Juniper Networks Certified Associate Junos JNCIA-Junos (JNCIA-JUNOS) — Questions 151225

514 questions total · 7pages · All types, answers revealed

Page 2

Page 3 of 7

Page 4
151
MCQhard

A network administrator is troubleshooting a routing issue and wants to view the routing table for a specific routing instance called 'VPN-A'. Which command should they use?

A.show routing-table VPN-A
B.show route table VPN-A
C.show route instance VPN-A
D.show routing instance VPN-A route
AnswerB

Shows routes for the specified routing instance.

Why this answer

The correct command to view the routing table for a specific routing instance in Junos is 'show route table VPN-A'. This command displays the routes associated with the routing instance named 'VPN-A', which is essential for troubleshooting routing issues within that instance. The 'show route' command is the standard way to view routing tables, and specifying the 'table' keyword followed by the instance name targets the correct routing table.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'show ip route vrf VPN-A' and incorrectly apply similar syntax like 'show routing-table VPN-A' or 'show route instance VPN-A', not realizing Junos uses 'show route table <instance-name>' for the same purpose.

How to eliminate wrong answers

Option A is wrong because 'show routing-table VPN-A' is not a valid Junos command; the correct syntax uses 'show route table' not 'show routing-table'. Option C is wrong because 'show route instance VPN-A' is not a valid command; 'show route instance' does not exist, and the correct command to view routing instance details is 'show routing instance VPN-A', which shows configuration and status but not the routing table. Option D is wrong because 'show routing instance VPN-A route' is syntactically incorrect; the proper command to view the routing table for an instance is 'show route table VPN-A', not a combination of 'routing instance' and 'route'.

152
MCQmedium

An engineer needs to apply a configuration change to the Junos device that must survive a reboot. Which configuration mode command should be used to save the changes?

A.commit
B.commit confirmed
C.commit synchronize
D.commit check
AnswerA

'commit' saves the candidate configuration into the active configuration, which survives a reboot.

Why this answer

The 'commit' command is the standard way to apply a candidate configuration to the active configuration in Junos. When you issue 'commit', the changes are saved to the /config/juniper.conf.gz file, which is loaded upon reboot, ensuring the configuration survives a restart.

Exam trap

The trap here is that candidates may confuse 'commit' with 'commit confirmed', thinking the latter is required for persistence, but 'commit confirmed' is specifically designed for safe rollback during maintenance windows, not for permanent saves.

How to eliminate wrong answers

Option B is wrong because 'commit confirmed' temporarily activates the configuration but automatically rolls back to the previous configuration if not confirmed within the default 10-minute timeout, so it does not guarantee survival across a reboot unless explicitly confirmed. Option C is wrong because 'commit synchronize' is used in a chassis cluster to commit the configuration on both nodes simultaneously; it is not a general-purpose command for saving changes on a standalone device. Option D is wrong because 'commit check' only validates the syntax and semantics of the candidate configuration without applying or saving it, so no changes survive a reboot.

153
MCQeasy

A network administrator needs to view the current configuration but is only interested in the interfaces section. Which CLI command should they use?

A.show configuration interfaces
B.show configuration | display set
C.show interfaces
D.show configuration | match interfaces
AnswerA

Displays only the interfaces configuration block.

Why this answer

Option A is correct because the 'show configuration interfaces' command displays only the interfaces hierarchy from the active candidate configuration. This command directly filters the configuration output to the interfaces stanza, allowing the administrator to view interface-specific settings without extraneous configuration data.

Exam trap

The trap here is that candidates confuse operational commands (like 'show interfaces') with configuration commands (like 'show configuration interfaces'), or they overuse pipe filters like 'match' which can produce incomplete or misleading results due to partial line matches.

How to eliminate wrong answers

Option B is wrong because 'show configuration | display set' converts the entire configuration into a set of configuration mode commands, but it does not filter to show only the interfaces section; it outputs all configuration in set format. Option C is wrong because 'show interfaces' displays operational status and statistics for interfaces, not the configuration; it shows runtime state rather than the configured settings. Option D is wrong because 'show configuration | match interfaces' uses a pipe to grep for lines containing the word 'interfaces', which may include unrelated lines (e.g., references in firewall filters or routing options) and does not reliably isolate the full interfaces configuration block.

154
MCQeasy

A network administrator is configuring a new subnet for servers that must not communicate with each other directly but must be able to reach a default gateway. Which type of route should be configured on the servers?

A.Host route for the gateway
B.Default route pointing to the gateway
C.Dynamic route via OSPF
D.Static route to each other server
AnswerB

Standard for server default gateway configuration.

Why this answer

A default route (0.0.0.0/0) pointing to the gateway is correct because it allows servers to reach any external destination (including the gateway) without requiring explicit routes to each other. Since the servers must not communicate directly, they should not have routes to each other's subnets; the default route ensures all non-local traffic is forwarded to the gateway, which can then enforce isolation policies.

Exam trap

The trap here is that candidates often confuse a default route with a host route, thinking a specific route to the gateway is sufficient, but a default route is required to reach all external destinations beyond the local subnet.

How to eliminate wrong answers

Option A is wrong because a host route for the gateway (e.g., a /32 route to the gateway's IP) would only allow the server to reach that single IP address, not any other external destinations; it does not provide a path to the default gateway for general traffic. Option C is wrong because dynamic routing via OSPF would require the servers to participate in OSPF, which is unnecessary and complex for simple hosts; OSPF is designed for routers, not end devices, and would introduce overhead and potential security risks. Option D is wrong because a static route to each other server would explicitly allow direct communication between servers, violating the requirement that they must not communicate with each other directly.

155
MCQmedium

An engineer wants to roll back to the previous configuration without losing the current candidate changes. Which command should be used?

A.rollback 1
B.delete
C.rollback 0
D.commit check
AnswerA

A discards candidate and reverts to previous commit.

Why this answer

The `rollback 1` command reverts the candidate configuration to the most recently committed configuration (the previous commit), while preserving any uncommitted changes in the candidate configuration. This allows the engineer to undo the last commit without discarding current edits, which is exactly what the scenario requires.

Exam trap

The trap here is that candidates confuse `rollback 0` (revert to last committed config, discarding uncommitted changes) with `rollback 1` (revert to previous committed config while preserving uncommitted changes), or they mistakenly think `delete` can undo a commit.

How to eliminate wrong answers

Option B is wrong because `delete` removes configuration statements from the candidate configuration, not from the committed configuration, and it does not perform a rollback to a previous state. Option C is wrong because `rollback 0` reverts the candidate configuration to the currently active committed configuration, which would discard any uncommitted changes the engineer wants to keep. Option D is wrong because `commit check` only validates the syntax and semantics of the candidate configuration without committing it; it does not roll back to any previous configuration.

156
MCQeasy

An engineer wants to view the current active configuration file that the device is using. Which command displays this information?

A.show configuration candidates
B.show system commit
C.show configuration
D.show configuration | display set
AnswerC

This displays the active committed configuration.

Why this answer

Option C is correct because the 'show configuration' command displays the current active configuration that the device is using, which is the committed configuration stored in /config/juniper.conf.gz. This command reads the active configuration file directly from the file system, showing the exact operational configuration that Junos applies to the device.

Exam trap

The trap here is that candidates may confuse 'show configuration' with 'show configuration | display set' or think 'show system commit' shows the active config, when in fact it only shows commit history, not the current running configuration.

How to eliminate wrong answers

Option A is wrong because 'show configuration candidates' is not a valid Junos command; the correct command to view candidate configuration is 'show configuration' without any modifier, or 'show | compare' to see changes. Option B is wrong because 'show system commit' displays the commit history log, including timestamps and user information, not the active configuration file itself. Option D is wrong because 'show configuration | display set' is a pipe modifier that reformats the output into set commands, but it still shows the active configuration; however, the question asks for the command that displays the active configuration file, and the base command is 'show configuration', not the piped variant.

157
MCQeasy

An engineer needs to view the current active configuration on a Juniper device. Which command will display the configuration that is currently running?

A.show chassis hardware
B.show interfaces terse
C.show configuration
D.show system commit
AnswerC

Displays the current active configuration (or candidate if uncommitted changes exist).

Why this answer

The 'show configuration' command displays the current active configuration that is committed and running on a Juniper device. Unlike Cisco's 'show running-config', Junos uses a commit model where the candidate configuration is activated only after a 'commit' operation, and 'show configuration' shows that committed, active configuration.

Exam trap

Juniper Networks often tests the 'show running-config' equivalent, and the trap here is that candidates familiar with Cisco may mistakenly choose 'show system commit' (thinking it shows the running config) or 'show interfaces terse' (confusing interface status with the full configuration).

How to eliminate wrong answers

Option A is wrong because 'show chassis hardware' displays physical hardware inventory details (e.g., serial numbers, part numbers, firmware versions), not the running configuration. Option B is wrong because 'show interfaces terse' shows a summary of interface status and configuration (like IP addresses and administrative state), but not the full active configuration. Option D is wrong because 'show system commit' lists the commit history (timestamps, log messages, and rollback IDs), not the current running configuration.

158
MCQeasy

After making several configuration changes, an engineer wants to see what changes were made in the candidate configuration compared to the last committed configuration. Which command should be used?

A.show configuration
B.show configuration | compare
C.show system rollback
D.show log messages
AnswerB

Shows differences between candidate and committed.

Why this answer

Option B is correct because the 'show configuration | compare' command displays the differences between the candidate configuration and the active committed configuration. This pipe filter compares the current candidate configuration against the last committed configuration, showing added, changed, or deleted lines with '+' and '-' prefixes, which directly meets the engineer's requirement.

Exam trap

The trap here is that candidates confuse 'show configuration' (which outputs the full candidate config) with 'show configuration | compare' (which shows only the differences), or they mistakenly think 'show system rollback' provides a diff against the candidate rather than listing historical committed configurations.

How to eliminate wrong answers

Option A is wrong because 'show configuration' displays the entire candidate configuration, not the differences from the last committed configuration, so it does not highlight what changes were made. Option C is wrong because 'show system rollback' lists the available rollback snapshots (e.g., rollback 0, 1, 2) but does not show a comparison of the candidate configuration against the last committed configuration; it is used for viewing previous committed configurations. Option D is wrong because 'show log messages' displays system log messages (e.g., from the messages file), which contain operational events and errors, not a structured diff of configuration changes.

159
MCQmedium

A network engineer needs to add an additional IP address to an interface that already has a primary IP configured. Which method should be used?

A.set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.2/24
B.set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.2/24 secondary
C.set interfaces ge-0/0/0 unit 0 family inet secondary address 10.0.0.2/24
D.set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.2/24 primary
AnswerB

Correct syntax for adding a secondary address.

Why this answer

Option B is correct because in Junos, to add an additional IP address to an interface that already has a primary IP configured, you must append the 'secondary' keyword to the address configuration statement. This allows multiple IPv4 addresses on the same logical interface unit, with the first address assigned being the primary and subsequent addresses marked as secondary.

