Juniper Networks Certified Associate Junos JNCIA-Junos (JNCIA-JUNOS) — Questions 226300

514 questions total · 7pages · All types, answers revealed

Page 3

Page 4 of 7

Page 5
226
MCQhard

After upgrading Junos, a router fails to boot with a file system error. The admin needs to recover the system from the backup partition. Which key should be pressed during boot to access the boot menu?

A.Ctrl+C
B.Esc
C.Enter
D.Space
AnswerD

Correctly invokes the boot loader menu to choose an alternate partition.

Why this answer

Option D is correct because pressing the Space bar during the boot process on a Juniper device interrupts the normal boot sequence and presents the boot menu. From this menu, the administrator can select the backup Junos partition (typically labeled as '1' or 'backup') to recover the system when the primary partition has a file system error.

Exam trap

The trap here is that candidates familiar with Cisco IOS might confuse the Juniper boot menu access (Space bar) with Cisco's Ctrl+Break or other interrupt keys, leading them to select Ctrl+C or Esc incorrectly.

How to eliminate wrong answers

Option A is wrong because Ctrl+C is used to abort the current command in the Junos CLI, not to access the boot menu during system startup. Option B is wrong because the Esc key is not used for boot menu access on Juniper devices; it may be used in other contexts like editing CLI commands. Option C is wrong because pressing Enter during boot simply continues the normal boot process without interrupting it, which would not allow selection of the backup partition.

227
Multi-Selectmedium

Which TWO statements are correct about the 'monitor interface' command?

Select 2 answers
A.It displays output in real-time
B.It shows a static snapshot
C.It can be terminated with Ctrl+C
D.It requires a 'start' parameter
E.It provides historical statistics
AnswersA, C

Continuously updates with new data.

Why this answer

The 'monitor interface' command in Junos OS displays real-time statistics for the specified interface, updating continuously until the user terminates it. This is why option A is correct: it provides a live, dynamic view of interface counters like packets, errors, and bandwidth utilization.

Exam trap

The trap here is that candidates confuse 'monitor interface' with 'show interface' — the former is real-time and continuous, while the latter provides a static snapshot at a single point in time.

228
MCQeasy

An administrator needs to quickly revert all uncommitted configuration changes and return the device to the last committed configuration. Which command accomplishes this?

A.rollback 0
B.delete configuration
C.load override
D.rollback 1
AnswerA

Reverts the candidate configuration to the last committed configuration.

Why this answer

The command 'rollback 0' reverts all uncommitted configuration changes and returns the device to the last committed configuration. In Junos, the rollback command uses a numeric argument to specify which previous configuration to load, with 0 always referring to the most recently committed configuration. This effectively discards any pending changes in the candidate configuration without requiring a commit.

Exam trap

The trap here is that candidates often confuse 'rollback 0' with 'rollback 1', mistakenly thinking rollback 1 reverts to the last committed configuration, when in fact rollback 0 is the correct index for the most recent commit, and rollback 1 refers to the configuration before that.

How to eliminate wrong answers

Option B is wrong because 'delete configuration' is not a valid Junos command; the correct approach to remove all configuration is to use 'delete' within configuration mode on specific hierarchies or use 'load override terminal' with an empty configuration, not a single command. Option C is wrong because 'load override' replaces the entire candidate configuration with a specified file or terminal input, but it does not automatically revert to the last committed configuration; it requires an explicit source (e.g., a file) and does not default to rollback 0. Option D is wrong because 'rollback 1' reverts to the configuration that was committed before the most recent commit (i.e., the previous committed configuration), not the last committed one, so it would not discard uncommitted changes if the candidate has not been committed.

229
MCQmedium

Refer to the exhibit. An engineer sees that the interface ge-0/0/0 has 'Admin up' and 'Link up'. What does this indicate?

A.The interface is administratively down.
B.The interface is a loopback interface.
C.The interface has an IPv6 address only.
D.The interface is up and the physical link is up.
AnswerD

Admin up means enabled; Link up means physical connection is active.

