual links
OSPFv2 vs OSPFv3
Given a scenario, demonstrate knowledge of how to configure or monitor single-area and multi-area OSPF
Implement OSPF routing policy

IS-IS
Describe the concepts, operation, or functionality of IS-IS
IS-IS areas/levels and operations
LSP flooding through an IS-IS multi-area network
DIS operation
SPF algorithm
Metrics, including wide metrics
Route summarization and route leaking
Given a scenario, demonstrate knowledge of how to configure or monitor single-area and multi-area IS-IS
Implement IS-IS routing policy

BGP
Describe the concepts, operation, or functionality of BGP
BGP route selection process
Next hop resolution
BGP attributes – concept and operation
BGP communities
Regular expressions
Multipath
Multihop
Load balancing
Advanced BGP options
BGP route damping
Multiprotocol BGP
Describe the concepts, operation or functionality of BGP scaling mechanisms
Route reflection
Confederations
Given a scenario, demonstrate knowledge of how to configure or monitor BGP
Implement BGP routing policy

Class of Service (CoS)
Describe the concepts, operation, or functionality of Junos CoS
CoS processing on Junos devices
CoS header fields
Forwarding classes
Classification
Packet loss priority
Policers, including tricolor marking and hierarchical policers
Schedulers
Drop profiles
Shaping
Rewrite rules
Hierarchical scheduling (H-CoS) characteristics (high-level only)
Given a scenario, demonstrate knowledge of how to configure or monitor CoS

IP Multicast
Describe the concepts, operation, or functionality of IP multicast
Components of IP multicast, including multicast addressing
IP multicast traffic flow
Any-Source Multicast (ASM) versus Source-Specific Multicast (SSM)
RPF – concept and operation
IGMP
PIM dense-mode and sparse-mode
Rendezvous point (RP) – concept, operation, discovery, election
SSM – requirements, benefits, address ranges
MSDP, including single and multi-PIM domains
Anycast RP
Routing policy and scoping
Given a scenario, demonstrate knowledge of how to configure or monitor IGMP, PIM-DM, PIM-SM (including SSM) and MSDP
Implement IP multicast routing policy

Advanced MPLS
Describe the concepts, operation, or functionality of MPLS
Routing table integration options for traffic engineering
Routing policy to control path selection
Advanced MPLS features
Administrative groups
Advanced CSPF options
Implement MPLS routing policy

Layer 3 VPNs
Describe the concepts, operation, or functionality of Layer 3 VPNs
Traffic flow – control and data planes
Full mesh vs. hub-and-spoke topology
VPN-IPv4 addressing
Route distinguishers
Route targets
Route distribution
Site of origin
Sham links
vrf-table-label
Layer 3 VPN scaling
IPv6 Layer 3 VPNs
Layer 3 VPN Internet access options
Given a scenario, demonstrate knowledge of how to configure or monitor the components of Layer 3 VPNs
Describe the concepts, operation or functionality of multicast VPNs
Next-generation MVPNs (NG-MVPN)
Flow of control and data traffic in an MVPN
Describe Junos support for carrier-of-carriers or interprovider VPN models

Layer 2 VPNs
Describe the concepts, operation, or functionality of BGP Layer 2 VPNs
Traffic flow – control and data planes
Forwarding tables
Connection mapping
Layer 2 VPN NLRI
Route distinguishers
Route targets
Layer 2 VPN scaling
Describe the concepts, operation, or functionality of LDP Layer 2 circuits
Traffic flow – control and data planes
Virtual circuit label
Layer 2 interworking
Describe the concepts, operation, or functionality of VPLS
Traffic flow – control and data planes
BGP VPLS label distribution
LDP VPLS label distribution
Route targets
VPLS Multihoming
Site IDs
Describe the concepts, operation, or functionality of EVPN
Traffic flow – control and data planes
MAC learning and distribution
EVPN Multihoming
BGP EVPN label distribution
Given a scenario, demonstrate knowledge of how to configure or monitor Layer 2 VPNs
BGP Layer 2 VPNs
LDP Layer 2 circuits
EVPNs
VPLS
QUESTION 1
Which OSPFv3 router ID is valid?