Exam trap

The trap here is that candidates familiar with Cisco IOS might use the 'secondary' keyword as a subcommand under the interface (e.g., 'ip address 10.0.0.2 255.255.255.0 secondary'), but in Junos, the correct syntax places 'secondary' after the address in the same configuration line, not as a separate hierarchy.

How to eliminate wrong answers

Option A is wrong because it attempts to configure a second IP address without the 'secondary' keyword, which would replace the existing primary address rather than add an additional one. Option C is wrong because the syntax 'set interfaces ... family inet secondary address' is invalid; the 'secondary' keyword is a property of the address, not a separate hierarchy level. Option D is wrong because the 'primary' keyword is used to designate a specific address as the primary when multiple addresses exist, not to add a new address; adding 'primary' to a new address would conflict with the existing primary.

160
Multi-Selecteasy

Which two commands can be used to display real-time interface information? (Choose two.)

Select 2 answers
A.monitor interface
B.monitor traffic
C.show log
D.request system reboot
E.show system storage
AnswersA, B

Provides real-time interface statistics.

Why this answer

The `monitor interface` command provides a real-time, continuously updating view of interface statistics, including traffic counters, errors, and operational status. The `monitor traffic` command captures and displays live packet headers or full packets on an interface, useful for real-time traffic analysis. Both commands are designed for live monitoring, unlike static `show` commands or administrative actions.

Exam trap

The trap here is confusing static `show` commands (like `show interfaces`) with real-time `monitor` commands, or assuming that any command displaying data is real-time, when only `monitor` commands provide live, updating output.

161
MCQhard

Based on the exhibit, the interface appears to be up and has an IP address, but the 'monitor traffic' output shows no packets. What is the most likely cause?

A.The interface is not in promiscuous mode, and 'monitor traffic' requires that mode to capture packets.
B.The interface is administratively down.
C.The interface is an unnumbered Ethernet interface.
D.A firewall filter is blocking all inbound traffic.
AnswerA

By default, Junos captures only packets destined to the router; for all packets, interface must be in promiscuous mode.

Why this answer

Option B is correct because the interface is in forwarding mode, and 'monitor traffic' only captures packets when the interface is in promiscuous mode. Option A is wrong because the interface is administratively up. Option C is wrong because there is no firewall filter configured in the exhibit.

Option D is wrong because the interface has an IP address and is not unnumbered.

162
Drag & Dropmedium

Order the steps to configure firewall filters (ACLs) in Junos.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Firewall filters are defined with terms (match conditions and actions) and applied to interfaces.

163
MCQeasy

A network engineer needs to check the system's disk space usage. Which command should be used?

A.show system storage
B.show configuration
C.show version
D.show system uptime
AnswerA

Displays disk space usage.

Why this answer

The 'show system storage' command displays disk space usage on Junos devices, including total, used, and available space for each mounted filesystem. This is the correct command for monitoring storage utilization, as it directly reports on the /, /config, and /var partitions critical for system operation.

Exam trap

The trap here is that candidates might confuse 'show system storage' with 'show system uptime' or 'show version' because they all start with 'show system', but only 'show system storage' provides disk space information.

How to eliminate wrong answers

Option B is wrong because 'show configuration' displays the active configuration, not disk space usage. Option C is wrong because 'show version' shows software version and hardware model information, not storage details. Option D is wrong because 'show system uptime' displays how long the device has been running and load averages, not disk space.

164
MCQmedium

Refer to the exhibit. What will happen if the engineer commits this configuration?

A.The interface will have two primary IP addresses.
B.The configuration will fail because inet and inet6 cannot coexist.
C.The interface will support both IPv4 and IPv6 traffic.
D.Only the family inet will be applied.
AnswerC

Dual-stack interface with both address families.

Why this answer

Option C is correct because the configuration shown includes both `family inet` and `family inet6` under the same interface. Junos allows multiple address families to coexist on a single interface, enabling the interface to process both IPv4 and IPv6 traffic simultaneously. This is a standard feature of Junos, not an error.

Exam trap

The trap here is that candidates may mistakenly think Junos requires separate interfaces for IPv4 and IPv6, or that configuring both families will cause a commit error, when in fact dual-stack is a standard and expected configuration in Junos.

How to eliminate wrong answers

Option A is wrong because Junos does not allow two primary IP addresses on the same interface; only one primary address per address family is permitted, and the configuration shows separate families, not two primaries in the same family. Option B is wrong because `inet` and `inet6` can absolutely coexist on a Junos interface; this is a fundamental capability of dual-stack networking, and Junos supports it natively. Option D is wrong because both `family inet` and `family inet6` are explicitly configured and will be applied; Junos does not ignore one family when both are present.

165
Multi-Selectmedium

Which TWO commands can be used to monitor system log messages in real-time?

Select 2 answers
A.show log messages | last 100
B.show system log messages
C.show configuration system syslog
D.monitor start interactive-commands
E.monitor start messages
AnswersD, E

The 'monitor start interactive-commands' command displays real-time output of user commands logged to the interactive-commands log file. It is another real-time monitoring option.

Why this answer

Option D is correct because the 'monitor start interactive-commands' command in Junos OS enables real-time monitoring of interactive commands executed on the device, displaying them as they occur. Option E is correct because 'monitor start messages' streams the contents of the /var/log/messages file in real-time, allowing you to see new syslog entries as they are generated. Both commands use the 'monitor start' family, which is specifically designed for real-time log monitoring, unlike 'show log' which only displays historical data.

Exam trap

The trap here is that candidates confuse static 'show log' commands (which display historical log data) with dynamic 'monitor start' commands (which provide real-time streaming), and may also mistakenly think 'show system log messages' is a valid command when it is not.

166
Multi-Selectmedium

Which TWO statements about the Junos commit model are true?

Select 2 answers
A.A commit makes the candidate configuration the active configuration.
B.The commit command is used to discard changes.
C.The rollback command can be used to revert to a previous configuration.
D.A commit validation is performed automatically before commit.
E.Multiple candidates can be active simultaneously.
AnswersA, C

A is true.

Why this answer

Option A is correct because the Junos commit model uses a two-phase process: changes are made to the candidate configuration, and the `commit` command activates that candidate configuration as the new active configuration. This ensures that changes are not applied until explicitly committed, providing a safe and predictable way to modify the device's operational state.

Exam trap

The trap here is confusing the `commit` command with discarding changes (Option B) or assuming automatic validation (Option D), which are common misconceptions from other vendor CLI behaviors like Cisco IOS where `write memory` saves immediately and validation is often implicit.

167
MCQhard

In a dual Routing Engine (RE) setup, an engineer commits a configuration change that should be applied to both REs synchronously. What is the correct command to ensure both REs receive the same configuration immediately?

A.commit confirmed
B.commit check synchronize
C.commit and-quit
D.commit synchronize
AnswerD

'commit synchronize' commits the configuration on both Routing Engines simultaneously.

Why this answer

Option D is correct because the 'commit synchronize' command commits the configuration on the master Routing Engine and then automatically copies and commits the same configuration to the backup RE, ensuring both REs have identical active configurations immediately. This is the standard Junos method for synchronizing configurations in a dual-RE chassis.

Exam trap

The trap here is that candidates confuse 'commit synchronize' with 'commit check' or 'commit confirmed', not realizing that only 'commit synchronize' explicitly pushes the configuration to the backup RE in a dual-RE setup.

How to eliminate wrong answers

Option A is wrong because 'commit confirmed' is used to automatically roll back a commit after a specified timeout if not confirmed, not for synchronizing configurations between REs. Option B is wrong because 'commit check synchronize' is not a valid Junos command; 'commit check' validates syntax but does not apply changes, and the 'synchronize' option is only valid with 'commit'. Option C is wrong because 'commit and-quit' is used in configuration mode to commit and exit, but it does not synchronize the configuration to the backup RE.

168
Multi-Selectmedium

Which TWO statements are true regarding the Junos CLI? (Choose two.)

Select 2 answers
A.The pipe (|) can be used to filter command output.
B.The 'edit' command is used in operational mode to navigate the hierarchy.
C.The 'set' command is used in operational mode to set parameters.
D.The 'commit' command applies the candidate configuration.
E.The 'rollback 0' command discards the candidate configuration.
AnswersA, D

The pipe filters output.

Why this answer

Option A is correct because the pipe (|) in the Junos CLI is used to filter command output, allowing you to apply modifiers like 'match', 'except', 'count', or 'display set' to refine the displayed information. This is a fundamental feature for efficiently managing large amounts of operational or configuration data.

Exam trap

The trap here is that candidates often confuse the use of 'edit', 'set', and 'rollback' commands between operational and configuration modes, mistakenly thinking they can be used interchangeably, when in fact they are strictly mode-specific.

169
Multi-Selectmedium

Which THREE statements about the commit operation are correct? (Choose three.)

Select 3 answers
A.The 'commit check' command validates the syntax of the candidate configuration without activating it.
B.After a successful commit, the candidate configuration becomes the active configuration.
C.A commit can be scheduled to revert automatically if not confirmed within a certain time.
D.The candidate configuration is stored in a file named 'juniper.conf' on the flash drive.
E.A commit operation automatically saves the rescue configuration.
AnswersA, B, C

Syntax-only validation.

Why this answer

Option A is correct because the 'commit check' command validates the syntax and semantics of the candidate configuration without activating it. This allows an administrator to verify that the configuration is error-free before making it active, preventing potential misconfigurations from disrupting network operations.

Exam trap

The trap here is that candidates often confuse the candidate configuration with the active configuration file (juniper.conf) or assume that a commit automatically updates the rescue configuration, when in fact the rescue configuration is a manually saved snapshot used for disaster recovery.

170
MCQhard

A company has a Juniper MX router acting as a BGP route reflector. The router has two routing instances: 'internet' and 'management'. The 'internet' instance uses a firewall filter to block traffic to the router's loopback address from external sources. After a recent configuration change, the engineer notices that SSH access to the router's loopback IP (10.0.0.1) from the internal management network (192.168.0.0/16) is being dropped. The firewall filter for the loopback interface in the 'internet' instance is correctly configured to allow traffic from 192.168.0.0/16. The management instance has no firewall filter applied. The engineer suspects that the issue is related to how the routing instances interact with the loopback interface. Which of the following is the most likely cause and solution?

A.The management instance needs a firewall filter that allows SSH; add a filter to the management instance's loopback.
B.The firewall filter in the 'internet' instance incorrectly blocks SSH; modify the filter to allow SSH from any source.
C.The BGP configuration is causing the loopback to be unreachable; disable BGP on the management instance.
D.The firewall filter applied to the loopback interface is shared across all routing instances; use a separate interface for management traffic or apply the filter only to the 'internet' instance's logical system.
AnswerD

The loopback interface is shared; the filter affects all traffic to the loopback.

Why this answer

In Junos, firewall filters applied to the loopback interface (lo0) are shared across all routing instances by default because the loopback is a single physical interface. Even though the filter is configured in the 'internet' instance, it affects traffic destined to the loopback IP from any instance, including the 'management' instance. To isolate management traffic, you must either use a separate physical interface or apply the filter only to the 'internet' instance's logical system (e.g., using a firewall filter with a routing-instance match condition).

