Juniper Networks Certified Associate Junos JNCIA-Junos (JNCIA-JUNOS) — Questions 76150

514 questions total · 7pages · All types, answers revealed

Page 1

Page 2 of 7

Page 3
76
MCQmedium

You are troubleshooting a network connectivity issue at a medium-sized company that uses Juniper EX4300 switches. Users in VLAN 100 (10.10.100.0/24) report that they cannot access a server in VLAN 200 (10.10.200.0/24). The switch has IRB interfaces configured for both VLANs and is acting as the default gateway. The IRB interfaces are up and have correct IP addresses. The server and users have correct IP configurations. 'show arp' on the switch shows incomplete entries for some hosts in VLAN 100. 'show ethernet-switching table' shows MAC addresses for users are present on the correct access ports. However, pings from the switch to a user in VLAN 100 fail. What is the most likely issue?

A.Spanning Tree Protocol is blocking the user ports.
B.A static MAC address entry for the server is missing.
C.The switch cannot resolve ARP requests because the user's host is not responding.
D.The IRB interface for VLAN 100 is not configured with a proxy ARP.
AnswerC

Incomplete ARP entries indicate the switch sent ARP requests but got no reply, possibly due to host firewall or misconfiguration.

Why this answer

The 'incomplete' entries in the 'show arp' output indicate that the switch sent ARP requests for hosts in VLAN 100 but received no replies. Since the switch is the default gateway, it must resolve the Layer 2 MAC address of each host to forward traffic. If a user's host is not responding to ARP (e.g., due to a firewall, misconfiguration, or the host being offline), the switch cannot complete the ARP cache entry, causing pings from the switch to fail and potentially disrupting inter-VLAN routing.

Exam trap

The trap here is that candidates may confuse a Layer 2 issue (like STP blocking or missing MAC entries) with a Layer 3 issue (ARP resolution failure), overlooking that 'incomplete' ARP entries directly point to a host not responding to ARP requests.

How to eliminate wrong answers

Option A is wrong because Spanning Tree Protocol (STP) blocking a port would prevent all traffic, including ARP replies, but the 'show ethernet-switching table' shows MAC addresses on the correct access ports, indicating STP is not blocking those ports. Option B is wrong because a missing static MAC address entry for the server would affect reachability to the server, not the switch's ability to ping a user in VLAN 100; the issue is with ARP resolution for local hosts, not the server. Option D is wrong because proxy ARP is used to allow hosts in one subnet to resolve MAC addresses for hosts in another subnet when the switch is not the default gateway; here, the switch is the default gateway with IRB interfaces, so proxy ARP is not required for the switch to resolve its own ARP requests.

77
MCQeasy

A Juniper device is running out of disk space on the /var partition. Which command can be used to check disk usage?

A.show system storage
B.show system disk-space
C.show system memory
D.show system resource
AnswerA

Displays filesystem usage including /var.

Why this answer

The correct command to check disk usage on a Juniper device is 'show system storage'. This command displays detailed information about disk partitions, including total, used, and available space, as well as the percentage of usage for each mounted filesystem, such as /var. It is the standard operational mode command for monitoring storage utilization in Junos OS.

Exam trap

The trap here is that candidates familiar with other operating systems might expect a command like 'show system disk-space' or confuse memory with storage, but Junos uses the specific phrase 'storage' for disk usage monitoring.

How to eliminate wrong answers

Option B is wrong because 'show system disk-space' is not a valid Junos command; the correct command uses 'storage' not 'disk-space'. Option C is wrong because 'show system memory' displays RAM and memory utilization, not disk storage. Option D is wrong because 'show system resource' shows system resource usage like CPU and memory, but does not provide disk partition or filesystem usage details.

78
Multi-Selectmedium

Which THREE factors influence OSPF neighbor adjacency formation? (Choose three.)

Select 3 answers
A.Area ID
B.Router ID
C.MTU mismatch
D.Hello and dead intervals
E.Authentication settings
AnswersA, D, E

Must match between neighbors.

Why this answer

OSPF neighbor adjacency formation requires that both routers agree on the Area ID, because the Area ID defines the logical segment of the OSPF domain and is included in OSPF Hello packets. If the Area ID does not match, the routers will not form an adjacency, as they would consider themselves in different OSPF areas.

Exam trap

The trap here is that candidates often confuse Router ID uniqueness (required for OSPF operation) with a matching requirement between neighbors, but Router ID only needs to be unique per router, not identical between peers.

79
MCQeasy

An administrator configures a static route to 192.168.2.0/24 with next-hop 10.0.0.1. The route does not appear in the routing table. What is the most likely cause?

A.The next-hop 10.0.0.1 is not reachable.
B.The static route has a higher preference than an existing dynamic route.
C.The configuration was not committed.
D.The prefix 192.168.2.0/24 already exists in the forwarding table.
AnswerA

A static route is only installed if the next-hop is reachable via an active route.

Why this answer

The correct answer is B. A static route requires a reachable next-hop to be installed. If the next-hop is not reachable (e.g., no active route to 10.0.0.1), the route is hidden.

Option A is incorrect because static routes have a low preference (5) and would override dynamic routes. Option C is incorrect because a commit would show an error if the configuration failed. Option D is incorrect because the route would be hidden, not in the forwarding table.

80
MCQeasy

A technician needs to display the contents of a configuration file stored on the device's hard disk. Which operational mode command should they use?

A.show configuration
B.file show
C.file list
D.view file
AnswerB

file show displays the contents of a specified file.

Why this answer

The 'file show' command in Junos operational mode is used to display the contents of a file stored on the device's hard disk, such as a configuration file. Unlike 'show configuration', which displays the active candidate or committed configuration, 'file show' reads the raw file from the filesystem, making it the correct choice for viewing a stored configuration file.

Exam trap

The trap here is that candidates often confuse 'show configuration' with viewing a file on disk, but 'show configuration' only shows the configuration from the system's operational database, not the raw file contents stored on the hard disk.

How to eliminate wrong answers

Option A is wrong because 'show configuration' displays the active or candidate configuration from the system's configuration database, not the raw contents of a file on the hard disk. Option C is wrong because 'file list' only lists the names of files in a directory, not their contents. Option D is wrong because 'view file' is not a valid Junos operational mode command; the correct syntax is 'file show'.

81
MCQmedium

Scenario: Your company has a Juniper SRX300 firewall used as a branch gateway. It runs Junos 15.1X49. The firewall has multiple security policies, NAT rules, and VPN tunnels. Recently, you added a new security policy to allow traffic from the internal network to a specific public server. After committing, you notice that the firewall is logging repeated denials for traffic that should be matched by the new policy. The policy appears correctly configured in the candidate configuration. You want to verify that the policy is actually active and check for any hidden rules that might be causing the issue. Which of the following is the most effective first step to troubleshoot this problem?

A.Roll back to the previous configuration to ensure the device is in a known state.
B.Run 'show configuration | display set | match policy' to verify the policy is present.
C.Run 'show security policies detail' and examine the policy order to see if a previous policy is denying the traffic.
D.Check the firewall logs with 'show log messages | match deny' to see which policy is denying.
AnswerC

This command displays all active security policies in sequence, helping identify ordering issues.

Why this answer

Option C is correct because the most common cause of traffic being denied despite a seemingly correct new policy is that a preceding policy in the security policy order matches the traffic and denies it before the new policy is evaluated. Junos security policies are evaluated in sequential order from top to bottom, and the first matching policy is applied. Running 'show security policies detail' displays the active policy order, including any hidden or default policies, allowing you to identify if a deny policy earlier in the list is intercepting the traffic.

Exam trap

The trap here is that candidates assume a correctly configured policy will automatically be applied, but Junos requires careful attention to policy order, and the exam tests whether you know to verify the active policy sequence rather than just the configuration syntax.

How to eliminate wrong answers

Option A is wrong because rolling back to a previous configuration is a disruptive step that does not help diagnose why the new policy is not being matched; it only reverts to an older state without revealing the policy order issue. Option B is wrong because 'show configuration | display set | match policy' only shows the candidate configuration, not the active policy order; the policy may be present in the configuration but still be overridden by a higher-priority deny policy in the active commit. Option D is wrong because checking logs with 'show log messages | match deny' can show that traffic is being denied, but it does not reveal which policy is responsible or the policy order; it only confirms the symptom, not the root cause.

82
MCQmedium

A network administrator has made several configuration changes and now wants to revert all uncommitted changes back to the last committed configuration. Which command should they use?

A.rollback 1
B.load override terminal
C.commit check
D.rollback 0
AnswerD

rollback 0 reverts to the most recent committed configuration.

Why this answer

The 'rollback 0' command reverts all uncommitted changes and restores the active configuration to the last committed configuration. In Junos, candidate configurations are stored in numbered rollback slots (0 being the most recent committed configuration), so 'rollback 0' discards any uncommitted edits and loads the last committed state.

Exam trap

The trap here is that candidates confuse 'rollback 0' with 'rollback 1', mistakenly thinking that 'rollback 1' reverts to the last committed configuration, when in fact 'rollback 0' is the correct slot for the most recent committed state.

How to eliminate wrong answers

Option A is wrong because 'rollback 1' loads the configuration from the second most recent committed configuration (rollback slot 1), not the last committed one, so it would revert to an older committed state rather than discarding uncommitted changes. Option B is wrong because 'load override terminal' replaces the entire candidate configuration with text entered via terminal, which is used for merging or replacing configurations, not for reverting uncommitted changes. Option C is wrong because 'commit check' validates the syntax and semantics of the candidate configuration without committing it, so it does not revert any changes.

83
Multi-Selectmedium

Which TWO statements about configuration groups are correct? (Choose two.)

Select 2 answers
A.The 'apply-groups' statement is only valid at the top level of the configuration.
B.Configuration groups can only contain interface-related configuration.
C.The 'apply-groups' statement can be used to apply only specific statements from a group.
D.Multiple groups can be applied, and the order of application determines priority.
E.Configuration groups are defined under the 'groups' hierarchy.
AnswersD, E

Groups are processed in order; later groups override earlier ones.

Why this answer

Option D is correct because when multiple configuration groups are applied, the order of the 'apply-groups' statements determines the priority: the last group listed has the highest priority and overrides conflicting settings from earlier groups. This allows administrators to layer configuration changes predictably, with more specific groups overriding more general ones.

Exam trap

The trap here is that candidates often assume 'apply-groups' is only valid at the top level (Option A) or that groups are limited to interfaces (Option B), when in fact Junos allows groups at any hierarchy level and for any configuration stanza.