Why this answer

When an interface shows 'Admin up' and 'Link up', it means the interface has been administratively enabled (no 'shutdown' command applied) and the physical layer has detected a carrier signal from the connected device. In Junos, this is the normal operational state for a functioning interface, confirming that both the administrative configuration and the physical link are active.

Exam trap

The trap here is that candidates may confuse 'Admin up' with 'Link up', thinking one implies the other, or incorrectly assume 'Admin up' alone means the interface is fully operational, when in fact both must be 'up' for traffic to flow.

How to eliminate wrong answers

Option A is wrong because 'Admin up' explicitly indicates the interface is administratively enabled, not down. Option B is wrong because loopback interfaces are virtual (lo0) and do not have physical link states like 'Link up'; they are always logically up unless administratively disabled. Option C is wrong because the presence of an IPv6 address is unrelated to the administrative or link status; an interface can have an IPv6 address and still show 'Admin up' and 'Link up'.

230
Matchingmedium

Match each Junos file system directory to its content.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Configuration files

Log files

Temporary files

Runtime state files

Alternate root filesystem for backup

Why these pairings

These are key directories in the Junos file system.

231
MCQhard

Refer to the exhibit. What does this output indicate?

A.There is a syntax error.
B.The commit succeeded.
C.The configuration is identical.
D.The candidate configuration differs from the active configuration.
AnswerD

The '+' and '-' lines show changes between candidate and active.

Why this answer

The output shows the 'show | compare' command, which displays the differences between the candidate configuration and the active (committed) configuration. The presence of lines prefixed with '+' (additions) and '-' (deletions) indicates that the candidate configuration is not identical to the active configuration, confirming that they differ.

Exam trap

The trap here is that candidates may confuse the 'show | compare' output with a commit confirmation or syntax check, when in fact it only indicates that uncommitted changes exist in the candidate configuration.

How to eliminate wrong answers

Option A is wrong because a syntax error would be reported by the commit check or commit command, not by the 'show | compare' output, which only shows configuration differences. Option B is wrong because a successful commit would make the candidate configuration identical to the active configuration, resulting in no output from 'show | compare'. Option C is wrong because if the configuration were identical, the 'show | compare' command would produce no output (empty), but the exhibit shows lines with '+' and '-', indicating differences.

232
MCQhard

An engineer is implementing VLAN trunking between two Juniper EX switches. Which statement about native VLANs on a trunk is correct?

A.The native VLAN cannot be changed after initial configuration.
B.Frames in the native VLAN are always tagged with the VLAN ID on the trunk.
C.The native VLAN must be the same as the management VLAN.
D.Untagged frames arriving on a trunk port are assigned to the native VLAN.
AnswerD

That is the definition of native VLAN.

Why this answer

On Juniper EX switches, a trunk port can accept both tagged and untagged frames. Untagged frames received on a trunk port are automatically assigned to the native VLAN, which by default is VLAN 1. This behavior is defined by the IEEE 802.1Q standard, where the native VLAN is the only VLAN that can carry untagged traffic on a trunk link.

Exam trap

The trap here is that candidates often confuse the native VLAN behavior with Cisco's default where the native VLAN is VLAN 1 and is untagged, but they may incorrectly assume that all frames on a trunk are always tagged, leading them to select option B.

How to eliminate wrong answers

Option A is wrong because the native VLAN can be changed after initial configuration using the 'native-vlan-id' statement under the interface configuration. Option B is wrong because frames in the native VLAN are sent untagged on the trunk (unless explicitly configured otherwise), not always tagged. Option C is wrong because the native VLAN is not required to be the same as the management VLAN; they serve different purposes and can be configured independently.

233
MCQeasy

You are managing a small enterprise network with one Juniper router and two switches. The router connects to an ISP via ge-0/0/0 and to the internal network via ge-0/0/1. The internal network uses the 192.168.1.0/24 subnet. You need to configure a default route on the router to send all Internet-bound traffic to the ISP gateway at 203.0.113.1. You also want to ensure that internal hosts can reach the Internet. After configuring the default route, you test connectivity from a host on the internal network to an external website, but the ping fails. You verify that the host has an IP address of 192.168.1.100/24 and a default gateway of 192.168.1.1 (the router's internal interface). On the router, you run 'show route 0.0.0.0/0' and see the default route active. You also run 'ping 203.0.113.1' from the router and it succeeds. However, pinging from the host to the ISP gateway fails. What is the most likely cause?