Exam trap

The trap here is that candidates assume firewall filters are instance-specific on the loopback interface, but Junos applies them globally by default, leading to the misconception that adding a filter to the management instance or modifying the existing filter will solve the problem.

How to eliminate wrong answers

Option A is wrong because the management instance has no firewall filter, and adding one would not resolve the issue—the problem is that the filter from the 'internet' instance is blocking traffic. Option B is wrong because the filter is correctly configured to allow SSH from 192.168.0.0/16; modifying it to allow SSH from any source would violate security policy and does not address the root cause of filter sharing. Option C is wrong because BGP configuration does not inherently cause the loopback to be unreachable; BGP is a routing protocol and does not affect firewall filter application on the loopback interface.

171
MCQhard

Refer to the exhibit. The router has three static routes configured. Which route will be used to forward a packet destined to 172.16.1.100?

A.The default route (0.0.0.0/0)
B.The router will drop the packet.
C.The static route to 10.0.0.0/8
D.The static route to 172.16.0.0/16
AnswerD

The destination 172.16.1.100 is within the 172.16.0.0/16 network.

Why this answer

The router will use the most specific matching route for the destination 172.16.1.100. The static route to 172.16.0.0/16 has a prefix length of 16, which is more specific than the default route (0.0.0.0/0) and the route to 10.0.0.0/8 (which does not match the destination). Therefore, the route to 172.16.0.0/16 is selected based on the longest-prefix-match rule.

Exam trap

The trap here is that candidates often assume a default route will always be used as a catch-all, but they forget that a more specific static route (like 172.16.0.0/16) will take precedence over the default route for matching destinations.

How to eliminate wrong answers

Option A is wrong because the default route (0.0.0.0/0) is only used when no more specific route matches the destination; here, the 172.16.0.0/16 route is a better match. Option B is wrong because the router does not drop the packet; it has a matching route (172.16.0.0/16) and will forward the packet accordingly. Option C is wrong because the static route to 10.0.0.0/8 does not match the destination 172.16.1.100, as the destination falls outside the 10.0.0.0/8 range.

172
MCQeasy

An administrator notices that the routing table is not updating as expected. Which command should be used to verify the routing table contents?

A.show log
B.show route
C.show system storage
D.show interfaces
AnswerB

Displays the routing table.

Why this answer

The 'show route' command displays the routing table, which contains all active routes learned via static configuration, direct interfaces, or dynamic routing protocols such as OSPF, IS-IS, BGP, and RIP. If the routing table is not updating as expected, this command allows the administrator to verify the current routes, their next hops, and protocol sources to identify missing or incorrect entries.

Exam trap

The trap here is that candidates may confuse 'show route' with 'show interfaces' or 'show log', thinking that interface status or log messages would directly reveal routing table updates, when in fact only 'show route' provides the definitive view of the routing table contents.

How to eliminate wrong answers

Option A is wrong because 'show log' displays system log messages (e.g., from syslog or traceoptions), not the routing table contents; it is used for troubleshooting events, not for viewing route entries. Option C is wrong because 'show system storage' reports disk usage and file system space, which is unrelated to routing table updates. Option D is wrong because 'show interfaces' displays interface status, statistics, and configuration, but does not show the routing table; it is used for verifying link-level connectivity, not route propagation.

173
MCQhard

You are a network administrator for a large enterprise. The Juniper EX4300 switch that serves as the distribution layer for the finance department is experiencing high CPU utilization. Users are complaining of slow network performance. You have accessed the switch via console and notice that the CPU load is consistently above 90%. You need to identify the process causing the high CPU usage. Which command should you use?

A.'show task summary' to see kernel task CPU usage.
B.'show system processes' to list all processes and their CPU usage.
C.'show system resources' to check memory and CPU.
D.'show system statistics' to view overall system stats.
AnswerB

Displays CPU and memory usage per process to identify the culprit.

Why this answer

The 'show system processes' command displays a list of all running processes along with their CPU and memory usage, allowing you to identify which process is consuming excessive CPU resources. This is the direct method to pinpoint the offending process on a Juniper EX4300 switch running Junos OS.

Exam trap

The trap here is that candidates confuse 'show system resources' (which shows aggregate CPU/memory) with the per-process breakdown needed to identify the specific process, leading them to choose option C instead of B.

How to eliminate wrong answers

Option A is wrong because 'show task summary' displays kernel task statistics (such as task name, CPU time, and state) but does not provide per-process CPU usage percentages needed to identify the specific process causing high CPU. Option C is wrong because 'show system resources' shows overall CPU and memory utilization but does not break down usage by individual processes. Option D is wrong because 'show system statistics' displays cumulative system counters (like packets, errors, and drops) rather than per-process CPU consumption.

174
MCQhard

A senior network administrator is logged into a Juniper device in operational mode. They need to make a configuration change to the BGP group 'INTERNAL'. They type 'configure terminal' and receive 'unknown command'. They then type 'configure' and enter configuration mode. They make the needed changes and exit configuration mode using 'exit'. They then try to view the active configuration to verify the changes by typing 'show configuration | match INTERNAL'. They see no output. What is the most likely reason?

A.The command 'show configuration' only shows the candidate configuration, not the active.
B.They exited configuration mode without committing, so the changes were lost.
C.They should have used 'commit' before exiting configuration mode.
D.They need to be in configuration mode to run 'show configuration'.
AnswerC

Commit activates the changes; without commit, the active configuration is unchanged.

Why this answer

Option C is correct because in Junos, configuration changes made in configuration mode are stored in a candidate configuration until explicitly committed using the 'commit' command. Exiting configuration mode with 'exit' without committing discards all uncommitted changes, so the BGP group 'INTERNAL' modification never became part of the active configuration. The 'show configuration' command displays the active (committed) configuration, which explains why no output matching 'INTERNAL' was seen.

Exam trap

The trap here is that candidates familiar with Cisco IOS expect 'exit' to save changes or that 'show running-config' shows uncommitted changes, but Junos requires an explicit 'commit' to activate changes, and 'show configuration' only reflects the committed state.

How to eliminate wrong answers

Option A is wrong because 'show configuration' in operational mode displays the active (committed) configuration, not the candidate configuration; the candidate configuration is viewed with 'show | compare' or by being in configuration mode. Option B is wrong because exiting configuration mode without committing does not automatically lose changes—the candidate configuration persists until explicitly discarded with 'rollback' or overridden, but the changes are not active until committed; however, the question states they exited and then ran 'show configuration', which shows the active config, so the changes were effectively not visible because they were never committed. Option D is wrong because 'show configuration' can be run from operational mode (it is a valid operational command) and does not require being in configuration mode.

175
Multi-Selecteasy

Which two commands can be used to view the candidate configuration in set format? (Choose two.)

Select 2 answers
A.show configuration | display set | no-parenthesis
B.show | set
C.show | display set (in configuration mode)
D.show configuration | display set (in operational mode)
E.show configuration | display inherited
AnswersC, D

This command displays the candidate configuration in set format from configuration mode.

Why this answer

Option C is correct because in configuration mode, the 'show | display set' command outputs the candidate configuration as a series of 'set' commands, which is a compact and script-friendly format. Option D is also correct because the same output can be achieved in operational mode using 'show configuration | display set', which displays the candidate configuration from the operational CLI context.

Exam trap

The trap here is that candidates confuse the 'display set' modifier with the 'set' command or assume that 'show | set' is a valid shortcut, when in fact the correct syntax requires the pipe to 'display set' and the command must be issued in the appropriate mode (configuration or operational with 'show configuration').

176
MCQmedium

Refer to the exhibit. What is the effect of the pending changes?

A.The IP address 10.0.0.2 will be replaced by 10.0.0.1 after commit.
B.The comparison shows no changes.
C.The interface will have two IP addresses: 10.0.0.1 and 10.0.0.2.
D.The candidate configuration will be empty after commit.
AnswerA

The minus and plus indicate replacement.

Why this answer

The candidate configuration shows that the IP address 10.0.0.2 is being deleted and replaced with 10.0.0.1 on interface ge-0/0/0. In Junos, pending changes are staged in the candidate configuration and only take effect after a commit. The 'replace:' tag indicates that the existing address 10.0.0.2 will be removed and 10.0.0.1 will be added upon commit.

Exam trap

The trap here is that candidates may misinterpret the 'replace:' tag as an addition rather than a replacement, leading them to think both IP addresses will coexist, or they may assume no changes are shown because they overlook the 'replace:' indicator.

How to eliminate wrong answers

Option B is wrong because the comparison clearly shows a change: the 'replace:' tag indicates that 10.0.0.2 is being replaced by 10.0.0.1, so there is a pending modification. Option C is wrong because Junos does not allow two IP addresses in the same subnet on the same interface without additional configuration; the 'replace:' operation removes the old address before adding the new one, so both addresses will not coexist. Option D is wrong because the candidate configuration contains the new address 10.0.0.1, so it will not be empty after commit; only the old address is removed.

177
Multi-Selecteasy

Which TWO statements about the Junos CLI are correct?

Select 2 answers
A.The `commit confirmed` command saves the configuration permanently.
B.The pipe character (|) can be used to filter command output.
C.The `run` command allows operational mode commands to be executed from configuration mode.
D.The `set cli screen-length 0` command disables command-line editing features.
E.The `rollback 0` command reverts to the previous committed configuration.
AnswersB, C

This is a standard Junos CLI feature for filtering output.

Why this answer

Option A is correct because the pipe character filters output in operational mode. Option D is correct because the `run` command allows executing operational commands from configuration mode. Option B is wrong because `commit confirmed` requires a subsequent commit to make changes permanent.

Option C is wrong because `rollback 0` reverts to the current active configuration, not the previous one. Option E is wrong because `set cli screen-length 0` disables paging, not command-line editing.

178
MCQeasy

A network administrator wants to quickly review only the parts of the Junos configuration that differ from the factory defaults, to identify custom settings. Which command is most appropriate?

A.show configuration | no-more
B.show configuration
C.show configuration | display omit
D.show | compare
AnswerC

Correctly omits default configuration statements, showing only non-default settings.

Why this answer

Option C is correct because the 'display omit' pipe modifier filters out configuration statements that match the factory-default values, showing only the lines that differ from the defaults. This allows the administrator to quickly review custom settings without manually comparing against a baseline.

Exam trap

The trap here is that candidates often confuse 'display omit' with 'display set' or 'show | compare', mistakenly thinking that comparing candidate vs. active configuration is the same as filtering out factory defaults.

How to eliminate wrong answers

Option A is wrong because 'show configuration | no-more' simply disables the pager output but still displays the entire configuration, including all default settings. Option B is wrong because 'show configuration' outputs the full active configuration without any filtering, requiring manual inspection to identify custom settings. Option D is wrong because 'show | compare' compares the candidate configuration against the active configuration, not against factory defaults, and is used to review pending changes before commit.