84
MCQhard

A network administrator is trying to configure a firewall filter on a Juniper device. They enter configuration mode and type 'set firewall family inet filter BLOCK-ICMP term 1 from protocol icmp'. They then type 'set firewall family inet filter BLOCK-ICMP term 1 then reject'. After committing, they notice that ICMP traffic is not being blocked. They run 'show configuration firewall' and see the filter is present. They run 'show firewall filter BLOCK-ICMP' to see the counters and notice the packet count is zero. What is the most likely reason?

A.The protocol icmp is not correct; it should be 'icmp6'.
B.The filter is not applied to any interface.
C.The term 'then reject' should be 'then discard'.
D.The filter must be applied under the 'edit firewall' hierarchy.
AnswerB

A firewall filter must be applied to an interface to take effect.

Why this answer

Option B is correct because a firewall filter in Junos must be applied to an interface to take effect. Simply configuring the filter under the 'edit firewall' hierarchy does not activate it; the filter must be referenced with a 'family inet' statement under the interface configuration (e.g., 'set interfaces ge-0/0/0 unit 0 family inet filter input BLOCK-ICMP'). Without this application, the filter exists in the configuration but never processes traffic, resulting in zero packet counts.

Exam trap

The trap here is that candidates often assume configuring a firewall filter under the 'edit firewall' hierarchy automatically activates it, similar to Cisco IOS where ACLs are applied globally or to interfaces with separate commands, but Junos requires explicit interface application for the filter to process traffic.

How to eliminate wrong answers

Option A is wrong because 'protocol icmp' is correct for IPv4 ICMP; 'icmp6' is used for IPv6 ICMP, which is not relevant here. Option C is wrong because 'then reject' is a valid action that drops packets and sends an ICMP unreachable message; 'then discard' would also drop packets but without notification, and the issue is not about the action type. Option D is wrong because the 'edit firewall' hierarchy is the correct location for configuring firewall filters; the problem is the filter is not applied to an interface, not that it is configured in the wrong place.

85
Matchingmedium

Match each Junos routing protocol to its primary characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Link-state IGP using Dijkstra algorithm

Link-state IGP used in large ISPs

Path-vector EGP used for inter-AS routing

Distance-vector IGP using hop count

Manually configured route with next-hop

Why these pairings

These are common routing protocols and route types in Junos.

86
MCQhard

Refer to the exhibit. How many commits have been made on this device?

A.3
B.1
C.2
D.0
AnswerA

Three commits: IDs 0, 1, and 2.

Why this answer

The exhibit shows the output of the 'show system commit' command, which lists each commit made on the device. The output displays three entries, each with a unique commit number (0, 1, 2), indicating that three commits have been performed. Therefore, option A is correct.

Exam trap

The trap here is that candidates might misinterpret the commit IDs (0, 1, 2) as the number of commits, but they must remember that the count starts at 0, so the total number of commits is the highest ID plus one (3).

How to eliminate wrong answers

Option B is wrong because the output clearly shows three commit entries, not one; a single commit would show only one entry. Option C is wrong because there are three commits listed, not two; the commit numbers 0, 1, and 2 confirm three distinct commits. Option D is wrong because the output contains commit entries, proving that commits have been made; zero commits would result in an empty output or a message like 'No commits found.'

87
MCQmedium

An engineer observes that traffic destined to 203.0.113.0/24 is being load-balanced across two equal-cost paths via OSPF. The engineer wants to ensure that all traffic for this prefix uses only one path unless the primary path fails. Which configuration change should be made?

A.Configure a static route for 203.0.113.0/24 with a lower preference.
B.Set the OSPF metric on the backup interface to a higher value.
C.Use policy-options to set a higher preference for one of the paths.
D.Modify the load-balance configuration under forwarding-options.
AnswerB

Increasing metric on one interface makes it less preferred, so OSPF will use the lower metric path as primary.

Why this answer

Option B is correct because increasing the OSPF metric on the backup interface makes that path less preferred in the SPF calculation, breaking the equal-cost multipath (ECMP) condition. OSPF selects routes based on the lowest metric; by raising the metric on one interface, the engineer ensures only the lower-metric path is used for forwarding, with automatic failover to the backup path if the primary fails.

Exam trap

The trap here is that candidates mistakenly think modifying load-balancing or preference settings can break ECMP, but OSPF ECMP is solely determined by equal metric values; only changing the metric (or using a feature like per-packet load balancing) directly controls path selection.

How to eliminate wrong answers

Option A is wrong because configuring a static route with a lower preference (administrative distance) would override the OSPF-learned route entirely, but static routes do not dynamically fail over; they lack OSPF's link-state awareness and would require manual intervention or additional tracking to handle failures. Option C is wrong because policy-options can modify route preference (administrative distance) for OSPF routes, but preference is not used in OSPF's SPF metric-based path selection; changing preference would affect route selection among different protocols, not ECMP within OSPF. Option D is wrong because modifying the load-balance configuration under forwarding-options (e.g., `maximum-paths`) controls how many ECMP paths are used, but it does not break the equal-cost condition; if both paths have the same metric, OSPF will still install them as ECMP unless the metric is changed.

88
MCQmedium

A network engineer is configuring a new Juniper device. They intend to apply a firewall filter to an interface to only allow SSH traffic from a specific management subnet. Which configuration approach best follows Juniper best practices?

A.Define the filter under 'firewall family inet' and apply it under 'interfaces ge-0/0/0 unit 0 family inet filter input filter-name'
B.Define the filter under 'firewall family inet' and apply it under 'interfaces lo0 unit 0 family inet filter input filter-name'
C.Define the filter under 'firewall family inet' and apply it under 'interfaces ge-0/0/0 unit 0 family inet input'
D.Define the filter under 'firewall family any' and apply it under 'interfaces ge-0/0/0 unit 0 family any filter input'
AnswerA

This follows Juniper best practices for applying firewall filters.

Why this answer

Option A is correct because it follows Juniper best practices by defining the firewall filter under the `firewall family inet` hierarchy (which is the standard location for IPv4 filters) and applying it as an input filter on the physical interface `ge-0/0/0 unit 0 family inet`. This configuration ensures that only SSH traffic from the specified management subnet is permitted inbound on that interface, while all other traffic is dropped by default (since firewall filters in Junos have an implicit deny at the end).

Exam trap

The trap here is that candidates often confuse the loopback interface (`lo0`) with a physical interface for applying filters, or they misremember the Junos CLI syntax by omitting the `filter` keyword or using an invalid family like `any`.

How to eliminate wrong answers

Option B is wrong because applying the filter to the loopback interface `lo0` would filter traffic destined to the device itself (e.g., management traffic), not traffic transiting the physical interface `ge-0/0/0`; the question specifies filtering traffic on a specific interface, not the loopback. Option C is wrong because the syntax `family inet input` is incomplete — the correct Junos CLI syntax requires the keyword `filter` before the filter name (i.e., `family inet filter input filter-name`); omitting `filter` would cause a commit error. Option D is wrong because `family any` is not a valid family type for firewall filters in Junos; filters must be defined under a specific address family (e.g., `inet` for IPv4, `inet6` for IPv6) and applied under the corresponding family on the interface.

89
MCQhard

Refer to the exhibit. Based on the log output, what is the most likely issue with interface ge-0/0/1?

A.Interface is experiencing flapping
B.Interface is up and stable
C.Interface is administratively down
D.Interface is configured incorrectly
AnswerA

Repeated up/down events indicate flapping.

Why this answer

The log output shows repeated 'link UP' and 'link DOWN' events for interface ge-0/0/1 within a short time window, which is the classic symptom of interface flapping. Flapping typically occurs due to physical layer issues such as faulty cables, damaged transceivers, or marginal signal integrity, causing the interface to continuously transition between up and down states.

Exam trap

The trap here is that candidates may assume any interface issue is configuration-related (Option D) or that a single 'link UP' message means the interface is stable (Option B), but the repeated pattern of alternating UP/DOWN events is the definitive indicator of flapping.

How to eliminate wrong answers

Option B is wrong because the log clearly shows the interface is not stable; it is oscillating between up and down states, which contradicts the definition of a stable interface. Option C is wrong because an administratively down interface would show a 'administratively down' status in the log, not repeated link transitions; the interface is actively trying to come up. Option D is wrong because while configuration errors can cause operational issues, the specific pattern of rapid link state changes points to a physical or Layer 1 problem, not a configuration mistake like incorrect VLAN or IP settings.

90
MCQmedium

A network engineer is troubleshooting a reachability issue between two directly connected routers. Both routers have IP addresses configured on their interfaces and the interfaces are up. Which command would the engineer use to verify the routing table entry for the remote network?

A.show route
B.show interfaces terse
C.show configuration interfaces
D.show arp
AnswerA

Displays the routing table, including directly connected and learned routes.

Why this answer

The 'show route' command displays the routing table, which contains all active routes learned via static configuration, direct connections, or dynamic routing protocols. To verify the routing table entry for a specific remote network, this command shows the next-hop IP address, interface, and route preference/metric, directly confirming whether the remote network is reachable.

Exam trap

The trap here is that candidates confuse verifying interface configuration or ARP entries with verifying routing table entries, assuming that if interfaces are up and IPs are configured, the route must exist, but the routing table must be explicitly checked to confirm the remote network is reachable.

How to eliminate wrong answers

Option B is wrong because 'show interfaces terse' displays interface status and IP addresses but does not show routing table entries or reachability to remote networks. Option C is wrong because 'show configuration interfaces' displays the configured interface settings (like IP addresses and VLANs) but not the active routing table or learned routes. Option D is wrong because 'show arp' displays the ARP cache, which maps IP addresses to MAC addresses for directly connected neighbors, but does not show routing table entries for remote networks.

91
MCQmedium

A network administrator configures the following: `set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1`. After committing, the administrator notices that the default route is not active. What could be the reason?

A.The route preference is set to 170.
B.The route is not exported into the forwarding table.
C.The next-hop 192.168.1.1 is not reachable.
D.The router already has a default route learned via DHCP.
AnswerC

If the next-hop is not in the routing table, the static route is not active.

Why this answer

Option D is correct because the next-hop address may not be reachable. Option A is wrong because if a DHCP default route existed, the static route would be preferred due to lower preference. Option B is wrong since a higher preference number makes a route less preferred, but the route would still be active if it's the only route.

Option C is wrong because static routes are automatically placed in the forwarding table if active.