A.DNS resolution is failing on the host.
B.The host's default gateway is incorrectly configured.
C.The default route is not active on the router.
D.Proxy ARP is not enabled on the router's internal interface.
AnswerD

Without proxy ARP, the router does not respond to ARP requests for the ISP gateway, so the host cannot resolve the next-hop MAC.

Why this answer

Option D is correct because the host's default gateway (192.168.1.1) is correctly configured, and the router has a working default route to the ISP gateway (203.0.113.1). However, when the host sends a ping to an external IP (e.g., the ISP gateway), the router receives the packet on ge-0/0/1 and routes it out ge-0/0/0. The reply from 203.0.113.1 arrives back at the router's ge-0/0/0, but the router does not have a route for the host's source IP (192.168.1.100) in its routing table (since it's directly connected to ge-0/0/1, but the router needs to send an ARP request for that IP on ge-0/0/1).

If Proxy ARP is not enabled on ge-0/0/1, the router will not respond to ARP requests for the host's IP, so the reply packet cannot be delivered to the host. Proxy ARP allows the router to answer ARP requests on behalf of hosts that are not on the same subnet, which is necessary here because the ISP gateway's reply is destined to 192.168.1.100, and the router must act as a proxy to forward that reply to the correct host.

Exam trap

The trap here is that candidates often assume the default route or host gateway is misconfigured, but the real issue is the router's inability to forward return traffic to the host due to missing Proxy ARP, which is a subtle Layer 2-to-Layer 3 interaction.

How to eliminate wrong answers

Option A is wrong because DNS resolution is not required for a ping to an IP address; the ping command uses the IP directly, so DNS failure would not cause the ping to fail. Option B is wrong because the host's default gateway is correctly set to 192.168.1.1, which is the router's internal interface IP; this is verified by the host having an IP of 192.168.1.100/24 and the router's ge-0/0/1 being on the same subnet. Option C is wrong because the 'show route 0.0.0.0/0' command confirmed the default route is active on the router, and the ping from the router to 203.0.113.1 succeeded, proving the route is functional.

234
Multi-Selecthard

Which three statements about JunOS CLI pipe commands are true? (Choose three.)

Select 3 answers
A.The '| match' pipe filter displays lines that match a regular expression.
B.The '| count' pipe filter counts the number of lines in the output.
C.The '| except' pipe filter displays lines that do not match a regular expression.
D.The '| resolve' pipe filter resolves IP addresses to hostnames.
E.The '| display set' pipe filter converts operational output to set format.
AnswersA, B, C

This is a fundamental use of the pipe filter.

Why this answer

Option A is correct because the '| match' pipe filter in JunOS uses a regular expression to display only those lines in the output that contain a match. This is a standard filtering mechanism that allows operators to quickly isolate relevant configuration or operational data without scrolling through entire command output.

Exam trap

The trap here is that candidates often confuse '| resolve' with DNS resolution of addresses in the output, but it only performs reverse lookups and does not modify the output format or filter lines.

235
MCQeasy

An administrator makes changes to the candidate configuration and wants to automatically revert to the previous configuration if the changes cause a loss of connectivity. Which method should be used?

A.Use the 'commit check' command.
B.Use the 'commit synchronize' command.
C.Use the 'rollback' command.
D.Use the 'commit confirmed' command.
AnswerD

Automatically rolls back if not confirmed.

Why this answer

The 'commit confirmed' command is the correct method because it allows an administrator to commit a candidate configuration with a confirmation timeout (default 10 minutes). If connectivity is lost and the commit is not confirmed within the timeout, Junos automatically reverts to the previous configuration, ensuring the device remains reachable.

Exam trap

The trap here is that candidates confuse 'commit confirmed' with 'commit check' or 'rollback', not realizing that 'commit confirmed' is the only option that provides an automatic, time-based reversion mechanism specifically designed to prevent loss of connectivity.