179
Multi-Selectmedium

Which TWO statements are true regarding Junos configuration groups?

Select 2 answers
A.Configuration groups never override existing settings.
B.Configuration groups are applied using the apply-groups statement.
C.Configuration groups are only useful for interface configuration.
D.Configuration groups are applied automatically to all hierarchies.
E.Configuration groups are applied in the order they are listed in apply-groups.
AnswersB, E

B is true.

Why this answer

Option B is correct because the `apply-groups` statement is the explicit mechanism used to reference and apply a configuration group to a specific hierarchy or the entire configuration. Without `apply-groups`, the group definition has no effect.

Exam trap

The trap here is that candidates often assume configuration groups automatically apply to all hierarchies or that they cannot override existing settings, but in reality, groups are explicitly applied and follow a strict precedence order where later groups can override earlier ones.

180
MCQmedium

An administrator needs to verify the current time and time zone configured on the Juniper device. Which command should they use?

A.show system uptime
B.show system clock
C.show system information
D.show system date
AnswerB

Displays current system date and time.

Why this answer

The correct command is 'show system clock' because it displays the current system time and time zone configured on the Juniper device. This command is specifically designed to show the local time, time zone offset, and whether daylight saving time is active, making it the precise tool for verifying time and time zone settings.

Exam trap

The trap here is that candidates confuse 'show system uptime' with time display, but uptime only shows elapsed time since boot, not the current clock time or time zone.

How to eliminate wrong answers

Option A is wrong because 'show system uptime' displays how long the device has been running since last reboot, along with load averages and users, but does not show the configured time zone. Option C is wrong because 'show system information' shows hardware model, serial number, software version, and other system details, but not the current time or time zone. Option D is wrong because 'show system date' is not a valid Junos command; the correct command for date/time display is 'show system clock'.

181
MCQhard

A Juniper router experiences a power outage. After power is restored, the router fails to boot completely and stops at the loader (U-Boot) prompt. You have console access. Before the outage, you had saved a rescue configuration. How can you load the rescue configuration to recover the system?

A.Type 'load rescue' at the loader prompt.
B.Type 'boot rescue' at the loader prompt.
C.Power cycle with a pin in the reset hole.
D.Type 'boot -s' to enter single-user mode, then load rescue.
AnswerB

This boots the device with the rescue configuration.

Why this answer

Option B is correct because at the U-Boot loader prompt, the 'boot rescue' command instructs the router to boot using the rescue configuration stored in the /config directory. The rescue configuration is a known-good configuration that can be saved via 'request system configuration rescue save' and is loaded directly by the boot loader when the normal boot process fails.

Exam trap

The trap here is that candidates confuse the CLI command 'load rescue' (used in operational mode to merge or replace the candidate configuration) with the boot loader command 'boot rescue', and they assume the loader supports Junos CLI syntax.

How to eliminate wrong answers

Option A is wrong because 'load rescue' is a valid command only at the Junos CLI (operational mode), not at the U-Boot loader prompt; the loader does not support Junos CLI commands. Option C is wrong because power cycling with a pin in the reset hole performs a hardware factory reset, which clears all configurations including the rescue configuration, and is not a method to load a saved rescue config. Option D is wrong because 'boot -s' is not a valid U-Boot command; single-user mode is entered from the Junos boot menu (after the kernel loads), not from the loader prompt, and the loader cannot interpret Junos boot flags.

182
Multi-Selecthard

Which THREE statements are true about VLANs on Juniper EX switches? (Select three.)

Select 3 answers
A.Hosts in different VLANs can communicate without any additional configuration
B.A single VLAN can extend across multiple switches via trunk ports
C.Each VLAN must have a unique VLAN ID within a single switch
D.VLANs provide broadcast isolation between different VLANs
E.VLANs are automatically created when you assign an interface to an untagged VLAN
AnswersB, C, D

Trunk ports carry multiple VLANs between switches.

Why this answer

Option B is correct because VLANs are designed to span multiple switches by using trunk ports that carry traffic for multiple VLANs. On Juniper EX switches, trunk ports (configured with the 'trunk' port mode) allow VLAN-tagged frames to traverse between switches, enabling a single VLAN to extend across a network. This is fundamental to VLAN operation, as it allows devices in the same VLAN to communicate regardless of which switch they are connected to.

Exam trap

The trap here is that candidates often assume VLANs are automatically created when an interface is assigned to them (as in some Cisco IOS versions), but Juniper EX switches require explicit VLAN definition in the configuration, and they also mistakenly think inter-VLAN communication is possible without a router due to the 'native VLAN' concept.

183
MCQhard

Refer to the exhibit. An engineer configures a new IPv6 address on ge-0/0/0 unit 0 by entering the following commands in configuration mode: set interfaces ge-0/0/0 unit 0 family inet6 address 2001:db8::2/64 commit After the commit, the engineer runs 'show interfaces terse ge-0/0/0' and sees only the two original addresses. What is the most likely cause?

A.The engineer used 'commit' instead of 'commit confirmed'.
B.The engineer did not enter configuration mode before running the 'set' command.
C.Junos only allows one IPv6 address per interface.
D.The 'set' command requires the 'add' keyword to add a second address.
AnswerB

'set' is a configuration mode command; in operational mode it would be rejected.

Why this answer

Option B is correct because the engineer likely ran the 'set' command from operational mode (e.g., at the '>' prompt) rather than from configuration mode (e.g., at the '#' prompt). In Junos, 'set' commands only take effect when entered in configuration mode; if entered in operational mode, they are silently ignored or produce an error, and the configuration is not modified. Since the engineer saw no new address after commit, the 'set' command was never applied to the candidate configuration.

Exam trap

The trap here is that candidates accustomed to Cisco IOS may assume a 'set' command entered at any prompt modifies the running configuration, but Junos requires explicit entry into configuration mode (via 'configure' or 'edit') for such commands to take effect.

How to eliminate wrong answers

Option A is wrong because 'commit confirmed' is used for automatic rollback if the commit is not confirmed within a timeout; using a regular 'commit' does not prevent address addition. Option C is wrong because Junos supports multiple IPv6 addresses on a single interface (e.g., multiple 'address' statements under 'family inet6'). Option D is wrong because Junos does not require an 'add' keyword; simply specifying a new 'address' statement under the existing 'family inet6' hierarchy adds it without any special keyword.

184
MCQmedium

An administrator wants to ensure that if a network interface fails, the routing protocol process automatically restarts. Which Junos feature should be configured?

A.auto-restart
B.Nonstop Routing (NSR)
C.Bidirectional Forwarding Detection (BFD)
D.Graceful Restart
AnswerA

The 'auto-restart' configuration under routing options automatically restarts the routing protocol process if it fails.

Why this answer

Option A is correct because the 'auto-restart' feature in Junos automatically restarts the routing protocol process (e.g., rpd) if it detects that the interface associated with the protocol has failed. This ensures high availability by recovering the routing process without manual intervention, specifically targeting the scenario described in the question.

Exam trap

The trap here is that candidates often confuse 'auto-restart' with Graceful Restart or NSR, assuming any 'restart' feature handles interface failures, but auto-restart is specifically for restarting the routing process, not preserving state during switchover or forwarding during restart.

How to eliminate wrong answers

Option B is wrong because Nonstop Routing (NSR) is designed to preserve routing state during a graceful Routing Engine switchover, not to restart the routing protocol process upon interface failure. Option C is wrong because Bidirectional Forwarding Detection (BFD) provides fast failure detection for forwarding path issues, but it does not trigger a restart of the routing protocol process. Option D is wrong because Graceful Restart allows a router to continue forwarding packets while its routing protocol process restarts, but it is a cooperative mechanism with neighbors, not a feature that automatically restarts the process upon interface failure.

185
Multi-Selecteasy

An engineer needs to check for packet errors on an interface. Which two commands provide error counter information? (Choose two.)

Select 2 answers
A.show interfaces diagnostics
B.show interface errors
C.show interfaces extensive
D.show interfaces errors
E.show interfaces terse
AnswersC, D

'show interfaces extensive' includes detailed error counters among other information.

Why this answer

Option B, 'show interfaces errors', provides a concise view of error counters per interface. Option C, 'show interfaces extensive', includes detailed error statistics. Option A shows a brief summary without errors.

Option D is invalid syntax (singular 'interface'). Option E shows optical diagnostics, not packet errors.

186
Multi-Selecthard

Which THREE route types are considered protocol-independent in Junos?

Select 3 answers
A.BGP routes
B.Direct routes
C.Local routes
D.Static routes
E.OSPF routes
AnswersB, C, D

Direct routes are protocol-independent, derived from interface configuration.

Why this answer

Direct, local, and static routes are considered protocol-independent because they are not learned or installed by any dynamic routing protocol. Direct routes are automatically created for directly connected interfaces, local routes represent the interface's own IP address, and static routes are manually configured by an administrator. These routes exist in the routing table regardless of whether any routing protocol is running, hence the term 'protocol-independent'.

Exam trap

The trap here is that candidates often confuse 'protocol-independent' with 'routing protocol' and incorrectly assume that all routes in the routing table are protocol-dependent, forgetting that direct, local, and static routes are manually or automatically generated without a dynamic protocol's involvement.

187
MCQhard

A route learned via BGP appears as 'hidden' in the routing table. Which condition is most likely the cause?

A.The BGP route has a higher AS path length than another route
B.The BGP route has been rejected by a policy
C.The BGP next-hop is unreachable
D.The BGP local preference is too high
AnswerC

If the next-hop is not reachable, the route is hidden.

Why this answer

A hidden route typically indicates that the next-hop is unreachable or unresolved. Option A is correct. Option B describes a route that is visible but not active.

Option C describes a route that may not be active but still visible. Option D is incorrect because hidden routes are still candidates.

188
MCQhard

An operator needs to copy the running configuration to a remote FTP server for backup. Which command accomplishes this?

A.scp /config/juniper.conf.gz user@server:/path
B.copy configuration to ftp://user:pass@server/path
C.ftp put /config/juniper.conf.gz
D.file copy /config/juniper.conf.gz ftp://user:pass@server/path
AnswerD

Correctly copies the configuration file to an FTP server.

Why this answer

Option D is correct because the `file copy` command in Junos is the standard method for transferring files to or from the device, and it supports FTP as a source or destination. The syntax `file copy /config/juniper.conf.gz ftp://user:pass@server/path` correctly specifies the local file path and the remote FTP URL, including credentials and destination path.

Exam trap

The trap here is that candidates familiar with Cisco IOS may expect a command like `copy running-config ftp:` or `ftp put`, but Junos uses a unified `file copy` command with protocol-specific URLs, and the configuration file is stored at `/config/juniper.conf.gz` rather than in a running-config concept.

How to eliminate wrong answers

Option A is wrong because `scp` is not a valid Junos CLI command; file transfers using SCP are performed via the `file copy` command with an `scp://` URL, not a standalone `scp` command. Option B is wrong because `copy configuration` is not a valid Junos command; the correct command to copy the configuration is `file copy`, and the syntax shown does not match Junos CLI conventions. Option C is wrong because `ftp put` is not a Junos CLI command; Junos uses `file copy` with an FTP URL to upload files, and the path `/config/juniper.conf.gz` is correct but the command syntax is invalid.