92
MCQmedium

You are troubleshooting an OSPF adjacency issue between two Juniper MX series routers, R1 and R2, both running Junos 18.2. They are directly connected via a Gigabit Ethernet link. R1's interface ge-0/0/0 is configured with IP 192.168.1.1/24, and R2's ge-0/0/0 is configured with IP 192.168.1.2/24. Both interfaces are in OSPF area 0.0.0.0. The physical connectivity is confirmed up, and both interfaces are administratively enabled. You have checked that the hello and dead intervals match (hello 10, dead 40), the area IDs are identical, and the subnet masks are /24. No firewall filters are blocking OSPF. The OSPF configuration on R1 includes 'authentication-type md5' and 'authentication-key juniper123' under the interface. On R2, the configuration also includes 'authentication-type md5' but the key is 'juniper321'. Both routers have loopback addresses as router IDs: 1.1.1.1 for R1 and 2.2.2.2 for R2. No explicit OSPF network type is set, so the default is broadcast. Despite these configurations, the OSPF adjacency state on both routers remains in INIT. What is the most likely cause of this issue?

A.The interface MTU size is mismatched.
B.The OSPF network type is mismatched.
C.The OSPF authentication keys do not match.
D.The router IDs are not properly configured.
AnswerC

MD5 authentication requires matching keys on both routers. Since the keys differ, R1 will not accept R2's hello packets and vice versa, causing the adjacency to remain stuck in INIT.

Why this answer

Option C is correct because OSPF authentication keys must match exactly for the adjacency to form. R1 uses key 'juniper123' while R2 uses 'juniper321', causing the MD5 digest computed on each Hello packet to differ. Since OSPF authentication is validated per-packet, mismatched keys prevent the routers from moving past the INIT state.

Exam trap

The trap here is that candidates often overlook authentication key consistency because they focus on matching hello/dead intervals and area IDs, assuming authentication is correctly configured if the type matches.

How to eliminate wrong answers

Option A is wrong because an MTU mismatch would typically cause the adjacency to stall in EXSTART/EXCHANGE state, not INIT, and both interfaces are Gigabit Ethernet with default MTU 1500. Option B is wrong because both interfaces use the default OSPF network type 'broadcast' (no explicit type set), so there is no mismatch. Option D is wrong because the router IDs (1.1.1.1 and 2.2.2.2) are valid and properly configured; mismatched router IDs do not prevent the INIT state, as OSPF uses router IDs only after the 2-Way state.

93
Drag & Dropmedium

Arrange the steps to configure OSPF on a Junos router in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

OSPF requires a router ID and interfaces assigned to areas. Verification shows neighbor relationships.

94
MCQmedium

A junior engineer is troubleshooting connectivity issues and wants to trace the path packets take to a remote destination. Which Junos command should be used?

A.monitor traffic
B.show route
C.traceroute
D.ping
AnswerC

Displays the route packets take to a destination, hop by hop.

Why this answer

Option C is correct because the 'traceroute' command in Junos is specifically designed to trace the path packets take to a remote destination by sending UDP probes with increasing TTL values and analyzing ICMP Time Exceeded messages from intermediate routers. This directly addresses the junior engineer's need to map the Layer 3 path and identify where connectivity failures occur.

Exam trap

The trap here is that candidates often confuse 'ping' (which tests reachability) with 'traceroute' (which traces the path), leading them to select Option D when the question explicitly asks for path tracing rather than simple connectivity testing.

How to eliminate wrong answers

Option A is wrong because 'monitor traffic' is used for real-time packet capture and analysis on an interface, not for tracing the path to a remote destination. Option B is wrong because 'show route' displays the routing table entries on the local device, showing how the local router would forward packets, but it does not actively trace the path taken by packets across multiple hops. Option D is wrong because 'ping' tests reachability and measures round-trip time to a destination, but it does not provide hop-by-hop path information or identify intermediate routers.

95
MCQhard

Scenario: Your company has a Juniper MX Series router at a branch office running Junos 18.4. The device has been in production for two years with a stable configuration. Yesterday, a senior engineer made several changes to the OSPF configuration to optimize routing for a new link. They committed the changes and left for the day. This morning, the branch office experiences intermittent connectivity, and the OSPF neighbor relationships are flapping. You suspect the recent OSPF changes caused the issue. You have remote console access to the router. The goal is to restore network stability as quickly as possible while preserving the ability to re-apply the changes after troubleshooting. Which course of action should you take?

A.Use 'deactivate protocols ospf' to disable OSPF entirely and then manually re-enable pieces.
B.Immediately delete the OSPF configuration sections that were changed and re-add the original settings manually.
C.Use 'rollback 1' to revert to the configuration before the changes, then 'commit confirmed 10' to verify stability.
D.Perform a 'load factory-default' and 'commit' to reset the device to base settings, then reconfigure from backup.
AnswerC

Rollback to the previous commit (1) and commit confirmed provides quick restoration with safety.

Why this answer

Option C is correct because 'rollback 1' reverts the active configuration to the previous committed version (before the problematic OSPF changes), and 'commit confirmed 10' applies that rollback with a 10-minute confirmation timer. If connectivity stabilizes, the rollback becomes permanent; if not, the router automatically reverts to the previous configuration, ensuring no prolonged outage. This approach restores stability quickly while preserving the ability to later re-apply and test the OSPF changes in a controlled manner.

Exam trap

The trap here is that candidates may choose Option A (deactivate OSPF) thinking it is a quick fix, but they overlook that deactivating the entire protocol causes a complete routing disruption, whereas 'rollback' with 'commit confirmed' is the precise, safe, and reversible method Junos provides for this exact scenario.

How to eliminate wrong answers

Option A is wrong because 'deactivate protocols ospf' disables the entire OSPF process, which would drop all OSPF adjacencies and potentially cause a complete routing blackout, not just intermittent flapping, and it does not preserve the changed configuration for later re-application. Option B is wrong because manually deleting and re-adding configuration sections is error-prone, time-consuming, and does not leverage Junos's built-in rollback capability, which is the fastest and safest method to revert to a known-good state. Option D is wrong because 'load factory-default' resets the entire device to factory settings, wiping all configurations, including interfaces, security policies, and routing protocols, which would cause a total outage and require full reconfiguration from backup, far exceeding the goal of quickly restoring stability.

96
MCQmedium

Refer to the exhibit. An administrator sees the following configuration output. What is the purpose of the 'description' statement in this context?

A.It sets the SNMP ifAlias to the interface's MAC address.
B.It sets the administrative comment visible in the config.
C.It sets the interface description visible in 'show interfaces description'.
D.It sets the interface's syslog tag.
AnswerC

Correct; the description appears in the output of 'show interfaces description' and sets the ifAlias SNMP object.

Why this answer

In Junos, the 'description' statement under an interface configuration sets a text string that is displayed in the output of 'show interfaces description'. This is the standard way to provide a human-readable label for the interface, such as 'Link to Core Router A'. It does not affect SNMP, administrative comments, or syslog tags.

Exam trap

The trap here is that candidates often confuse the 'description' statement with the SNMP ifAlias or administrative comments, assuming they serve the same purpose as in other vendors' syntax, but Junos explicitly separates these functions.

How to eliminate wrong answers

Option A is wrong because the SNMP ifAlias is set by the 'snmp ifAlias' statement, not by the 'description' statement; the description does not automatically populate the MAC address. Option B is wrong because the 'description' statement is not an administrative comment; administrative comments in Junos are added using the 'annotate' command or inline comments with '/* ... */'. Option D is wrong because the 'description' statement does not set a syslog tag; syslog tags are configured under the 'syslog' hierarchy or via structured syslog messages.

97
MCQhard

An administrator observes that the router's CPU utilization is consistently high. Which command helps identify which process is consuming the most CPU?

A.show log messages
B.show system resource
C.show chassis routing-engine
D.show system processes extensive
AnswerD

Shows CPU usage per process.

Why this answer

Option D, 'show system processes extensive', is correct because it displays detailed CPU utilization statistics for each running process on a Junos device, including the percentage of CPU time consumed. This allows the administrator to identify which specific process (e.g., routing protocol daemon, SNMP, or management process) is causing the high CPU load, enabling targeted troubleshooting.

Exam trap

The trap here is that candidates often confuse 'show chassis routing-engine' (which shows aggregate CPU load) with process-level CPU breakdown, leading them to choose option C, but only 'show system processes extensive' provides the per-process detail needed to pinpoint the culprit.

How to eliminate wrong answers

Option A is wrong because 'show log messages' displays system log entries (syslog messages) and does not provide real-time CPU utilization per process; it is used for reviewing events and errors, not for process-level CPU monitoring. Option B is wrong because 'show system resource' shows overall system resource usage (memory, CPU, and storage) but does not break down CPU usage by individual process; it gives a high-level summary, not per-process granularity. Option C is wrong because 'show chassis routing-engine' displays the status and resource utilization of the Routing Engine (RE), including CPU load average, but it does not list individual processes; it shows aggregate RE health, not process-specific CPU consumption.

98
MCQeasy

What is the primary function of the fxp0 interface on a Juniper device?

A.Internal routing
B.Management interface
C.Loopback testing
D.Data plane forwarding
AnswerB

B is correct; fxp0 is for management.

Why this answer

The fxp0 interface is a dedicated out-of-band management Ethernet port on Juniper devices, used exclusively for management traffic such as SSH, SNMP, and syslog. It is separate from the data plane and control plane forwarding interfaces, ensuring administrative access remains available even if the routing or forwarding planes are disrupted.

Exam trap

The trap here is confusing fxp0 with loopback (lo0) or internal RE interfaces, leading candidates to incorrectly select internal routing or loopback testing, when in fact fxp0 is solely for out-of-band management.

How to eliminate wrong answers

Option A is wrong because internal routing between REs or between RE and PFE uses the internal fxp1 or fxp2 interfaces, not fxp0. Option C is wrong because loopback testing is performed on the lo0 interface, which provides a stable IP address for the router and is used for protocols like OSPF and BGP, not for management access. Option D is wrong because data plane forwarding is handled by network interfaces (e.g., ge-, xe-, et-) and the Packet Forwarding Engine (PFE), while fxp0 is strictly an out-of-band management interface that does not participate in forwarding transit traffic.

99
Multi-Selecthard

Which THREE commands are valid in Junos operational mode? (Choose three.)

Select 3 answers
A.show interfaces terse
B.set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/24
C.commit and-quit
D.ping 10.0.0.1 count 5
E.request system software add /var/tmp/junos-install.tgz
AnswersA, D, E

This is an operational mode command.

Why this answer

Option A is correct because 'show interfaces terse' is a valid operational mode command that displays a concise summary of interface status and configuration. Operational mode in Junos is used for monitoring, troubleshooting, and viewing the current state of the device, and 'show' commands are the primary tools for this purpose.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly think 'set' commands are valid in operational mode, or that 'commit and-quit' is a valid shortcut, when in Junos, operational mode only supports 'show', 'ping', 'traceroute', 'request', and other monitoring commands, while configuration changes require explicit entry into configuration mode.

100
MCQeasy

An engineer needs to check the current system uptime on a Juniper device running Junos OS. Which command should they use?