How to eliminate wrong answers

Option A is wrong because 'commit check' only validates the syntax and semantics of the candidate configuration without committing it, so it cannot automatically revert changes. Option B is wrong because 'commit synchronize' is used on a Junos cluster to commit the configuration on both nodes simultaneously, not to provide automatic rollback on connectivity loss. Option C is wrong because 'rollback' is a manual command that reverts to a previously committed configuration, but it does not provide automatic reversion upon connectivity loss.

236
MCQmedium

A network administrator is implementing OSPF on a Juniper MX router. During verification, the OSPF adjacency does not come up. The interfaces have correct IP addresses and are up. What is the most likely cause?

A.The router ID is not in the same subnet as the interface.
B.The interface MTU does not match between the two routers.
C.The VLAN tag is missing on the interface.
D.The max-lsa limit has been reached.
AnswerB

MTU mismatch prevents OSPF from forming adjacency.

Why this answer

In OSPF, the interface MTU must match between neighbors for the adjacency to form. When a router receives a Database Description (DBD) packet with the 'More' bit set but the packet size exceeds the receiving interface's MTU, the packet is silently dropped, preventing the adjacency from progressing beyond the ExStart state. This is a common issue on Juniper MX routers when connecting to devices with different MTU configurations.

Exam trap

The trap here is that candidates often assume OSPF adjacency issues are always due to IP addressing or authentication mismatches, overlooking the MTU mismatch which is a subtle but common cause, especially in multi-vendor environments where default MTU values may differ.

How to eliminate wrong answers

Option A is wrong because the router ID is a 32-bit identifier used to uniquely identify the router in the OSPF domain; it does not need to be in the same subnet as any interface and has no bearing on adjacency formation. Option C is wrong because a missing VLAN tag would cause the interface to be down or unable to communicate at Layer 2, but the question states the interfaces are up and have correct IP addresses, so Layer 2 connectivity is intact. Option D is wrong because the max-lsa limit is a protection mechanism that prevents a router from accepting more LSAs than configured; it does not prevent an adjacency from forming, though it could cause the adjacency to flap if the limit is exceeded after the adjacency is established.

237
MCQmedium

A network engineer is troubleshooting connectivity between two directly connected Juniper routers. The interface on Router A shows 'up' but no packets are being received from Router B. Which command should the engineer use on Router A to check if the interface is expecting to receive a specific encapsulation type?

A.show interfaces extensive
B.show interfaces terse
C.show configuration interfaces
D.monitor traffic interface
AnswerB

Displays interface status and encapsulation type.

Why this answer

Option B is correct because the 'show interfaces terse' command displays a concise summary of interface status, including the encapsulation type configured on each interface. If Router A expects a specific encapsulation (e.g., PPP, HDLC, or Ethernet) that does not match what Router B is sending, the interface will show 'up' but will not receive packets. This command allows the engineer to quickly verify the configured encapsulation type without extraneous details.

Exam trap

The trap here is that candidates often assume 'show interfaces extensive' is the best command for all interface issues, but for checking encapsulation type specifically, the terse view is more direct and avoids information overload.

How to eliminate wrong answers

Option A is wrong because 'show interfaces extensive' provides detailed interface statistics and error counters but does not explicitly highlight the encapsulation type in a concise manner; it is more useful for deep packet-level troubleshooting rather than checking encapsulation expectations. Option C is wrong because 'show configuration interfaces' displays the configuration stanza for interfaces, which includes encapsulation settings, but it shows the intended configuration rather than the operational state; the interface could be 'up' with a mismatched encapsulation if the configuration was committed incorrectly or if the peer is misconfigured. Option D is wrong because 'monitor traffic interface' captures live packet headers on the interface, which can help identify encapsulation mismatches by showing malformed frames, but it is a real-time diagnostic tool that does not directly display the configured encapsulation type; it is more appropriate for advanced troubleshooting after verifying the configuration.

238
Multi-Selecthard

Which TWO factors are directly used when comparing route preferences in JunOS? (Choose two.)