189
MCQmedium

When configuring OSPF on a Juniper router, an engineer applies the 'area 0.0.0.0 interface ge-0/0/1.0 passive' command. What is the effect of this configuration?

A.The interface will not be advertised in OSPF at all, and no OSPF traffic will be transmitted.
B.The interface will only accept incoming OSPF packets but will not send any.
C.The interface will not send OSPF hellos, but the connected network will still be advertised in OSPF.
D.The interface will actively send OSPF hellos and attempt to form adjacencies.
AnswerC

Correct behavior of a passive OSPF interface.

Why this answer

The 'passive' configuration on an OSPF interface in Junos prevents the interface from sending OSPF Hello packets, which stops the formation of neighbor adjacencies. However, the interface's connected network prefix is still advertised as a stub network in OSPF Type 1 LSAs, ensuring reachability to that subnet without dynamic neighbor relationships.

Exam trap

The trap here is that candidates often confuse 'passive' with 'disable' or assume it blocks all OSPF traffic, when in fact it only stops Hello transmission while still advertising the network.

How to eliminate wrong answers

Option A is wrong because the passive interface does not suppress the advertisement of the connected network; the prefix is still injected into OSPF. Option B is wrong because the passive interface does not accept incoming OSPF packets either; it simply does not send Hellos, but it will still process received OSPF packets if they arrive (though without Hellos, no adjacency forms). Option D is wrong because the passive command explicitly prevents the interface from sending OSPF Hellos, so it will not actively attempt to form adjacencies.

190
MCQmedium

A network administrator is troubleshooting high CPU usage on a Juniper router. Which command helps identify which process is consuming the most CPU?

A.show log messages
B.show system memory
C.show system processes extensive
D.show interfaces
AnswerC

Displays detailed process CPU usage.

Why this answer

The 'show system processes extensive' command displays detailed information about all running processes, including CPU utilization, memory usage, and process IDs. This allows the administrator to identify which process (e.g., routing protocol daemon, management daemon) is consuming the most CPU cycles, directly addressing the troubleshooting need.

Exam trap

The trap here is that candidates often confuse 'show system processes extensive' with 'show system memory' or 'show log messages', mistakenly thinking memory or log analysis will reveal CPU hogs, when only the process list provides per-process CPU metrics.

How to eliminate wrong answers

Option A is wrong because 'show log messages' displays system log entries (syslog), which may indicate errors or events but does not provide real-time per-process CPU usage. Option B is wrong because 'show system memory' reports memory utilization statistics, not CPU consumption by individual processes. Option D is wrong because 'show interfaces' shows interface status and traffic counters, which are unrelated to identifying CPU-intensive processes.

191
Matchingmedium

Match each Junos security feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Protects against network-based attacks

Translates private IP addresses to public IP addresses

Provides secure encrypted tunnels between sites

Controls traffic based on packet headers

Logical grouping of interfaces with security policies

Why these pairings

These are key security features in Junos.

192
MCQeasy

An administrator is asked to check the system log files for any error messages related to interface failures. Which command would be most efficient?

A.monitor start messages | match "error"
B.show log file messages | match "error"
C.show log messages
D.show system syslog messages
AnswerB

Efficiently filters for errors in the log file.

Why this answer

Option B is correct because 'show log messages' displays the contents of the /var/log/messages file, and piping the output to 'match "error"' filters for lines containing 'error', making it the most efficient command to check system log files for interface failure errors. The 'show log' command is the standard way to view log files in JUNOS, and the 'match' filter allows targeted searching without overwhelming the administrator with irrelevant data.

Exam trap

The trap here is that candidates may confuse 'monitor start messages' with 'show log messages', thinking the real-time monitor is more efficient for checking logs, but the question asks for checking existing log files, not monitoring live events.

How to eliminate wrong answers

Option A is wrong because 'monitor start messages' is a real-time monitoring command that continuously streams new log entries to the terminal, not a static search of existing log files; it would require the administrator to wait for errors to occur and does not efficiently check historical logs. Option C is wrong because 'show log messages' displays the entire contents of the messages log file without any filtering, which is inefficient for finding specific error messages related to interface failures, especially on a busy system with many log entries. Option D is wrong because 'show system syslog messages' is not a valid JUNOS command; the correct command to view syslog configuration is 'show configuration system syslog', but this does not display log file contents or error messages.

193
MCQmedium

A network has two equal-cost OSPF paths to 192.168.1.0/24. The engineer wants to enable per-flow load balancing. Which configuration element is required?

A.Configure per-packet load balancing under the interface
B.Add 'multipath' under 'routing-options' for OSPF
C.Define a load-balancing hash-key including Layer 4 information
D.Set a higher preference on one path to force ECMP
AnswerB

'multipath' enables ECMP, which allows multiple equal-cost routes to be used.

Why this answer

ECMP requires enabling the 'multipath' statement under routing-options for the protocol. Option A is correct. Option B is not a typical configuration; per-packet is not recommended.

Option C is incorrect because setting a higher preference would break ECMP. Option D is incorrect because the hash-key is optional and not required.

194
MCQhard

A company runs Juniper MX routers in a data center. They have a monitoring server that polls SNMP every 5 minutes. Recently, the monitoring server reported that interface ge-0/0/1 on router R1 has been down for 3 hours, but the network operations center says that no alarms were triggered and the link appears up from their end. The administrator logs into R1 and runs 'show interfaces ge-0/0/1' and sees that the interface is up with no errors, but the output shows 'Last flapped: 3 hours ago', which matches the monitoring downtime. Further investigation reveals that the interface has been administratively disabled and re-enabled at that time by an automated script that was later rolled back. The monitoring server uses ifAdminStatus and ifOperStatus OIDs. Which action would most reliably prevent this false positive in the future?

A.Use 'show interfaces extensive' to confirm interface status.
B.Change the SNMP polling interval to 1 minute.
C.Monitor ifLastChange OID along with ifOperStatus to detect administrative flapping.
D.Disable the automated script that caused the administrative disable.
AnswerC

ifLastChange provides the timestamp of the last interface state change. Comparing it with administrative changes helps distinguish real failures from administrative actions.

Why this answer

Option D is correct because ifLastChange provides the timestamp of the last state change. By cross-referencing ifLastChange with ifOperStatus, the monitoring system can detect that the 'down' event was administrative (ifAdminStatus changed) rather than a true link failure. Option A reduces polling interval but does not distinguish administrative changes.

Option B disables the script, which is a temporary fix and not a monitoring improvement. Option C relies on manual verification, which is not automated.

195
MCQmedium

An engineer needs to copy a configuration from one device to another. Which command should be used to export the current active configuration in a mergeable format?

A.show configuration | display inheritance
B.show configuration | display json
C.show configuration | display set
D.show configuration | save /var/tmp/config.txt
AnswerC

A outputs set commands suitable for merging.

Why this answer

Option C is correct because the 'show configuration | display set' command outputs the current active configuration as a series of 'set' commands, which can be directly copied and applied to another Junos device using 'load set terminal' or 'load merge'. This format is specifically designed for merging configurations, as it represents the configuration in a flat, non-hierarchical structure that Junos can parse incrementally.

Exam trap

The trap here is that candidates often confuse 'display set' with 'display inheritance' or 'display json', thinking any output format can be used for merging, but only 'display set' produces a flat, mergeable command sequence that Junos can load directly.

How to eliminate wrong answers

Option A is wrong because 'show configuration | display inheritance' shows inherited configuration values (e.g., from groups or interfaces) but does not output the configuration in a mergeable format; it is used for troubleshooting inheritance, not for exporting configurations. Option B is wrong because 'show configuration | display json' outputs the configuration in JSON format, which is human-readable and useful for automation but is not directly mergeable into Junos via the CLI; Junos does not support loading JSON configuration directly. Option D is wrong because 'show configuration | save /var/tmp/config.txt' saves the configuration in the default hierarchical (set or curly-brace) format to a file, but the output is not inherently in a mergeable 'set' format unless combined with 'display set'; the 'save' command alone does not transform the output.

196
MCQmedium

You are troubleshooting an OSPF issue on a Juniper router. The router has a single interface ge-0/0/1 with IP 10.1.1.1/30 connected to a neighbor with IP 10.1.1.2/30. OSPF is configured area 0. The 'show ospf neighbor' command shows no neighbors. 'show interfaces ge-0/0/1 terse' shows the interface is up. 'show configuration protocols ospf' shows: area 0.0.0.0 { interface ge-0/0/1.0 { passive; } } What is the problem?

A.The OSPF interface is configured as passive
B.The hello timer is too slow
C.Authentication is missing
D.The interface is administratively down
AnswerA

Passive interfaces do not send hellos.

Why this answer

The 'passive' statement under the OSPF interface configuration prevents the router from sending or processing OSPF Hello packets on that interface. Without Hello packets, the router cannot discover neighbors or form adjacencies, which is why 'show ospf neighbor' returns no neighbors even though the interface is operationally up.

Exam trap

The trap here is that candidates often assume 'passive' only prevents the interface from sending routing updates (like in RIP or EIGRP), but in OSPF it blocks all Hello packets, preventing neighbor discovery entirely.

How to eliminate wrong answers

Option B is wrong because the hello timer being too slow would still allow neighbor discovery and adjacency formation, just with longer intervals; it would not result in zero neighbors. Option C is wrong because authentication is not configured in the given output, and its absence does not prevent neighbor discovery unless authentication is required on the neighbor side. Option D is wrong because 'show interfaces ge-0/0/1 terse' shows the interface is up, not administratively down.

197
MCQmedium

An engineer needs to apply a configuration change to the device, but only if the configuration is syntactically correct. Which command should be used before committing?

A.commit
B.commit check
C.commit confirmed
D.show | compare
AnswerB

Validates syntax without committing.

Why this answer

The 'commit check' command validates the candidate configuration for syntax errors without applying it, making it the correct choice when the engineer only wants to verify syntactic correctness before committing. Unlike 'commit', which applies changes immediately, 'commit check' performs the same validation as a commit but stops short of activating the configuration.

Exam trap

The trap here is that candidates confuse 'commit check' with 'commit confirmed', thinking both are safe validation commands, but 'commit confirmed' actually applies the configuration and can cause immediate service impact if the syntax is invalid.

How to eliminate wrong answers

Option A is wrong because 'commit' applies the configuration changes immediately, not just checking syntax; it would activate the changes even if the engineer only wanted validation. Option C is wrong because 'commit confirmed' applies the configuration and sets a rollback timer, which is used for testing changes with automatic rollback, not for a simple syntax check. Option D is wrong because 'show | compare' displays the differences between the candidate and active configurations but does not perform any syntax validation.

198
Multi-Selectmedium

Which two static route options result in traffic being dropped at the router? (Choose two.)