A.show system status
B.show system health
C.show system resources
D.show system uptime
AnswerD

Correct command to view system uptime.

Why this answer

The correct command to check current system uptime on a Juniper device running Junos OS is 'show system uptime'. This command displays the time since the system was last booted, as well as the current time and the time since the routing protocol process (rpd) started. It is the standard operational command for this specific metric.

Exam trap

The trap here is that candidates may confuse 'show system uptime' with similar-sounding commands from other vendors (like Cisco's 'show version' or 'show system status'), leading them to select a non-existent or incorrect Junos command.

How to eliminate wrong answers

Option A is wrong because 'show system status' is not a valid Junos command; the correct command for general system status information is 'show system information'. Option B is wrong because 'show system health' is not a valid Junos command; the correct command for hardware health monitoring is 'show chassis hardware' or 'show system health-monitor' (in newer releases). Option C is wrong because 'show system resources' displays CPU, memory, and filesystem utilization, not system uptime.

101
MCQmedium

Refer to the exhibit. The interface ge-0/0/0 is configured as shown, but the interface is operationally down. Which command would provide the most detailed information about the interface status and errors?

A.show interfaces ge-0/0/0
B.show configuration interfaces ge-0/0/0
C.show interfaces ge-0/0/0 terse
D.show interfaces ge-0/0/0 extensive
AnswerD

This provides the most detailed interface information, including errors.

Why this answer

Option C is correct because `show interfaces extensive` provides detailed operational status, including error counters, physical state, and protocol information. Option A only shows a brief summary. Option B shows basic information but not as detailed as extensive.

Option D shows the configuration, not operational status.

102
MCQmedium

An administrator wants to verify that BGP neighbors are established. Which command provides a summary of all BGP peer sessions?

A.show bgp neighbor
B.show bgp summary
C.show interfaces terse
D.show route protocol bgp
AnswerB

Provides a summary of BGP peer sessions.

Why this answer

The 'show bgp summary' command is correct because it provides a concise, one-line-per-peer overview of all BGP sessions, including the peer IP address, AS number, state (e.g., Established), and counters for prefixes received. This is the standard command in Junos for quickly verifying that all BGP neighbors are in the Established state without the detailed per-neighbor output.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'show ip bgp summary' but mistakenly choose 'show bgp neighbor' because they confuse the detailed neighbor output with a summary view, or they overlook that Junos uses 'show bgp summary' for the aggregated peer list.

How to eliminate wrong answers

Option A is wrong because 'show bgp neighbor' displays detailed per-neighbor information (including timers, capabilities, and NLRI details) for each BGP peer, not a summary table. Option C is wrong because 'show interfaces terse' lists interface status and configuration, not BGP peer session information. Option D is wrong because 'show route protocol bgp' displays the routing table entries learned via BGP, not the status of BGP peer sessions.

103
MCQmedium

A junior engineer accidentally enters 'set interfaces ge-0/0/0 unit 0 family inet address 192.0.2.1/24' in operational mode. What will happen?

A.An error message is displayed, and no changes are made.
B.The IP address is configured successfully.
C.The command is queued for later execution.
D.The CLI automatically switches to configuration mode.
AnswerA

set commands are invalid in operational mode, producing an error.

Why this answer

In Junos OS, the 'set' command is a configuration mode command used to modify the candidate configuration. When entered in operational mode (indicated by the '>' prompt), the CLI does not recognize it as a valid operational command. Junos will immediately display an error message such as 'unknown command' and make no changes to the running or candidate configuration.

Exam trap

The trap here is that candidates accustomed to Cisco IOS, where 'configure terminal' is not required for every command and some configuration commands can be entered from privileged EXEC mode, mistakenly assume Junos behaves similarly, leading them to expect the command to succeed or the CLI to auto-switch modes.

How to eliminate wrong answers

Option B is wrong because the command is not executed; Junos strictly separates operational and configuration modes, and 'set' is not a valid operational command. Option C is wrong because Junos does not queue configuration commands for later execution; it either rejects them immediately or, if in configuration mode, applies them to the candidate configuration. Option D is wrong because the CLI does not automatically switch modes; the engineer must explicitly enter configuration mode using the 'configure' command.

104
MCQeasy

A router has multiple equal-cost paths to the same destination. Which statement describes how Junos load balances traffic across these paths?

A.Junos uses per-flow load balancing based on source and destination IP and port.
B.Junos uses the route with the lowest next-hop IP.
C.Junos installs only one route and ignores the others.
D.Junos uses per-packet load balancing by default.
AnswerA

Junos defaults to per-flow load balancing using a hash of source and destination IP addresses and ports.

Why this answer

Junos uses per-flow load balancing by default based on source/destination IP and port. Option A (per-packet) is not default. Option B is false.

Option D is not the primary method for ECMP.

105
Multi-Selecthard

Which TWO statements are true about the 'commit confirmed' command? (Choose two.)

Select 2 answers
A.It is used to schedule a commit at a future time.
B.The default timeout is 10 minutes.
C.It saves the configuration to a file before applying.
D.The timeout can be set only in multiples of 5 minutes.
E.It requires a confirmation within the specified time to make the commit permanent.
AnswersB, E

The default timeout is 10 minutes if not specified.

Why this answer

Option B is correct because the default timeout for the 'commit confirmed' command in Junos is 10 minutes. If no confirmation commit is issued within that period, the system automatically rolls back to the previous configuration, ensuring network stability during remote changes.

Exam trap

The trap here is confusing 'commit confirmed' with 'commit at' (scheduling) or assuming the timeout is restricted to 5-minute increments, when in fact it accepts any integer minute value.

106
MCQmedium

After a configuration change, a router is not behaving as expected. The administrator wants to rollback to the previous configuration. Which command accomplishes this?

A.rollback 0
B.commit check
C.rollback 1
D.load override current
AnswerC

Reverts to the previous committed configuration.

Why this answer

Option C is correct because the 'rollback 1' command reverts the active configuration to the most recent committed configuration (the one before the latest commit). In JUNOS, the rollback command uses a numeric index where 0 is the current active configuration, 1 is the previous committed configuration, and higher numbers go further back. This allows the administrator to undo an unwanted configuration change without manually editing the configuration.

Exam trap

The trap here is that candidates familiar with Cisco IOS might think 'rollback 0' undoes the last change, but in JUNOS, rollback 0 refers to the current active configuration, not the previous one.

How to eliminate wrong answers

Option A is wrong because 'rollback 0' reverts to the current active configuration, which is effectively a no-op and does not undo any changes. Option B is wrong because 'commit check' only validates the syntax and semantics of the candidate configuration without committing it; it does not roll back to a previous configuration. Option D is wrong because 'load override current' is not a valid JUNOS command; the correct command to replace the candidate configuration with the current active configuration is 'load override terminal' or 'load override <filename>', but this does not roll back to a previous committed configuration.

107
Matchingmedium

Match each Junos operational command for monitoring to its output.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lists interfaces with status and IP addresses

Displays ARP table

Displays system log messages

Displays IPv4 unicast routing table

Continuously displays interface statistics

Why these pairings

These commands help monitor and troubleshoot the system.

108
MCQeasy

A network administrator is troubleshooting a missing route in the routing table. The route is learned via OSPF, and the OSPF neighbor adjacency is up. Which command would help determine if OSPF received the route?

A.show route protocol ospf
B.show ospf neighbor
C.show ospf database
D.show interface terse
AnswerC

This command shows LSAs in the OSPF database, including received routes.

Why this answer

The 'show ospf database' command displays LSAs received by OSPF, indicating if the route was received. Option A shows neighbors only. Option C shows only active routes.

Option D shows interface status.

109
Multi-Selectmedium

Which TWO statements are correct regarding the Junos OS configuration hierarchy?

Select 2 answers
A.The 'commit check' command applies the candidate configuration to the active configuration.
B.The 'load replace' command merges a configuration file into the candidate configuration.
C.The 'show | compare' command displays differences between the candidate and active configurations.
D.The 'rollback 0' command reverts the candidate configuration to the previous state.
E.The 'set' command is used to modify the candidate configuration.
AnswersC, E

'show | compare' shows how the candidate configuration differs from the active.

Why this answer

Option A is correct because the 'set' command modifies candidate configuration. Option D is correct because the 'show | compare' command displays differences between candidate and active. Option B is wrong because 'commit check' only validates syntax, it does not apply changes.

Option C is wrong because 'rollback 0' reverts to the most recently committed configuration, not the candidate. Option E is wrong because 'load replace' replaces the entire candidate configuration, not merges.

110
MCQeasy

You are managing a Juniper MX240 router at a small ISP. The router has been operating normally for months. This morning, a customer reports intermittent packet loss on their connection, which is served by interface ge-0/0/2. You SSH into the router and run 'show interfaces ge-0/0/2 extensive'. The output shows input errors increasing rapidly, including CRC errors and frame errors. The interface is up/up. You also notice that the interface statistics show a high number of carrier transitions. The cable connecting the router to the customer's CPE was recently replaced by the customer's technician. What is the most likely cause of the errors and the correct action to resolve the issue?

A.Clear the MAC address table on the router to fix possible MAC flapping issues.
B.Administer a 'shutdown' and 'no shutdown' on the interface to reset the line protocol.
C.Replace the cable with a known good one because CRC and frame errors indicate a physical layer problem such as a damaged cable or loose connector.
D.Change the interface speed and duplex settings to auto-negotiate because the errors are due to a mismatch between the router and CPE.
AnswerC

CRC/frame errors and carrier transitions point to physical layer issues; the recent cable change makes this likely.

Why this answer

CRC and frame errors increasing rapidly, combined with a high number of carrier transitions, are classic symptoms of a physical-layer issue. Since the cable was recently replaced by the customer's technician, the most likely cause is a faulty cable or a loose connector. Replacing the cable with a known good one directly addresses the physical layer problem, which is the root cause of these errors.

Exam trap

The trap here is that candidates may confuse CRC/frame errors with a speed/duplex mismatch (Option D) or think a simple interface reset (Option B) will fix the problem, when the rapid increase in carrier transitions and the recent cable replacement clearly indicate a physical cabling fault.

How to eliminate wrong answers

Option A is wrong because MAC address table clearing addresses MAC flapping, which is a Layer 2 issue unrelated to CRC/frame errors or carrier transitions. Option B is wrong because administratively resetting the interface (shutdown/no shutdown) would only temporarily clear counters and restart the line protocol, but it would not fix the underlying physical-layer problem causing the errors. Option D is wrong because while speed/duplex mismatch can cause errors, the presence of carrier transitions and the recent cable replacement strongly point to a physical cabling issue, not a negotiation mismatch; auto-negotiation is already the default on modern Juniper interfaces and would not resolve a faulty cable.