A. 192.168.1.1
B. ::192.168.1.1
C. 0.0.0.0
D. 2008:db8::1

Answer: A

Explanation

OSPFv3 Router IDs, Area IDs, and LSA link-state IDs remain at the OSPFv2 IPv4 size of 32 bits.
References: Network Configuration Example OSPF Version 3 for IPv6 Feature Guide, page 3

QUESTION 2
You are working with a new MPLS network that is using the default EXP classifier and default schedules.
A small amount of traffic is being placed in the assured
forwarding class. No other traffic is passing through the network at this time.
In this scenario, what happens to the traffic that is being placed in the assured forwarding class?

A. The traffic is reclassified to the best effort forwarding class and is forwarded.
B. The traffic remains in the assured forwarding class and is forwarded.
C. The traffic is reclassified to the network control forwarding class and is forwarded.
D. The traffic remains in the assured forwarding class and is dropped.

Answer: B

Explanation

References: https://www.juniper.net/documentation/en_US/junos15.1/topics/concept/forwarding-classes-default-cos-config-guide.html

QUESTION 3
You are connecting your OSPF router to your customer's RIP router and redistributing
the customer's routes into your OSPF domain. Your OSPF routes is part of an NSSA
and the ABR is injecting an OSPF default route, which you have advertised to your customer.
After committing the configuration, you notice a routing loop
between your OSPF router and the customer's RIP router.
Which action must you perform on your OSPF router to solve this problem?

A. Enable Type 7-to-Type 5 LSA conversion.
B. Set the customer-facing interface to passive.
C. Convert the area to a stub area.
D. Change the OSPF external route preference.

Answer: D

Explanation

Avoid routing loops by changing the OSPF external route preference.

Incorrect Answers:
A: If multiple NSSA ABR routers are present, it is recommended that not all ABRs perform
Type 7-to-5 translation to avoid routing loops.
B: We would have to make the interface on the RIP router, the customer router,
passive, not the customer-facing interface on the OSPF router.

Note: By default RIP broadcasts are sent from all interfaces. RIP allows us to control this behavior.
We can configure which interface should send RIP broadcast or
which not. Once we mark any interface as passive interface, RIP will stop sending updates from that interface.

References: https://www.juniper.net/documentation/en_US/junos15.1/topics/topic-map/ospf-stub-and-not-so-stubby-areas.html
QUESTION 4
A PE provides VLAN VPLS service to a CE attached with two links.
You want to prevent Layer 2 loops and provide link redundancy.
Which two actions will accomplish this task? (Choose two.)

A. Place both interfaces in a link aggregation group.
B. Configure different VLANs on each interface.
C. Configure all VLANs on both interfaces, on the PE, and on the CE.
D. Configure Spanning Tree Protocol between the PE and the CE.

Answer: B,D

Explanation

D: To prevent the formation of Layer 2 loops between the CE devices and the multihomed PE routers,
Juniper recommends that you employ the Spanning Tree
Protocol (STP) on your CE devices. Layer 2 loops can form due to inconfiguration.
Temporary Layer 2 loops can also form during convergence after a change in the network topology.

References: http://www.juniper.net/documentation/en_US/junos16.1/topics/topic-map/vpls-bgp-multihoming.html
Posted by at No comments:
Labels: , , , , , , ,

Saturday 3 December 2016

JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC)

JNCIS-AC Exam Objectives (Exam: JN0-314)

Overview
Identify the concepts, operation, and functionality of Junos Pulse Access Control Service
Junos Pulse Access Control Service components
Component functions and interaction
Identify the components of the access management framework
Interrelationship between realms, roles and policies

Platform Configuration
Demonstrate knowledge how to configure the basic elements of a Junos Pulse Access Control Service environment
Initial Junos Pulse Access Control Service configuration
Choosing the platform (e.g., virtual or physical)
Configure authentication servers
Connectivity verification

Roles
Identify the concepts, operation and functionality of roles
Purpose of roles
Role mapping
Customization of the end-user experience
Demonstrate knowledge of how to configure roles
Roles and role options

End User Access
Identify the Junos Pulse Access Control Service client access options
Junos Pulse
Odyssey Access Client (OAC)
Machine authentication and third party supplicant
Agentless access
Demonstrate knowledge of how to configure Junos Pulse Access Control Service clients
Junos Pulse
Odyssey Access Client (OAC)
Agentless access