Select 2 answers
A.install
B.reject
C.next-table
D.discard
E.resolve
AnswersB, D

Reject drops traffic and sends ICMP unreachable.

Why this answer

The correct answers are B and D. The 'reject' option drops traffic and sends ICMP unreachable. The 'discard' option drops traffic silently. 'Next-table' forwards to another table. 'Resolve' is used for recursive resolution. 'Install' is not a static route option; it's a flag.

So B and D are correct.

199
MCQmedium

A network engineer is troubleshooting a connectivity issue between two directly connected routers, R1 and R2. Both routers have IP addresses configured on their respective interfaces, and the interfaces are up. However, 'ping 192.168.1.2 source 192.168.1.1' from R1 fails. The engineer checks the routing table on R1 and sees a static route to 0.0.0.0/0 via a different next-hop, but no route for the 192.168.1.0/24 network. What is the most likely cause?

A.The route to the directly connected network is missing from the routing table, possibly because the interface is not properly configured or the link is down.
B.The ARP cache is stale and needs to be cleared.
C.The interface is not configured with an IP address.
D.A security policy is blocking ICMP traffic between the two routers.
AnswerA

A directly connected route appears only when the interface is up and has an IP address. The missing route indicates an interface issue despite being 'up'.

Why this answer

Option C is correct because the directly connected network must be present in the routing table for communication; if there is no route to 192.168.1.0/24, the ping source address is not considered reachable or the destination is not in the routing table. Option A is incorrect because interface state is up, so 'show interfaces terse' would show the addresses. Option B is incorrect because ARP is not a routing table entry.

Option D is incorrect because a security policy is not relevant for directly connected interfaces unless zone configuration is wrong, but the issue is routing.

200
MCQhard

Your company runs a Juniper MX480 router as the core gateway. The router has been experiencing intermittent connectivity issues with a remote site over a point-to-point OC3 link. Users report that the link goes down for a few seconds several times a day. You suspect that the issue might be related to physical layer errors or framing. You need to determine the cause and collect relevant data to present to the service provider. Which course of action should you take first?

A.Run 'monitor interface so-0/0/0' and observe for any CRC errors or alarms over a period of time.
B.Perform a loopback test on the interface using 'test interface so-0/0/0'.
C.Review the system syslog file using 'show log messages' and search for interface down messages.
D.Immediately replace the serial interface card to rule out hardware failure.
AnswerA

Real-time monitoring captures transient physical layer issues.

Why this answer

Option A is correct because 'monitor interface so-0/0/0' provides real-time, continuous display of interface counters and alarms, allowing you to observe CRC errors, framing errors, or alarms (e.g., LOS, LOF) as they occur. This is the most direct way to capture transient physical-layer issues on a SONET/SDH OC3 link without disrupting service, making it the appropriate first step before escalating to the service provider.

Exam trap

The trap here is that candidates may choose the loopback test (Option B) because it is a classic troubleshooting tool, but they overlook that it is an intrusive, out-of-service test that should follow passive monitoring to avoid unnecessary downtime.

How to eliminate wrong answers

Option B is wrong because performing a loopback test ('test interface so-0/0/0') would disrupt live traffic and is typically used for out-of-service troubleshooting after initial data collection, not as a first step. Option C is wrong because reviewing the system syslog ('show log messages') may show interface down messages but lacks the granularity to capture brief, intermittent physical-layer errors like CRC or framing alarms that occur over seconds. Option D is wrong because immediately replacing the serial interface card is a premature and invasive action that should only be taken after diagnostic data (e.g., from monitoring or loopback tests) confirms a hardware fault.

201
MCQmedium

A network engineer configures a static route to 10.0.0.0/8 with a preference of 20. An OSPF internal route to 10.0.0.0/8 has a default preference of 10. Which route will be active in the routing table?

A.Both routes, because they have different protocols.
B.Neither, because of a conflict.
C.The OSPF route, because of lower preference.
D.The static route, because it is manually configured.
AnswerC

Lower preference (10) makes OSPF route preferred over static (20).

Why this answer

The OSPF route has a lower preference (10) than the static route (20), so OSPF is chosen. Option A is incorrect because preference is the deciding factor. Option C is false; only one active route per prefix.

Option D is incorrect.

202
MCQmedium

Your Juniper router is running OSPF with multiple neighbors. You have a prefix 10.10.10.0/24 that is being learned via OSPF from two different routers: Router A with metric 30 and Router B with metric 20. The OSPF route from Router B is active. You want to ensure that traffic to 10.10.10.0/24 uses the path through Router A instead, even though it has a higher metric. You cannot change the OSPF metric on Router A. Which action should you take?

A.Use a routing policy to increase the preference of the OSPF route from Router B.
B.Increase the metric on Router B for that prefix.
C.Use a routing policy to reject the OSPF route from Router A.
D.Configure a static route to 10.10.10.0/24 pointing to Router A.
AnswerA

Increasing preference makes it less preferred, so the route from Router A (with lower preference) becomes active.

Why this answer

In JUNOS, route preference (administrative distance) determines which route is installed in the routing table when multiple protocols or sources provide the same prefix. By default, OSPF internal routes have a preference of 10. You can use a routing policy to increase the preference of the OSPF route from Router B (making it less preferred), which will cause the route from Router A (with its default preference of 10) to become active, even though its metric is higher.

This approach does not require changing the OSPF metric or removing the route from Router A.

Exam trap

The trap here is that candidates often confuse metric (cost) with preference (administrative distance) and think they must change the metric or reject routes, when in fact JUNOS allows preference manipulation via routing policies to influence route selection without altering the OSPF metric.

How to eliminate wrong answers

Option B is wrong because increasing the metric on Router B for that prefix would make the route from Router B even less attractive, but the goal is to prefer Router A; increasing Router B's metric would not help and might break other routing decisions. Option C is wrong because rejecting the OSPF route from Router A would remove the route entirely, but the question states the route from Router A is already not active; rejecting it would not make it active. Option D is wrong because configuring a static route to 10.10.10.0/24 pointing to Router A would install a static route with a default preference of 5, which is lower than OSPF's 10, making it active; however, this is not the best practice and does not leverage OSPF's dynamic capabilities, and the question asks for an action related to OSPF routes, not a static override.

203
Multi-Selecthard

Which THREE steps are typically part of a Junos OS upgrade process?

Select 3 answers
A.Remove the previous image.
B.Add the image using the request system software add command.
C.Commit the configuration.
D.Validate the new image.
E.Reboot the device.
AnswersB, D, E

B is required.

Why this answer

The `request system software add` command is the correct method to initiate a Junos OS upgrade because it stages the new image on the device, performing integrity checks and preparing the system for the next boot. This command is the standard Junos CLI operation for adding a software package, making option B a core step in the upgrade process.

Exam trap

The trap here is that candidates mistakenly think you must delete the old image (option A) or commit the configuration (option C) as part of the upgrade, but Junos handles image management automatically and the commit is unrelated to the software installation process.

204
Multi-Selectmedium

Which two statements about static routes in Junos OS are correct?

Select 2 answers
A.A static route with a next-hop of 127.0.0.1 is an unreachable route.
B.Static routes have a default preference of 5.
C.A static route configured with a next-hop of an interface name (e.g., ge-0/0/0) uses Address Resolution Protocol (ARP) to resolve the next-hop MAC address.
D.A static route with a next-hop of 0.0.0.0 is a discard route.
E.Static routes can have a preference value of 0.
AnswersB, C

Correct: the default preference for static routes is 5.

Why this answer

Option A is correct: static routes have a default preference of 5. Option B is correct: when a static route uses an interface as the next-hop, the router uses ARP to resolve the MAC address of the next-hop. Option C is incorrect: a next-hop of 0.0.0.0 is used for a default route, not a discard route; a discard route uses the 'discard' keyword.

Option D is incorrect: static routes cannot have a preference of 0; preference 0 is reserved for directly connected routes. Option E is incorrect: 127.0.0.1 is a loopback address, but as a next-hop it would require the loopback interface to be specified and is not typically used for unreachable routes.

205
Multi-Selectmedium

Which two commands can be used to monitor real-time interface statistics and errors on a Junos device?

Select 2 answers
A.show interfaces terse
B.show interfaces ge-0/0/0
C.show interfaces extensive ge-0/0/0 | refresh 1
D.monitor interface ge-0/0/0
E.monitor security log
AnswersC, D

With the refresh pipe option, it provides continuous updates of extensive interface statistics.

Why this answer

Option C is correct because the 'show interfaces extensive ge-0/0/0 | refresh 1' command displays detailed interface statistics and errors, and the 'refresh 1' pipe modifier automatically updates the output every second, enabling real-time monitoring. Option D is correct because the 'monitor interface ge-0/0/0' command is specifically designed for real-time monitoring of interface counters and errors, refreshing the display at a default interval of 1 second. Both commands provide live views of interface statistics such as input/output packets, errors, drops, and CRC errors.

Exam trap

The trap here is that candidates often confuse static 'show interfaces' commands (which provide a point-in-time snapshot) with real-time monitoring commands, leading them to select option B instead of the correct real-time options C and D.

206
MCQeasy

Which Junos CLI mode allows a user to view the configuration and execute operational commands, but not make configuration changes?

A.Operational mode
B.Monitor mode
C.Enable mode
D.Configuration mode
AnswerA

Operational mode allows viewing configuration and running operational commands without the ability to modify the configuration.

Why this answer

In Junos OS, Operational mode (indicated by the `>` prompt) allows users to execute operational commands (e.g., `show`, `ping`, `traceroute`) and view the active configuration using `show configuration`, but it does not permit any changes to the configuration. Configuration changes require entering Configuration mode (indicated by the `#` prompt) via the `configure` command. This separation enforces a strict two-tier access model, ensuring that operational tasks do not inadvertently alter the device's configuration.

Exam trap

The trap here is that candidates familiar with Cisco IOS may confuse 'Enable mode' (which grants configuration privileges in Cisco) with Junos's Operational mode, not realizing that Junos uses a completely different two-tier model where Operational mode is read-only and Configuration mode is required for any changes.

How to eliminate wrong answers

Option B (Monitor mode) is wrong because Junos does not have a 'Monitor mode'; this term is a distractor that might be confused with Cisco's monitor mode for software upgrades or with the `monitor` operational command used for real-time interface traffic viewing. Option C (Enable mode) is wrong because 'Enable mode' is a Cisco IOS concept that provides privileged access for configuration changes; Junos uses a different paradigm with distinct Operational and Configuration modes. Option D (Configuration mode) is wrong because this mode (indicated by the `#` prompt) is specifically designed for making configuration changes, not for viewing the configuration or executing operational commands without the ability to modify settings.

207
Multi-Selectmedium

Which three commands can be used to view system log messages? (Choose three.)

Select 3 answers
A.show system syslog
B.show log messages
C.monitor start messages
D.show log dm
E.tail -f /var/log/messages
AnswersB, C, D

Displays messages log file.

Why this answer

Option B is correct because the 'show log messages' command displays the contents of the /var/log/messages file, which is the primary system log file on Junos OS. This file contains kernel messages, system startup events, and other critical operational logs, making it a standard way to view system log messages.