111
MCQhard

Refer to the exhibit. The OSPF neighbor adjacency repeatedly goes up and down on R1. What is a likely cause?

A.The physical link is flapping
B.MTU mismatch between the two routers
C.OSPF authentication is misconfigured
D.The routers are in different OSPF areas
AnswerB

MTU mismatch causes larger OSPF packets to be dropped, leading to neighbor down events.

Why this answer

An MTU mismatch between OSPF neighbors can cause the adjacency to flap because OSPF includes the interface MTU in the Database Description (DBD) packets. If the MTU values do not match, the receiving router will reject the DBD packet, preventing the exchange of LSAs and causing the neighbor state to reset. This is a common cause of repeated up/down OSPF adjacencies even when the physical link is stable.

Exam trap

The trap here is that candidates often assume physical link flapping (Option A) is the cause, but OSPF adjacency flapping can occur with a stable link due to Layer 3 mismatches like MTU, which is a subtle but classic JNCIA-JUNOS exam topic.

How to eliminate wrong answers

Option A is wrong because a physical link flapping would typically cause interface state changes and error counters to increment, but the question specifies the OSPF adjacency goes up and down while the physical link may remain stable; MTU mismatch can cause this without link flapping. Option C is wrong because if OSPF authentication were misconfigured, the adjacency would fail to form entirely or remain in a state like EXSTART/EXCHANGE, not repeatedly go up and down. Option D is wrong because OSPF routers in different areas cannot form a neighbor adjacency at all; they would remain stuck in the INIT or 2-WAY state, not repeatedly transition up and down.

112
Multi-Selectmedium

Which THREE factors are considered when Junos selects the active route among multiple routes to the same destination?

Select 3 answers
A.Metric
B.Route age
C.Interface bandwidth
D.Next-hop address
E.Preference
AnswersA, D, E

Metric is considered when preferences are equal.

Why this answer

Junos uses preference first; if equal, metric; if still equal, next-hop address as tie-breaker. Route age and interface bandwidth are not considered.

113
MCQhard

An engineer is designing a network with two routers connected via a serial link. The link should support multiple logical subinterfaces for different VLANs. Which encapsulation type must be used on the serial interface?

A.Ethernet
B.PPP
C.Frame Relay
D.HDLC
AnswerC

Frame Relay supports subinterfaces for multiple logical circuits.

Why this answer

Frame Relay is correct because it supports multiple logical subinterfaces (DLCIs) on a single serial link, allowing different VLANs to be mapped to separate virtual circuits. Unlike PPP or HDLC, Frame Relay inherently provides the ability to create point-to-point or multipoint subinterfaces for Layer 2 segmentation.

Exam trap

The trap here is that candidates often assume PPP or HDLC can support subinterfaces because they are common WAN encapsulations, but only Frame Relay (and newer technologies like VLAN tagging on Ethernet) provides the logical multiplexing required for multiple subinterfaces on a serial link.

How to eliminate wrong answers

Option A is wrong because Ethernet is a LAN encapsulation type, not used on serial WAN links; it operates over twisted-pair or fiber, not serial interfaces. Option B is wrong because PPP supports only a single network layer per interface and does not natively allow multiple logical subinterfaces for VLAN separation; it lacks the DLCI-based multiplexing of Frame Relay. Option D is wrong because HDLC is a simple point-to-point encapsulation with no support for subinterfaces or multiple logical channels; it treats the entire link as a single broadcast domain.

114
Multi-Selecthard

Which THREE commands are valid Junos operational mode commands for monitoring network diagnostics? (Choose three.)

Select 3 answers
A.traceroute
B.show configuration
C.monitor traffic
D.request system reboot
E.ping
AnswersA, C, E

Valid operational command for tracing packet paths.

Why this answer

Option A is correct because the 'traceroute' command in Junos operational mode sends a series of UDP packets with increasing TTL values to discover the path a packet takes to a destination, which is a standard network diagnostic tool. It is a valid operational mode command used for monitoring network connectivity and path analysis.

Exam trap

The trap here is that candidates often confuse operational mode commands with configuration or system administration commands, assuming any command that shows information is diagnostic, but Junos strictly separates operational (monitoring/diagnostic) commands from configuration and system control commands.

115
MCQmedium

When configuring a new Juniper router, an engineer needs to ensure that configuration changes are not automatically committed after a certain time if not explicitly confirmed. Which configuration parameter controls this?

A.commit check
B.commit at
C.commit synchronize
D.commit confirmed
AnswerD

Requires confirmation; otherwise rolled back after timeout.

Why this answer

The 'commit confirmed' command is used to apply a configuration change that will automatically roll back to the previous configuration if not explicitly confirmed within a specified time period (default 10 minutes). This ensures that changes are not permanently applied unless the engineer verifies them, preventing accidental lockout or misconfiguration.

Exam trap

The trap here is that candidates often confuse 'commit confirmed' with 'commit at' or 'commit synchronize', thinking any time-based or dual-RE feature provides automatic rollback, but only 'commit confirmed' enforces a confirmation window to prevent permanent unverified changes.

How to eliminate wrong answers

Option A is wrong because 'commit check' only validates the syntax and semantics of the candidate configuration without committing it; it does not provide any automatic rollback mechanism. Option B is wrong because 'commit at' schedules a commit to occur at a specific future time, but once committed, the change is permanent and not automatically reverted. Option C is wrong because 'commit synchronize' is used on a dual Routing Engine system to commit the configuration on both REs simultaneously; it does not involve a confirmation timeout or automatic rollback.

116
MCQhard

Refer to the exhibit. A security analyst sees repeated login failures from 10.0.0.2 for user1. Which Junos feature can be used to automatically block further login attempts from that IP?

A.Configure SSH to accept only public key authentication for user1.
B.Disable the user1 account.
C.Set the 'session-limit' for user1 to prevent multiple login attempts.
D.Apply a firewall filter to the loopback interface that polices SSH traffic.
AnswerD

A firewall filter with a policer can rate-limit SSH attempts from a source IP, effectively blocking after excessive failures.

Why this answer

Option D is correct because applying a firewall filter to the loopback interface (lo0) that polices SSH traffic can automatically block further login attempts from a specific IP address, such as 10.0.0.2. The loopback interface is the termination point for all control-plane traffic on a Junos device, including SSH sessions. By configuring a firewall filter with a policer that limits the rate of SSH packets from a source IP, excessive login failures can trigger the policer to drop subsequent packets, effectively blocking the attacker without manual intervention.

Exam trap

The trap here is that candidates often confuse control-plane policing (applied to lo0) with data-plane firewall filters applied to interfaces like ge-0/0/0, or mistakenly think that session limits or disabling accounts are automated responses to brute-force attacks.

How to eliminate wrong answers

Option A is wrong because configuring SSH to accept only public key authentication for user1 does not automatically block repeated login failures from 10.0.0.2; it only changes the authentication method, and failed public key attempts could still occur. Option B is wrong because disabling the user1 account is a manual, static action that does not automatically respond to repeated login failures from a specific IP; it also prevents legitimate access for that user. Option C is wrong because the 'session-limit' for user1 limits the number of concurrent sessions, not the rate of login attempts; it does not block repeated failed logins from a single IP address.

117
MCQmedium

A network engineer wants to view the OSPF log entries in real time. They type 'show log messages | match ospf' and get output, but it does not update. What should they do to see real-time updates of OSPF log entries?

A.Use 'monitor start messages | match ospf'
B.Use 'show log messages | tail'
C.Use 'monitor traffic interface ge-0/0/0'
D.Use 'request system syslog'
AnswerA

This command monitors the messages file in real time and filters for OSPF entries.

Why this answer

Option A is correct because the 'monitor start messages' command in Junos OS enables real-time streaming of syslog messages to the terminal, similar to 'tail -f' on a log file. Piping the output through '| match ospf' filters the live feed to show only OSPF-related entries. In contrast, 'show log messages' is a one-time snapshot that does not update automatically.

Exam trap

The trap here is that candidates familiar with Cisco IOS may confuse 'show log' (which in Cisco can be used with 'monitor' for real-time output) with Junos 'show log', which is static, and overlook the Junos-specific 'monitor start' command for live log streaming.

How to eliminate wrong answers

Option B is wrong because 'show log messages | tail' only displays the last few lines of the static log file and does not provide real-time updates; it is still a one-time command. Option C is wrong because 'monitor traffic interface ge-0/0/0' captures raw packet headers on the interface, not OSPF log entries from the syslog messages file. Option D is wrong because 'request system syslog' is used to configure syslog settings (e.g., remote logging) and does not display log entries in real time.

118
MCQeasy

A junior network administrator is setting up a Juniper MX router for the first time. After powering on the device, the administrator notices that the LED on the front panel blinks amber and the device does not complete the boot process. The console displays messages reporting file system errors. The administrator has no previous configuration changes and the device was shipped with factory defaults. Which action should the administrator take to resolve the boot issue?

A.Boot into single-user mode and run file system checks.
B.Perform a password recovery procedure to gain access.
C.Use the 'request system software add' command from the boot loader.
D.Reinstall the Junos OS using a USB flash drive with the software image.
AnswerA

Single-user mode allows access to the shell for maintenance tasks such as fsck to repair filesystem errors.

Why this answer

The amber blinking LED and file system errors indicate a corrupted file system, which is common on factory-default devices if the flash memory was not properly initialized. Booting into single-user mode (option A) allows the administrator to run 'fsck' (file system check) to repair the root file system without loading the full Junos OS, which is the standard recovery procedure for such boot failures.

Exam trap

The trap here is that candidates may confuse a boot failure due to file system corruption with a password issue or a need to reinstall the OS, but the amber LED and file system error messages point directly to a corrupted file system that can be repaired with fsck in single-user mode.

How to eliminate wrong answers

Option B is wrong because password recovery is used to reset login credentials, not to repair file system corruption; the device cannot boot, so password recovery is irrelevant. Option C is wrong because 'request system software add' is a Junos CLI command that requires a fully booted system, not the boot loader; the boot loader does not support this command. Option D is wrong because reinstalling Junos OS from a USB is a more drastic step that should only be taken if file system checks fail; it is not the first-line action for file system errors on a factory-default device.

119
MCQmedium

A technician needs to load a new configuration file that replaces only the specific hierarchy paths present in the file, leaving all other existing configuration unchanged. Which load statement is appropriate?

A.load replace
B.load set
C.load override
D.load merge
AnswerD

'load merge' adds or replaces only the configuration statements in the file, preserving all other existing configuration.

Why this answer

The 'load merge' command is correct because it merges the contents of the specified configuration file with the current candidate configuration, adding or updating only the hierarchy paths present in the file while preserving all other existing configuration. This matches the requirement to replace only specific hierarchy paths without affecting the rest of the configuration.