Firewall Enforcement
Identify the concepts, operation and functionality of firewall enforcement
Purpose of resource policies
Resource policies for firewall enforcement
User-based firewall policies
Captive portal
Demonstrate knowledge of how to configure firewall enforcement
Junos Pulse Access Control Service configuration
SRX Series device configuration
User-based firewall policies
Captive portal

Layer 2 Enforcement
Identify the concepts, operation and functionality of Layer 2 enforcement techniques
802.1X security
RADIUS (related to 802.1X)
MAC authentication
Multiple supplicant authentication on EX Series devices
Demonstrate knowledge of how to configure Layer 2 enforcement
Junos Pulse Access Control Service configuration
EX Series device configuration
SRX Series device configuration

Endpoint Defense
Identify the concepts, operation and functionality of endpoint defense
Host Checker
Authentication policies and role restrictions
Demonstrate knowledge of how to configure endpoint defense
Host Checker
Authentication policies and role restrictions

Authentication Options
Identify the concepts, operation and functionality of user authentication
Authentication process
Authentication options
Demonstrate knowledge of how to configure authentication
Authentication servers including LDAP, RADIUS, AD/NT, anonymous
Authentication realms

Management and Troubleshooting
Demonstrate knowledge of how to manage and troubleshoot a Junos Pulse Access Control Service environment, including Junos Pulse Access Control Service and SRX Series devices
Logging (e.g., RADIUS logging, policy tracing)
System Monitoring
File Management
Information collection
Component connectivity
End user connectivity and enforcement

High Availability
Identify the concepts and requirements for high availability in a Junos Pulse Access Control Service environment
Clustering
Deployment options and considerations
Demonstrate knowledge of how to configure high availability
Junos Pulse Access Control Service configuration
SRX Series device configuration

Integration
Identify the concepts and requirements for Junos Pulse Access Control Service integration with other components
Integration with IF-MAP client
Integration with STRM
Integration with SRX Series devices
Integration with EX Series devices
Demonstrate knowledge of how to configure integration
IF-MAP federation
Syslog
QUESTION 1
A customer wants to create a custom Junos Pulse configuration. Which two are required?
(Choose two)

A. Connection set
B. Configuration set
C. Custom installer
D. Component set

Answer: A,D

Explanation:

QUESTION 2
What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?

A. Checkpoint firewall
B. SRX Series device
C. DP sensor
D. MX Series device

Answer: B

Explanation:

QUESTION 3
A customer is trying to decide which 802.1X inner protocol to use on their network. The customer
requires that no passwords be sent across the network in plain text, that the protocol be supported
by the Windows native supplicant, and that the protocol supports password changes at Layer 2.
Which protocol would meet the customer's needs?

A. EAP-TLS
B. EAP-MD5
C. PAP
D. EAP-MSCHAPv2

Answer: D

Explanation:

QUESTION 4
You navigate to "UAC" > "Infranet Enforcer" > "Auth Table Mapping" in the admin GUI. You see
one policy, which is the unmodified, original default policy.
Which statement is true?

A. Dynamic auth table mapping is not enabled.
B. A successful authentication attempt will result in a new authentication table entry, which will be
delivered only to the Junos enforcer protecting the network from which the user has authenticated.
C. To create a static auth table mapping, you must delete the default policy.
D. The default policy applies only to the factory-default role User.

Answer: A

Explanation:

QUESTION 5
You have a Junos Pulse Secure Access Service acting as an IF-MAP client, configured to federate
all user roles to a Junos Pulse Access Control Service acting as an IF-MAP Federation server. A
remote user using Junos Pulse logs in to the Junos Pulse Secure Access Service; the Junos
Pulse Secure Access Service provisions a remote access session for that user.
What happens next?

A. The Junos Pulse Secure Access Service redirects the user to the Junos Pulse Secure Access
Service for authentication
B. The Junos Pulse Access Control Service provisions enforcement points to enable resource
access for that user.
C. The Junos Pulse Secure Access Service publishes user session and role information to the IFMAP
Federation server,
D. The Junos Pulse Secure Access Service provisions enforcement points to enable resource
access for that user.

Answer: C

Explanation:



Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)