Exam trap

The trap here is that candidates may confuse the Unix shell command 'tail -f /var/log/messages' with a valid Junos CLI command, or assume 'show system syslog' is a valid operational command when it is actually a configuration context command.

208
MCQmedium

After a software upgrade, a router fails to boot with the new image. The engineer suspects the image is corrupted. What is the recommended method to recover?

A.Insert the rescue media and boot from it, then reinstall the image
B.Delete the current configuration and reboot
C.Reboot the router multiple times
D.Use the request system software add command with the force option
AnswerA

Standard recovery procedure.

Why this answer

When a Junos OS image is corrupted and the router fails to boot, the recommended recovery method is to boot from rescue media (such as a USB flash drive or a pre-configured rescue partition) and then reinstall the correct image. This bypasses the corrupted software on the internal storage and provides a clean environment for recovery, ensuring the router can be restored to a functional state.

Exam trap

The trap here is that candidates may think the 'request system software add' command with the 'force' option can recover a corrupted image while the router is still booting, but this command requires a running Junos OS, which is unavailable when the image is corrupted.

How to eliminate wrong answers

Option B is wrong because deleting the current configuration does not address a corrupted image; the router cannot boot without a valid OS, and configuration is irrelevant at this stage. Option C is wrong because rebooting multiple times will not repair a corrupted image; it only repeats the same boot failure. Option D is wrong because the 'request system software add' command requires the router to be booted and operational, which is impossible if the image is corrupted and the router cannot boot; the 'force' option does not bypass the need for a running system.

209
MCQmedium

A technician is troubleshooting a device that has an inconsistent configuration. They need to revert to the configuration that was committed exactly two commits ago. Which command sequence accomplishes this?

A.rollback 2
B.rollback 2 followed by commit
C.commit confirmed 2
D.rollback 3
AnswerB

rollback 2 loads the candidate from the second previous commit; commit activates it.

Why this answer

Option B is correct because the `rollback 2` command reverts the candidate configuration to the state it was in two commits ago, but the change is not applied until a `commit` is issued. This two-step sequence (rollback followed by commit) is required to make the reverted configuration active. Without the commit, the device continues running the current active configuration.

Exam trap

The trap here is that candidates often assume `rollback 2` alone immediately reverts the active configuration, forgetting that Junos requires an explicit `commit` to apply candidate changes.

How to eliminate wrong answers

Option A is wrong because `rollback 2` alone only loads the configuration from two commits ago into the candidate configuration; it does not commit it, so the device continues to operate with the current active configuration. Option C is wrong because `commit confirmed 2` is used to automatically roll back after 2 minutes if not confirmed, not to revert to a configuration from two commits ago. Option D is wrong because `rollback 3` reverts to the configuration from three commits ago, not two commits ago.

210
MCQeasy

Which command saves the current operational state information to a file that can be provided to Juniper support for troubleshooting?

A.request support information
B.monitor traffic
C.show system information
D.file copy
AnswerA

This command gathers operational data into a file for support.

Why this answer

The 'request support information' command collects a comprehensive snapshot of the current operational state, including configuration, logs, routing tables, and interface statistics, and packages it into a file (e.g., /var/tmp/support-info-date-time.tgz) that can be directly provided to Juniper support for troubleshooting. This is the standard Junos method for gathering diagnostic data.

Exam trap

The trap here is that candidates may confuse 'show system information' with a support data collection tool, not realizing it only displays a brief summary and does not generate a comprehensive, saveable file for support.

How to eliminate wrong answers

Option B is wrong because 'monitor traffic' is used for real-time packet capture and display, not for saving a static snapshot of operational state to a file. Option C is wrong because 'show system information' displays basic system details like uptime and model but does not save the output to a file or collect the comprehensive data set needed for support. Option D is wrong because 'file copy' is a generic command for copying files between locations and does not generate or collect operational state information.

211
MCQmedium

A network engineer wants to schedule a reboot of a Juniper device at 3:00 AM. Which command should be used?

A.request system configuration rescue save
B.request system reboot
C.request system reboot at 03:00
D.load override /config/juniper.conf.gz
AnswerC

Schedules reboot at specified time.

Why this answer

Option C is correct because the 'request system reboot at 03:00' command schedules a one-time reboot of the Juniper device at the specified time (3:00 AM). The 'at' parameter allows the engineer to set an absolute time for the reboot, which is the exact requirement for scheduling a reboot at a specific future time.

Exam trap

The trap here is that candidates often confuse 'request system reboot' (immediate reboot) with 'request system reboot at' (scheduled reboot), or they mistakenly think that loading a configuration file will trigger a reboot.

How to eliminate wrong answers

Option A is wrong because 'request system configuration rescue save' is used to save the current active configuration as a rescue configuration, which can be used to recover the device if the configuration becomes corrupted; it does not schedule or perform a reboot. Option B is wrong because 'request system reboot' without any time parameter triggers an immediate reboot of the device, not a scheduled reboot at 3:00 AM. Option D is wrong because 'load override /config/juniper.conf.gz' is a configuration mode command used to replace the current candidate configuration with the configuration stored in the specified file; it does not schedule or initiate a reboot.

212
MCQhard

A network engineer is troubleshooting OSPF adjacencies between two Juniper routers. The routers are directly connected and have matching OSPF configurations except for the router IDs. Router A has router-id 10.0.0.1, Router B has router-id 10.0.0.2. The adjacency remains in the EXSTART state. What is the most likely cause?

A.The MTU on the interface is mismatched.
B.The router IDs are not the same.
C.The area ID is not configured.
D.The hello and dead intervals are mismatched.
AnswerA

A mismatch in MTU can prevent OSPF from exchanging DD packets, causing the adjacency to remain in EXSTART.

Why this answer

The EXSTART state indicates that the routers have progressed past the 2-Way state and are attempting to exchange Database Description (DBD) packets. A common cause for getting stuck in EXSTART is an MTU mismatch, because OSPF uses the interface MTU to determine the maximum size of DBD packets. If Router A's MTU is larger than Router B's, Router B will drop the oversized DBD packet and the adjacency will remain in EXSTART.

Exam trap

The trap here is that candidates often assume mismatched hello/dead intervals are the cause of any adjacency problem, but those issues manifest earlier (at the 2-Way state), while EXSTART specifically points to MTU or DBD packet exchange problems.

How to eliminate wrong answers

Option B is wrong because OSPF requires router IDs to be unique within an OSPF domain; having different router IDs (10.0.0.1 and 10.0.0.2) is correct and does not prevent adjacency formation. Option C is wrong because if the area ID were not configured, the routers would not even reach the EXSTART state; they would fail at the 2-Way or Init state due to mismatched area IDs in Hello packets. Option D is wrong because mismatched hello/dead intervals would cause the adjacency to stall at the 2-Way state (or prevent reaching 2-Way), not at EXSTART, as these parameters are checked in Hello packets before neighbor state progression.

213
MCQeasy

A network engineer needs to make a change to a Junos device and ensure the change can be reverted if it causes issues. Which feature should be used?

A.configure exclusive
B.commit confirmed
C.commit check
D.rollback 0
AnswerB

'commit confirmed' commits with an automatic rollback if not confirmed within the timeout period.

Why this answer

The `commit confirmed` command allows an engineer to commit a configuration change with a timer (default 10 minutes). If the change causes issues and the engineer does not confirm the commit within the timer, the device automatically reverts to the previous active configuration. This provides a safety net to revert changes without manual intervention.

Exam trap

The trap here is that candidates may confuse `commit confirmed` with `rollback 0`, thinking both revert changes, but `rollback 0` is a manual step that does not provide automatic, time-based reversion.

How to eliminate wrong answers

Option A is wrong because `configure exclusive` locks the candidate configuration to a single user, preventing others from making changes, but it does not provide any automatic rollback mechanism if the change causes issues. Option C is wrong because `commit check` validates the syntax and semantics of the candidate configuration without committing it; it does not revert a change after it has been applied. Option D is wrong because `rollback 0` reverts to the most recently committed configuration, but this is a manual action and does not provide an automatic, time-based revert if the change causes issues.

214
MCQeasy

Which command displays the current hostname of a Junos device?

A.show system host-name
B.show chassis hardware
C.show configuration system host-name
D.show system uptime
AnswerA

This command shows the configured hostname.

Why this answer

The command 'show system host-name' is the correct operational mode command to display the current hostname configured on a Junos device. It retrieves the hostname from the active configuration and displays it in the output, confirming the device's identity on the network.

Exam trap

The trap here is that candidates confuse 'show configuration system host-name' (which shows the configuration stanza) with the operational command 'show system host-name', leading them to choose the configuration-oriented option instead of the direct operational display command.

How to eliminate wrong answers

Option B is wrong because 'show chassis hardware' displays hardware components such as chassis, backplane, and FRUs (e.g., RE, FPC, PIC), not the hostname. Option C is wrong because 'show configuration system host-name' displays the hostname configuration statement from the candidate or active configuration, but it is a configuration mode command (or requires '| display set' in operational mode) and does not directly show the current operational hostname in a single-line output like 'show system host-name'. Option D is wrong because 'show system uptime' displays system uptime, load averages, and time since last reboot, not the hostname.

215
MCQhard

You are a junior network engineer at a company that uses Juniper MX routers. You are troubleshooting a connectivity issue on a branch router. The branch router has two upstream links to the corporate network: ge-0/0/0 (10.1.1.1/30, connected to core router A) and ge-0/0/1 (10.1.1.5/30, connected to core router B). The branch router runs OSPF and has a default route learned from both upstream routers. The routing table shows two equal-cost default routes via both next hops. However, traffic from the branch to the corporate network is experiencing intermittent high latency and some packet loss. You suspect that asymmetric routing is causing issues because the return traffic is not following the same path. You want to influence the router to prefer one upstream link for all traffic to the corporate network. You have decided to adjust the OSPF metric on the branch router to make the link to core router A more preferred. You are in configuration mode on the branch router. Which single configuration change will accomplish this goal?

A.set interfaces ge-0/0/1 unit 0 family inet cost 200
B.set protocols ospf area 0 interface ge-0/0/1 passive
C.set protocols ospf area 0 interface ge-0/0/1 metric 200
D.set interfaces lo0 unit 0 family inet address 10.0.0.1/32 metric 100
AnswerC

Increasing the metric on ge-0/0/1 makes it less preferred, so traffic will use ge-0/0/0.

Why this answer

Option C is correct because setting the OSPF metric on interface ge-0/0/1 to a higher value (200) increases the cost of that link, making the default route via ge-0/0/0 (which retains the default OSPF metric of 1 on a Gigabit Ethernet interface) more preferred. This influences the branch router to use the lower-cost path through core router A for all traffic to the corporate network, resolving asymmetric routing issues.

Exam trap

The trap here is that candidates often confuse the 'metric' configuration under the OSPF protocol hierarchy with the 'cost' parameter under interfaces, or mistakenly think that making an interface passive or adjusting loopback metrics will influence OSPF path selection.