Exam trap

The trap here is that candidates often confuse 'load merge' with 'load replace' or 'load override', mistakenly thinking 'replace' means partial replacement, when in fact 'replace' replaces the entire candidate configuration, while 'merge' is the correct command for targeted, non-destructive updates.

How to eliminate wrong answers

Option A is wrong because 'load replace' replaces the entire candidate configuration with the contents of the file, not just specific hierarchy paths. Option B is wrong because 'load set' is used to load a set of configuration commands (in 'set' format) and applies them sequentially, which can add or modify paths but does not inherently restrict changes to only the paths in the file—it can also delete or override if the set commands include 'delete' statements. Option C is wrong because 'load override' completely replaces the entire candidate configuration with the file, discarding all existing configuration.

120
MCQeasy

Refer to the exhibit. An engineer wants to revert to the configuration from January 14. Which rollback number should they use?

A.load override 2
B.rollback 2
C.rollback 0
D.rollback 1
AnswerD

Rollback 1 corresponds to the second commit (Jan 14).

Why this answer

The rollback command in Junos reverts the candidate configuration to a previously committed configuration. The rollback numbers are indexed from 0 (the most recent commit) to 49 (the oldest). Since the engineer wants to revert to the configuration from January 14, and the most recent commit (rollback 0) is from January 15, rollback 1 corresponds to the January 14 configuration.

Therefore, option D is correct.

Exam trap

The trap here is that candidates often confuse rollback 0 with the current active configuration, but rollback 0 is actually the most recent commit, not the running configuration; they may also mistakenly think rollback 1 is the oldest, when in fact rollback 49 is the oldest saved configuration.

How to eliminate wrong answers

Option A is wrong because 'load override 2' is not a valid Junos command; the correct command is 'rollback 2' to load a previous configuration, and 'load override' is used to replace the candidate configuration with a file, not a rollback number. Option B is wrong because 'rollback 2' would revert to the configuration two commits before the most recent one, which would be from January 13, not January 14. Option C is wrong because 'rollback 0' reverts to the most recently committed configuration (January 15), which is not the desired date.

121
Multi-Selecthard

Which THREE are valid methods to reduce spanning-tree convergence time? (Choose three.)

Select 3 answers
A.Enabling loop guard on root ports
B.Enabling BPDU guard on access ports
C.Using RSTP instead of STP
D.Increasing the forward-delay timer
E.Enabling MAC address notification
AnswersA, B, C

Prevents loops due to unidirectional link failure.

Why this answer

Option A is correct because loop guard prevents alternate or root ports from becoming designated in the event of a BPDU loss, which avoids loops and the need for STP reconvergence. By stabilizing the port state, it indirectly reduces convergence time by preventing unnecessary topology changes.

Exam trap

The trap here is that candidates often confuse features that prevent loops or improve stability (like loop guard and BPDU guard) with features that directly speed up convergence, while missing that increasing timers does the opposite.

122
Multi-Selectmedium

An engineer needs to view the current operational state of the device, including system uptime, CPU load, and memory usage. Which two commands would provide this information? (Choose two.)

Select 2 answers
A.show system processes
B.show system uptime
C.show system storage
D.show system memory
E.show chassis hardware
AnswersB, D

Displays system uptime and load averages (CPU).

Why this answer

The 'show system uptime' command displays the system uptime, load averages, and current time, which directly provides the uptime and CPU load information. The 'show system memory' command shows memory usage statistics, including total, used, and available memory. Together, these two commands fulfill the requirement to view the current operational state including system uptime, CPU load, and memory usage.

Exam trap

The trap here is that candidates often confuse 'show system processes' with providing CPU load averages and memory totals, when in fact it only shows per-process statistics and not the aggregate system load or overall memory usage.

123
MCQhard

A network administrator wants to filter routes from being installed in the routing table based on certain criteria. Which Junos feature should be used?

A.Community list
B.Routing policy (import)
C.Prefix list
D.Firewall filter
AnswerB

Import policies can filter routes before they enter the routing table.

Why this answer

B is correct because a routing policy with an import term is the Junos mechanism to control which routes are accepted into the routing table from a routing protocol or a peer. By defining match conditions (e.g., prefix, community, AS path) and an action (accept or reject), the administrator can filter routes before they are installed. This is the standard Junos approach for route filtering at the routing table level.

Exam trap

The trap here is confusing a match condition (like a prefix list or community list) with the actual Junos feature that applies the filter (the routing policy), leading candidates to select a component rather than the complete mechanism.

How to eliminate wrong answers

Option A is wrong because a community list is a named set of BGP community values used as a match condition within a routing policy, not a standalone feature to filter routes from the routing table. Option C is wrong because a prefix list is a named list of prefixes used as a match condition within a routing policy, not a direct filtering mechanism for the routing table. Option D is wrong because a firewall filter operates on packets at the interface level (Layer 3/Layer 4), not on routing information or the routing table.

124
MCQeasy

You are a junior network engineer tasked with configuring a Juniper device for the first time. The device has just been powered on and you have console access. The device boots normally and shows the login prompt. There is no root password configured, but when you try to log in as root, you are prompted for a password. You do not have any previous configuration access. What should you do to gain access and begin configuring the device?

A.Contact support to obtain a password reset.
B.Press the space bar during boot, then type 'boot -s' at the loader prompt.
C.Use the default login root with no password by pressing Enter.
D.Press Ctrl+C during boot to enter recovery mode.
AnswerB

This boots into single-user mode without requiring a password.

Why this answer

Option B is correct because when a Juniper device has no root password set, the default behavior is to require a password at the login prompt, even if none was configured. To bypass this, you must interrupt the normal boot process by pressing the space bar during the boot sequence, then at the loader prompt type 'boot -s' to boot into single-user mode. Single-user mode grants root access without a password, allowing you to set a root password and proceed with configuration.

Exam trap

The trap here is that candidates assume a blank root password will work by default (Option C), similar to some older networking devices, but Junos explicitly requires a password even if none is configured, forcing the use of the single-user mode recovery procedure.

How to eliminate wrong answers

Option A is wrong because contacting support for a password reset is unnecessary; Juniper devices provide a built-in recovery mechanism via single-user mode that does not require external assistance. Option C is wrong because there is no default 'root with no password' login on Junos; even if no root password is configured, the system prompts for a password and will not accept a blank entry. Option D is wrong because pressing Ctrl+C during boot does not enter recovery mode; this key combination is typically used to abort a process or interrupt the bootloader in other systems, but on Junos it does not invoke single-user mode or password recovery.

125
MCQmedium

A network administrator accidentally deleted a vital part of the configuration while in configuration mode. They need to revert to the previous configuration without losing recent changes that are correct. Which action should they take?

A.deactivate
B.rollback 1
C.delete
D.rollback 0
AnswerB

Reverts to the configuration from the previous commit, discarding uncommitted changes.

Why this answer

Option B is correct because the 'rollback 1' command reverts the candidate configuration to the most recently committed configuration (the previous active configuration), while preserving any uncommitted changes that were made after the rollback. This allows the administrator to discard the accidental deletion and then manually re-apply only the correct recent changes before committing.

Exam trap

The trap here is that candidates often confuse 'rollback 0' (which reverts to the current active config, discarding all uncommitted changes) with 'rollback 1' (which reverts to the previous committed config, preserving uncommitted changes), leading them to choose option D instead of B.

How to eliminate wrong answers

Option A is wrong because 'deactivate' disables a configuration statement without removing it, but it does not revert the configuration to a previous state; it only suppresses the active effect of the specified statement. Option C is wrong because 'delete' removes configuration statements from the candidate configuration, which would worsen the situation by further deleting parts of the configuration. Option D is wrong because 'rollback 0' reverts to the current active configuration (the one that was last committed), which would discard all uncommitted changes, including any correct recent modifications the administrator wants to keep.

126
Multi-Selectmedium

Which TWO statements are true about the 'commit' operation in Junos?

Select 2 answers
A.The commit command validates the configuration syntax before applying it.
B.The commit command automatically saves the configuration to a file on the hard disk.
C.After a commit, the candidate configuration is replaced with the active configuration.
D.A commit can include a comment for documentation purposes.
E.A successful commit overwrites the rollback configurations.
AnswersA, D

Syntax validation is performed as part of the commit process.

Why this answer

Option A is correct because the 'commit' command in Junos performs a full syntax and consistency validation of the candidate configuration before applying it. If any errors are detected, the commit is aborted and the candidate configuration remains unchanged, ensuring the active configuration is never corrupted.

Exam trap

The trap here is that candidates often confuse the 'commit' operation with saving to persistent storage (like Cisco's 'copy running-config startup-config'), but in Junos, 'commit' only activates the configuration in memory and does not automatically write to a file; persistent storage requires an explicit save command.

127
Matchingmedium

Match each Junos software process to its role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Management daemon for CLI and configuration

Routing protocol daemon

Device control daemon for interface configuration

Chassis daemon for hardware monitoring

SNMP agent daemon

Why these pairings

These are key daemons in the Junos architecture.

128
Multi-Selecthard

Which TWO commands are used to install and remove software packages on a Junos device?

Select 2 answers
A.request system software delete
B.request system software rollback
C.show system software
D.request system reboot
E.request system software add
AnswersA, E

This command removes an installed software package.

Why this answer

The `request system software add` command is used to install a new software package on a Junos device, while `request system software delete` is used to remove an installed software package. These are the two primary operational mode commands for software lifecycle management in Junos OS.

Exam trap

The trap here is that candidates confuse `request system software rollback` with a removal command, but it actually reverts to a previous version without deleting the current package from the system.

129
MCQeasy

A network engineer wants to quickly restore the device to a known good configuration after a failed change. What is the recommended approach?

A.Use the 'request system configuration rescue save' command.
B.Use the 'rollback 0' command.
C.Use the 'rollback rescue' command.
D.Use the 'load override terminal' command.
AnswerC

Loads the previously saved rescue configuration.

Why this answer

Option C is correct because the 'rollback rescue' command restores the device to the rescue configuration, which is a known good configuration saved explicitly for recovery after a failed change. The rescue configuration is stored as a separate file and is not affected by normal commit operations, making it the recommended approach for quick restoration.

Exam trap

The trap here is that candidates confuse 'rollback rescue' with 'rollback 0', mistakenly thinking the most recent committed configuration is always a safe fallback, but 'rollback 0' includes the failed change if it was committed, whereas 'rollback rescue' restores a deliberately saved known good state.