How to eliminate wrong answers

Option A is wrong because the 'cost' parameter is not a valid configuration statement under 'set interfaces'; OSPF cost is configured under the OSPF protocol hierarchy, not directly on the interface. Option B is wrong because setting the interface to 'passive' prevents OSPF from sending or receiving hello packets on that interface, which would break OSPF adjacency entirely, rather than simply adjusting path preference. Option D is wrong because the 'metric' statement under the loopback interface is used for static routes or other protocols, not for OSPF interface cost; OSPF uses a cost value derived from interface bandwidth or explicitly set under 'protocols ospf'.

216
MCQmedium

A company uses a Juniper MX router to connect two branch offices via a point-to-point link. The link is flapping. Which command would you use to check the interface errors on the link?

A.show log messages
B.show interfaces ge-0/0/0 extensive
C.show configuration interfaces ge-0/0/0
D.show interfaces ge-0/0/0 terse
AnswerB

Extensive output includes error counters and statistics.

Why this answer

The 'show interfaces ge-0/0/0 extensive' command provides detailed interface statistics, including error counters such as CRC errors, frame errors, and link state transitions. This is the most comprehensive command to diagnose why a point-to-point link is flapping, as it reveals physical-layer issues that cause the interface to go up/down repeatedly.

Exam trap

The trap here is that candidates often choose 'show interfaces terse' thinking it shows errors, but it only displays administrative and operational status without the detailed error statistics needed to diagnose flapping.

How to eliminate wrong answers

Option A is wrong because 'show log messages' displays system log messages, which may include interface events but does not provide detailed per-interface error counters needed to diagnose flapping. Option C is wrong because 'show configuration interfaces ge-0/0/0' only displays the current configuration of the interface, not real-time error statistics or operational state. Option D is wrong because 'show interfaces ge-0/0/0 terse' shows a concise summary of interface status (up/down) and IP addresses, but omits error counters and detailed physical-layer information required to identify the cause of flapping.

217
MCQeasy

A router has a directly connected route to 10.10.10.0/24 on interface ge-0/0/0.0, a static route to the same prefix with next-hop 192.168.1.1, and an OSPF route to the same prefix. Which route is active in the routing table?

A.The static route
B.No route is active due to multiple routes
C.The OSPF route
D.The directly connected route
AnswerD

Direct routes have preference 0, which is the lowest possible, so they are always preferred.

Why this answer

The correct answer is A. Directly connected routes have a preference of 0, which is the lowest and therefore always preferred when the interface is up. Static routes have preference 5, OSPF internal has 10.

So the direct route wins. Options B, C, and D are incorrect because none can beat a direct route.

218
Multi-Selecteasy

Which TWO statements about route preferences in Junos are correct?

Select 2 answers
A.The preference of a route cannot be changed.
B.Direct routes have a default preference of 0.
C.OSPF internal routes have a default preference of 10.
D.Static routes have a default preference of 10.
E.BGP routes have a default preference of 200.
AnswersB, C

Correct: Direct routes have preference 0.

Why this answer

Default route preferences: direct = 0, static = 5, OSPF internal = 10, BGP = 170. Preferences can be changed using routing policies.

219
Multi-Selecthard

Which TWO statements about Juniper's implementation of static routes are correct? (Choose two.)

Select 2 answers
A.The default preference for static routes is 5.
B.Static routes always have a metric of 1.
C.Static routes are automatically redistributed into OSPF.
D.Static routes can have a next-hop of 'discard'.
E.The default preference for static routes is 170.
AnswersA, D

Junos assigns a default preference of 5 to static routes.

Why this answer

Option A is correct because in Juniper's Junos OS, the default preference (administrative distance) for static routes is 5. This value indicates that static routes are highly trusted, only surpassed by directly connected routes (preference 0). This is a Juniper-specific default, differing from Cisco's default of 1 for static routes.

Exam trap

The trap here is that candidates familiar with Cisco's IOS, where static routes have a default administrative distance of 1, may incorrectly assume Juniper uses the same value, or they may confuse the Juniper static route preference (5) with BGP's preference (170) listed in Option E.

220
MCQmedium

Refer to the exhibit. How many static default routes are configured?

A.1
B.0
C.3
D.2
AnswerD

Two static routes for 0.0.0.0/0 with different preferences.

Why this answer

Option D is correct because the exhibit shows two static routes with a next-hop of 0.0.0.0, which are static default routes. In JUNOS, a static default route is defined by a destination prefix of 0.0.0.0/0 (or ::/0 for IPv6). The configuration lists two such routes, each with a different next-hop address, confirming two static default routes.

Exam trap

The trap here is that candidates may miscount the number of default routes by including non-default static routes (e.g., 10.0.0.0/8) or by overlooking that a default route must have a prefix length of /0, leading to an incorrect count.

How to eliminate wrong answers

Option A is wrong because it claims only one static default route is configured, but the exhibit clearly shows two entries with destination 0.0.0.0/0. Option B is wrong because it states zero static default routes are configured, ignoring the two explicit 0.0.0.0/0 routes present. Option C is wrong because it suggests three static default routes, but only two routes with destination 0.0.0.0/0 are shown; the third route listed has a different destination (e.g., 10.0.0.0/8) and is not a default route.

221
MCQhard

An engineer needs to check if the device has any pending changes that have not been committed. Which operational command should they run?

A.show system configuration
B.show system rollback
C.show configuration | compare
D.show system commit
AnswerC

Shows uncommitted configuration differences.

Why this answer

Option C is correct because the 'show configuration | compare' command displays the differences between the candidate configuration (changes made but not yet committed) and the active configuration. This allows the engineer to see any pending changes that have not been committed, which is exactly what the question asks.

Exam trap

The trap here is that candidates often confuse 'show system commit' (which shows commit history) with showing pending changes, or they think 'show configuration' alone shows uncommitted changes, but without the '| compare' pipe it only shows the active configuration.

How to eliminate wrong answers

Option A is wrong because 'show system configuration' is not a valid Junos operational command; the correct command to view the active configuration is 'show configuration'. Option B is wrong because 'show system rollback' displays a list of previous committed configurations (rollback snapshots), not pending uncommitted changes. Option D is wrong because 'show system commit' shows the commit history (log of past commits), not any uncommitted changes in the candidate configuration.

222
MCQhard

During a network traffic storm, a Juniper EX switch's CPU utilization spikes to 100%. Which command would best help identify the cause?

A.monitor traffic interface ge-0/0/0
B.show spanning-tree bridge
C.show ethernet-switching table
D.show interfaces extensive ge-0/0/0
AnswerA

This command captures packets on an interface, helping identify the type and source of the storm.

Why this answer

Option A is correct because the 'monitor traffic interface' command captures live packet headers on the specified interface, allowing you to see the type and source of traffic causing the CPU spike. During a traffic storm (e.g., broadcast storm), this command reveals excessive broadcast, multicast, or unknown unicast frames, which are typically the root cause of high CPU utilization on Juniper EX switches.

Exam trap

The trap here is that candidates often confuse 'show interfaces extensive' (which shows error counters like CRC errors or giants) with the ability to see live traffic, but it only provides historical statistics, not the packet-level detail needed to pinpoint the storm's source.

How to eliminate wrong answers

Option B is wrong because 'show spanning-tree bridge' displays STP bridge parameters and port roles, which help diagnose Layer 2 loops but not the specific traffic types or sources causing a CPU storm. Option C is wrong because 'show ethernet-switching table' shows MAC address entries and their associated interfaces, which is useful for verifying forwarding tables but does not reveal real-time traffic patterns or packet contents. Option D is wrong because 'show interfaces extensive' provides detailed interface statistics and errors, but it does not capture live packet data; it only shows counters and historical data, not the actual traffic causing the CPU spike.

223
MCQeasy

During a maintenance window, an engineer makes critical changes and wants the configuration to automatically revert if they lose connectivity. Which command should they use before committing?

A.commit
B.commit confirmed
C.commit check
D.commit at
AnswerB

commit confirmed adds a safety net; if not confirmed, it rolls back.

Why this answer

Option B, 'commit confirmed', is correct because it allows the engineer to commit a configuration change with a default 10-minute rollback timer. If the engineer loses connectivity and does not confirm the commit within that period, the system automatically reverts to the previous configuration, ensuring the device remains reachable.

Exam trap

The trap here is that candidates may confuse 'commit confirmed' with 'commit check', thinking syntax validation alone provides safety, or they may assume 'commit at' offers automatic rollback, but neither command includes the confirmation-based rollback mechanism that 'commit confirmed' provides.

How to eliminate wrong answers

Option A is wrong because 'commit' applies the configuration permanently with no automatic rollback, which could leave the device unreachable if the changes break connectivity. Option C is wrong because 'commit check' only validates the syntax of the configuration without committing it, so it does not provide any automatic rollback mechanism. Option D is wrong because 'commit at' schedules a commit at a specific time but does not include a confirmation or automatic rollback feature if connectivity is lost.

224
Multi-Selectmedium

Which TWO commands can be used to view the current running configuration?

Select 2 answers
A.show configuration | display inheritance
B.show configuration | display set
C.show configuration | match
D.show configuration
E.show configuration | compare
AnswersB, D

Displays the configuration as a series of set commands.

Why this answer

Option B is correct because the 'show configuration | display set' command outputs the current active configuration in 'set' format, which is a flat, line-by-line representation of configuration statements. Option D is correct because 'show configuration' without any pipe modifier displays the entire running configuration in its native hierarchical format. Both commands allow you to view the current running configuration, just in different presentation styles.

Exam trap

The trap here is that candidates confuse pipe modifiers like 'display inheritance' or 'compare' as valid ways to view the current configuration, when in fact they either add inherited data or compare revisions, not display the running config as-is.

225
MCQhard

A network engineer needs to analyze NTP synchronization status and offset. Which command provides detailed NTP peer information including delay, offset, and jitter?

A.show ntp statistics
B.show ntp associations
C.show ntp status
D.show ntp peer
AnswerB

Displays peer address, delay, offset, jitter, and stratum.

Why this answer

The 'show ntp associations' command displays detailed NTP peer information, including delay, offset, and jitter, which are essential for analyzing synchronization status. This command lists all configured NTP peers and their current state, providing the specific metrics needed to assess clock accuracy and stability.

Exam trap

The trap here is that candidates familiar with Cisco IOS may expect 'show ntp peer' to work, but Junos uses 'show ntp associations' for the same detailed peer information, while 'show ntp peer' is not a valid command.

How to eliminate wrong answers

Option A is wrong because 'show ntp statistics' displays NTP packet statistics (e.g., packets sent/received, dropped) rather than per-peer delay, offset, and jitter. Option C is wrong because 'show ntp status' shows the local NTP daemon status (e.g., clock stratum, reference ID) but not detailed peer-level metrics. Option D is wrong because 'show ntp peer' is not a valid Junos command; the correct command for peer details is 'show ntp associations'.

Page 2

Page 3 of 7

Page 4

All pages