How to eliminate wrong answers

Option A is wrong because 'request system configuration rescue save' is used to save the current active configuration as the rescue configuration, not to restore it; it is a save action, not a restore action. Option B is wrong because 'rollback 0' reverts to the most recently committed configuration, which may include the failed change if it was committed; it does not guarantee a known good state. Option D is wrong because 'load override terminal' is used to load a configuration from terminal input, overwriting the candidate configuration; it is not a quick restore mechanism and requires manual entry or pasting of configuration data.

130
MCQhard

A junior admin tries to commit a configuration but receives a 'commit error: syntax error' message. They suspect a missing closing brace. Which CLI command helps identify the exact line with the error?

A.commit check
B.rollback 0
C.load merge
D.show configuration
AnswerA

Validates the candidate configuration and reports syntax errors with exact line numbers.

Why this answer

The 'commit check' command validates the candidate configuration for syntax errors without committing it. When a syntax error like a missing closing brace is present, commit check outputs the exact line number and file where the error occurs, allowing the admin to locate and fix the issue before attempting a commit again.

Exam trap

The trap here is that candidates may confuse 'show configuration' with a validation tool, not realizing it only displays the configuration text without any syntax checking, whereas 'commit check' is the dedicated command for identifying syntax errors before commit.

How to eliminate wrong answers

Option B is wrong because 'rollback 0' reverts the candidate configuration to the last committed configuration, which does not help identify the syntax error line. Option C is wrong because 'load merge' is used to merge a configuration file into the candidate configuration, not to validate syntax or pinpoint errors. Option D is wrong because 'show configuration' displays the current candidate configuration but does not perform syntax validation or highlight error lines.

131
MCQeasy

Refer to the exhibit. What is the purpose of the 'family inet6' configuration on interface ge-0/0/0?

A.To enable both IPv4 and IPv6 on the interface.
B.To assign a global unicast IPv6 address to the interface.
C.To enable IPv6 ARP on the interface.
D.To assign a link-local IPv6 address to the interface.
AnswerB

The address 2001:db8::1/64 is a global unicast address configured under family inet6.

Why this answer

The 'family inet6' configuration on interface ge-0/0/0 enables IPv6 processing on that interface. Within the 'family inet6' hierarchy, you can assign a global unicast IPv6 address using the 'address' statement. Without 'family inet6', the interface cannot process IPv6 traffic or hold an IPv6 address, making option B correct.

Exam trap

The trap here is that candidates often assume 'family inet6' is needed to enable both IPv4 and IPv6, or that it is required for link-local addressing, when in fact link-local addresses are auto-generated and 'family inet6' alone does not enable IPv4.

How to eliminate wrong answers

Option A is wrong because 'family inet6' enables only IPv6; to enable both IPv4 and IPv6, you must configure both 'family inet' and 'family inet6' separately. Option C is wrong because IPv6 does not use ARP; it uses Neighbor Discovery Protocol (NDP) for address resolution, and there is no 'IPv6 ARP' feature. Option D is wrong because a link-local IPv6 address is automatically generated on any interface with 'family inet6' enabled, even without explicitly assigning one; the explicit 'address' statement under 'family inet6' is used for global unicast or unique local addresses, not for link-local.

132
Multi-Selectmedium

Which THREE of the following are valid commit options in Junos?

Select 3 answers
A.commit full
B.commit no-sync
C.commit synchronize
D.commit confirmed 10
E.commit check
AnswersC, D, E

Synchronizes configuration in a chassis cluster.

Why this answer

Option C is correct because 'commit synchronize' is a valid Junos commit option used on a dual Routing Engine (RE) system to apply the configuration changes to both REs simultaneously, ensuring configuration consistency across the chassis. This command is essential for high-availability setups where both REs must share the same active configuration.

Exam trap

The trap here is that candidates confuse the Junos 'commit synchronize' with Cisco's 'commit' behavior on dual-supervisor systems, where Cisco does not require an explicit synchronize keyword for configuration replication, leading to the mistaken belief that 'commit full' or 'commit no-sync' are valid Junos options.

133
Multi-Selectmedium

Which TWO statements about the 'commit' operation in Junos OS are correct?

Select 2 answers
A.It can be rolled back using the 'rollback 0' command.
B.It applies the candidate configuration to the active configuration.
C.It saves the configuration to the juniper.conf.gz file.
D.It automatically reboots the device if system changes are made.
E.It requires the configuration to be validated with 'commit check' first.
AnswersB, C

This is the primary function of commit.

Why this answer

Option B is correct because the 'commit' operation in Junos OS applies the candidate configuration to the active configuration, making the changes effective immediately. This is the fundamental purpose of the commit command, which activates the pending configuration changes stored in the candidate configuration database.

Exam trap

The trap here is that candidates often confuse 'rollback 0' with a commit rollback, not realizing that rollback operates on the candidate configuration before commit, while 'rollback 0' reverts to the last committed configuration in the candidate database, not undoing a commit that has already been applied.

134
MCQeasy

To monitor interface traffic in real-time, which operational command is most appropriate?

A.show interface traffic
B.request system reboot
C.show log
D.monitor interface
AnswerD

Provides real-time interface traffic updates.

Why this answer

The 'monitor interface' command in Junos provides real-time, continuous display of interface statistics and traffic counters, updating every second by default. This is the correct operational command for live traffic monitoring, as it refreshes the output dynamically without requiring manual re-entry.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly expect a 'show interface traffic' command (similar to 'show interfaces' with counters) and overlook the Junos-specific 'monitor interface' command for real-time updates.

How to eliminate wrong answers

Option A is wrong because 'show interface traffic' is not a valid Junos command; the correct static display command is 'show interfaces traffic' which shows a snapshot, not real-time updates. Option B is wrong because 'request system reboot' is used to reboot the device, not to monitor traffic, and would disrupt operations. Option C is wrong because 'show log' displays system log messages from files like messages or interactive-commands, which are not designed for real-time interface traffic monitoring and lack live counter updates.

135
Matchingmedium

Match each Junos configuration mode command to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Adds or modifies a configuration statement

Removes a configuration statement

Displays the current configuration

Activates the candidate configuration

Reverts to a previous configuration

Why these pairings

These are fundamental configuration mode commands in Junos.

136
Multi-Selecthard

Which THREE factors influence the selection of the active route in the Junos routing table when multiple routes exist for the same destination? (Choose three.)

Select 3 answers
A.Route preference (administrative distance).
B.The routing protocol from which the route originated.
C.Number of next-hops available for each route.
D.Metric value (if from the same routing protocol).
E.Bandwidth of the outgoing interface.
AnswersA, B, D

Lower preference is preferred.

Why this answer

Options B, C, and E are correct. B: Route preference (administrative distance) is the primary tiebreaker. C: Metric (e.g., OSPF cost) is considered after preference if routes are from the same protocol.

E: The route's source protocol (e.g., OSPF vs Static) determines default preference values. A is incorrect; the routing table does not consider interface bandwidth in route selection. D is incorrect; the number of next-hops is not a selection criterion; all equal-cost next-hops are used.

137
MCQmedium

Refer to the exhibit. If the primary next-hop (192.168.1.1) becomes unreachable, what will happen to the route?

A.The route is removed from the routing table.
B.The route remains but with the primary next-hop marked as unreachable.
C.The secondary next-hop (192.168.2.1) will be used.
D.The route becomes hidden.
AnswerC

When the primary is unreachable, the secondary next-hop with higher preference becomes active.

Why this answer

With qualified-next-hop configured with different preferences, the route uses the next-hop with the lowest preference (10) as primary. When that next-hop is unreachable, the route will use the next-hop with preference 20 as the active next-hop.

138
Multi-Selecteasy

Which TWO statements are true about the default route in JunOS? (Choose two.)

Select 2 answers
A.It has a prefix of 0.0.0.0/0
B.It can only be learned dynamically
C.Its default preference is 0
D.It can be added via a static route
E.It is always present in the routing table
AnswersA, D

The default route matches all destinations.

Why this answer

The default route has prefix 0.0.0.0/0 and can be configured as a static route. Options A and E are correct. Option B is incorrect because the default route is not always present.

Option C is incorrect because the default preference for a static default is 10, not 0. Option D is incorrect because the default route can be learned dynamically or statically.

139
MCQhard

A Juniper SRX300 firewall is deployed at a branch office. The firewall's disk space on /var is critically low, causing logs to stop writing and system performance degradation. You need to free up space quickly without deleting logs (they are required for compliance). Which action should you take?

A.Increase the /var partition size using LVM.
B.Enable log rotation with smaller retention to prevent future growth.
C.Move logs to an NFS mount using 'file copy' and delete local copies.
D.Compress old log files using 'request system storage compress'.
AnswerD

Compresses logs to reclaim space without deletion.

Why this answer

Option D is correct because the 'request system storage compress' command compresses inactive log files on the /var partition, freeing up disk space without deleting any logs. This preserves the logs for compliance requirements while immediately alleviating the low disk space condition. The command targets files that are not currently being written to, such as rotated or archived logs, and compresses them using gzip.

Exam trap

The trap here is that candidates may confuse 'compress' with 'delete' or think that log rotation alone solves the immediate space issue, but the question explicitly requires freeing space quickly without deleting logs, making compression the only viable option.

How to eliminate wrong answers

Option A is wrong because Juniper SRX300 devices do not use LVM (Logical Volume Manager); they use a fixed partition layout that cannot be dynamically resized without reinstalling the Junos OS. Option B is wrong because enabling log rotation with smaller retention prevents future growth but does not free up space already consumed; the question requires an immediate action to address the critically low disk space. Option C is wrong because 'file copy' is a shell command that copies files but does not automatically delete the source; manually moving logs to an NFS mount and deleting local copies is a multi-step process that risks data loss or incomplete cleanup, and Junos does not have a built-in 'move and delete' command for this purpose.

140
MCQmedium

Refer to the exhibit. What is the purpose of the 'unit 0' statement?

A.Enables IPv6.
B.Sets the MTU.
C.Defines a physical interface.
D.Defines a logical interface.
AnswerD

'unit' is used to create logical interfaces on a physical interface.

Why this answer

In Junos, the 'unit 0' statement is used to define a logical interface (also known as a subinterface) under a physical interface. Every physical interface must have at least one logical unit, and unit 0 is the default logical interface that carries Layer 3 configuration such as IP addresses. This is fundamental to Junos architecture, where all protocol configurations are applied at the logical unit level, not the physical interface level.

Exam trap

The trap here is that candidates familiar with Cisco IOS might assume 'unit 0' is a physical interface or a default MTU setting, but in Junos, the unit number always defines a logical interface, and physical interfaces are configured separately without a unit keyword.

How to eliminate wrong answers

Option A is wrong because 'unit 0' does not enable IPv6; IPv6 is enabled by configuring a family inet6 address under the logical unit, not by the unit number itself. Option B is wrong because the MTU is set using the 'mtu' statement at the physical interface level (e.g., 'set interfaces ge-0/0/0 mtu 1500'), not by the 'unit 0' statement. Option C is wrong because a physical interface is defined by the interface name (e.g., ge-0/0/0), not by the 'unit' statement; 'unit 0' creates a logical subinterface on top of that physical interface.

141
MCQmedium

A network administrator makes several changes to the configuration but decides to discard all uncommitted changes and start fresh. Which command should be used to revert the candidate configuration back to the current active configuration?

A.load override
B.rollback 0
C.commit check
D.rollback 1
AnswerB

rollback 0 discards uncommitted changes and sets the candidate configuration to match the current committed configuration.

Why this answer

The 'rollback 0' command reverts the candidate configuration to the currently active configuration, discarding all uncommitted changes. This is because Junos maintains a rollback database of the last 50 committed configurations, with index 0 always representing the active configuration. Using 'rollback 0' effectively resets the candidate configuration to match the active one, allowing the administrator to start fresh without affecting the running system.

Exam trap

The trap here is that candidates often confuse 'rollback 0' with 'rollback 1', mistakenly thinking that 'rollback 1' discards uncommitted changes, when in fact 'rollback 1' reverts to the previous committed configuration, which would undo the last commit and potentially cause service disruption.

How to eliminate wrong answers

Option A is wrong because 'load override' replaces the entire candidate configuration with the contents of a specified file, not with the current active configuration; it does not discard uncommitted changes by reverting to the active config. Option C is wrong because 'commit check' validates the syntax and semantics of the candidate configuration without committing it, and does not discard any changes. Option D is wrong because 'rollback 1' reverts to the previous committed configuration (the one before the most recent commit), not to the current active configuration; this would discard the last committed changes, not just uncommitted ones.

142
MCQmedium

A network is experiencing intermittent routing loops. The engineer discovers that routes are being redistributed from OSPF into BGP and then from BGP back into OSPF on different routers. What is the most effective way to prevent this?

A.Use a higher preference for BGP routes.
B.Configure route filters to prevent mutual redistribution.
C.Set a lower metric on OSPF routes.
D.Increase the OSPF cost on interfaces.
AnswerB

Route filters can block routes from being redistributed back into the originating protocol, breaking the loop.

Why this answer

Route filters prevent mutual redistribution, which is the root cause of routing loops. Options A, C, and D do not address the redistribution issue.

143
MCQeasy

A technician wants to view the system log messages in real time. Which command should they use?

A.show system log
B.monitor start messages
C.start shell
D.show log messages
AnswerB

Displays system log messages in real time.

Why this answer

The 'monitor start messages' command is used in Junos OS to display system log messages in real time as they are generated. This is the correct command for live monitoring of system events, similar to 'tail -f' on Unix systems.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'show log' or 'show logging' to provide real-time output, but in Junos, 'show log messages' only shows the static file, while 'monitor start messages' is the live tail command.

How to eliminate wrong answers

Option A is wrong because 'show system log' is not a valid Junos command; the correct command to view stored logs is 'show log messages'. Option C is wrong because 'start shell' drops the user into a Unix shell environment, not a real-time log viewer. Option D is wrong because 'show log messages' displays the current contents of the messages log file, but does not provide real-time updates; it shows a static snapshot.

144
MCQmedium

An administrator wants to save the current configuration as a rescue configuration. Which command sequence is correct?

A.copy configuration rescue
B.request system configuration rescue save
C.save rescue-config
D.commit rescue
AnswerB

This command saves the current active configuration as the rescue configuration.

Why this answer

The correct command sequence to save the current configuration as a rescue configuration in Junos is 'request system configuration rescue save'. This command stores a copy of the active configuration as a rescue configuration, which can be loaded later using 'request system configuration rescue recover' if the device becomes unreachable or the configuration is corrupted. The rescue configuration is stored in a special file (rescue.conf.gz) and is not overwritten by normal commits.

Exam trap

The trap here is that candidates may confuse the rescue configuration with a normal configuration backup or commit operation, leading them to choose 'copy configuration rescue' or 'commit rescue' instead of the correct 'request system configuration rescue save' command.

How to eliminate wrong answers

Option A is wrong because 'copy configuration rescue' is not a valid Junos command; Junos uses the 'request system configuration rescue' hierarchy for rescue operations, not a 'copy' command. Option C is wrong because 'save rescue-config' is not a valid Junos command; the correct syntax uses 'request system configuration rescue save', and 'save' alone is used for saving configurations to files, not for rescue-specific operations. Option D is wrong because 'commit rescue' does not exist; the 'commit' command applies changes to the active configuration, but rescue configuration is managed separately via the 'request system configuration rescue' commands.

145
MCQhard

A router receives two OSPF routes for 10.10.10.0/24: one intra-area with preference 10 and metric 1, and one external type 2 with preference 150 and metric 20. Which route is selected as active?

A.The external route because it is type 2
B.The intra-area route because it has a lower preference
C.The external route because it has a higher metric
D.The intra-area route because it has a lower metric
AnswerB

Preference 10 is lower than 150, so intra-area route is active.

Why this answer

The correct answer is D. Junos selects routes based on preference first. Intra-area OSPF has preference 10, while external OSPF has preference 150.

Since 10 < 150, the intra-area route is chosen regardless of metric. Options A, B, and C are incorrect because preference overrides metric and next-hop type.

146
Multi-Selectmedium

Which TWO statements are true about the 'show interfaces ge-0/0/0 extensive' command output?

Select 2 answers
A.It displays a detailed count of errors
B.It includes only layer 1 information
C.It provides traffic statistics
D.It shows the interface configuration
E.It indicates the administrative status
AnswersA, C

Extensive includes error counters.

Why this answer

The 'show interfaces ge-0/0/0 extensive' command in Junos OS provides a comprehensive view of the interface, including detailed error counters (e.g., CRC errors, frame errors, giants, runts) and traffic statistics (e.g., input/output bytes, packets, and rates). Option A is correct because the extensive output explicitly lists a detailed count of errors per interface, which is not available in the standard 'show interfaces' output. Option C is correct because traffic statistics such as unicast, multicast, and broadcast packets are included in the extensive output.

Exam trap

The trap here is that candidates often assume 'extensive' only adds more Layer 1 details, but it actually includes Layer 2 and Layer 3 operational data, and they may also confuse operational output with configuration commands.

147
Multi-Selecthard

Which THREE statements about the 'commit' command are correct?

Select 3 answers
A.The 'commit check' command validates the syntax of the candidate configuration.
B.The 'commit synchronize' command is used on a dual-RE system to commit on both REs.
C.The 'commit full' command activates the configuration without performing any validation.
D.The 'commit' command can only be issued when no other users are in configuration mode.
E.The 'commit confirmed 5' command will roll back the configuration after 5 minutes if not confirmed.
AnswersA, B, E

Correct.

Why this answer

Option A is correct because the 'commit check' command validates the syntax and semantics of the candidate configuration without activating it. This allows an administrator to verify that the configuration is valid before committing, preventing potential errors from being applied to the active configuration.

Exam trap

The trap here is that candidates often confuse 'commit full' with a validation-skipping command, when in fact it performs a more thorough validation, and they may incorrectly assume that multiple users cannot commit simultaneously in Junos, unlike some other network operating systems.

148
MCQhard

Refer to the exhibit. Why is the static route not active?

A.The static route has a high preference.
B.The outbound interface is not up.
C.The static route is not committed.
D.The next-hop address is not reachable in the routing table.
AnswerD

The show route command for 10.10.10.1 returns no output, indicating the next-hop is unknown.

Why this answer

Option A is correct because the static route's next-hop (10.10.10.1) is not present in the routing table. Option B is wrong because the preference is low (5). Option C is wrong because the interface is shown in the route entry, implying it is up.

Option D is wrong because the route is present, so it is committed.

149
MCQhard

A network engineer is troubleshooting a BGP routing issue. The router receives a route to 172.16.0.0/16 from two BGP peers with different local preferences. The route from peer A has local preference 200, and from peer B has local preference 100. The router selects the route from peer A. What is the next step in BGP path selection if the local preferences were equal?

A.Compare the MED.
B.Compare the AS path length.
C.Compare the IGP metric to the next-hop.
D.Compare the origin code.
AnswerB

After local preference, BGP selects the path with the shortest AS path.

Why this answer

Option D is correct because after local preference, BGP compares AS path length. Options A, B, and C are compared later in the BGP path selection process.

150
MCQmedium

You are a network engineer at a company that operates a pair of Juniper SRX firewalls in an active/passive cluster (Chassis Cluster). The cluster has been running Junos 15.1X49-D100 for over a year. Management has mandated an upgrade to a newer version to address security vulnerabilities. You follow the recommended upgrade procedure and successfully upgrade the primary node (node0) first, then failover to make node0 the backup, and upgrade the new primary (node1). After the upgrade, both nodes have the same version and appear to be in the cluster, but you notice that the backup node (node0) is stuck in 'ineligible' state and does not synchronize configuration changes. What is the most likely cause?

A.The cluster control link is down or misconfigured on the backup node
B.The backup node has not been configured with 'commit synchronize'
C.The 'set chassis cluster reth-count' statement is missing on the backup node
D.The 'monitor interface' configuration is causing a mis-match between nodes
AnswerA

An ineligible node typically indicates that the control link is not operational, preventing heartbeat exchange.

Why this answer

The backup node being stuck in 'ineligible' state after a chassis cluster upgrade indicates that the cluster control link (control port) is not functioning correctly. In a Juniper SRX active/passive cluster, the control link is used for heartbeat and cluster state synchronization; if it is down or misconfigured on the backup node, the node cannot participate in the cluster election process and remains ineligible. This is a common issue after upgrades if the control link interfaces are not properly re-established or if the cable is faulty.

Exam trap

The trap here is that candidates often confuse 'ineligible' state with configuration synchronization issues, leading them to choose 'commit synchronize' or other configuration-related options, when the root cause is actually a physical or logical connectivity problem on the control link.

How to eliminate wrong answers

Option B is wrong because 'commit synchronize' is a configuration command that ensures changes are automatically synchronized from the primary to the backup node, but it does not affect the node's eligibility state; the backup node can still be eligible without it. Option C is wrong because the 'set chassis cluster reth-count' statement defines the number of redundant Ethernet interfaces and is required for cluster operation, but its absence would cause a different issue (e.g., reth interfaces not working), not specifically the backup node being stuck in 'ineligible' state. Option D is wrong because 'monitor interface' configuration is used for interface monitoring to trigger failover, and a mismatch between nodes would cause a different problem (e.g., false failovers), not the backup node being stuck in 'ineligible' state.

Page 1

Page 2 of 7

Page 3

All pages