Select 2 answers
A.Next-hop reachability
B.Number of hops
C.Metric (or cost)
D.Prefix length
E.Preference value
AnswersC, E

Within the same protocol, lower metric is preferred; across protocols, preference is compared first.

Why this answer

Route preference and metric (or cost) are used to compare routes from different protocols or within the same protocol. Options A and B are correct. Option C is a condition for route to be considered, not for comparison.

Option D is used for longest prefix match, not preference. Option E is not a factor in JunOS route preference.

239
MCQeasy

A company wants to implement best practice for password recovery on Juniper devices to avoid service disruption. Which of the following is the recommended method?

A.Perform a factory reset to default configuration
B.Boot the device into single-user mode from the console and reset the root password
C.Use SNMP to modify the password field in the configuration
D.Contact JTAC to remotely reset the password
AnswerB

This is the standard Juniper password recovery procedure, allowing password reset without affecting configuration.

Why this answer

Option B is correct because booting the device into single-user mode from the console is the standard, secure method for password recovery on Juniper devices. This process allows an administrator with physical console access to reset the root password without affecting the running configuration or causing service disruption, as the device boots with a minimal kernel and does not load the full configuration.

Exam trap

The trap here is that candidates may confuse Juniper's single-user mode recovery with Cisco's password recovery process, which often involves a configuration register change and may require a factory reset; Juniper's method is designed to preserve the configuration, while Cisco's recovery can sometimes erase the startup configuration if not done carefully.

How to eliminate wrong answers

Option A is wrong because performing a factory reset to default configuration erases all configuration data, causing complete service disruption and loss of custom settings, which is not a best practice for password recovery. Option C is wrong because SNMP is a monitoring and management protocol that does not provide a mechanism to modify password fields in the Junos configuration; it is read-only for security purposes and cannot be used for password changes. Option D is wrong because contacting JTAC to remotely reset the password is not a standard or recommended procedure; JTAC does not have direct access to reset passwords, and this would require a support contract and potentially cause delays, not to mention that remote password reset is not a supported feature.

240
MCQeasy

A junior engineer needs to collect a snapshot of the current system state, including routing tables, interfaces, and configuration, for a support ticket. Which command achieves this?

A.show configuration
B.show interfaces
C.request support information
D.show route
AnswerC

Gathers comprehensive system data for troubleshooting.

Why this answer

The 'request support information' command is the correct choice because it collects a comprehensive snapshot of the current system state, including routing tables, interface details, configuration, logs, and other operational data into a single archive file. This is specifically designed for support tickets, as it bundles all relevant diagnostic information in one step, unlike individual show commands that only capture partial data.

Exam trap

The trap here is that candidates often confuse individual show commands (like 'show route' or 'show interfaces') with the all-in-one 'request support information' command, failing to recognize that only the latter captures the full system state required for a support ticket.

How to eliminate wrong answers

Option A is wrong because 'show configuration' only displays the current active configuration, not the dynamic operational state like routing tables or interface statistics. Option B is wrong because 'show interfaces' only shows interface status and counters, missing routing tables and configuration. Option D is wrong because 'show route' only displays the routing table, omitting interfaces and configuration data.

241
MCQeasy

Refer to the exhibit. Based on the output, which statement is true?

A.The admin user has read-only access.
B.The interface ge-0/0/0 has been disabled.
C.The root password is stored in plaintext.
D.The router hostname is router1.
AnswerD

The 'set system host-name router1' line confirms this.

Why this answer

The output shows the system prompt ending with 'router1>', which indicates the hostname is set to 'router1'. In Junos, the CLI prompt format is 'hostname>', so this directly confirms the router hostname. Option D is correct because the prompt explicitly displays 'router1' as the active hostname.

Exam trap

The trap here is that candidates may overlook the CLI prompt as a direct indicator of the hostname and instead look for a 'show configuration' output, but Junos always displays the hostname in the prompt immediately upon login.

How to eliminate wrong answers

Option A is wrong because the prompt 'router1>' indicates a user in operational mode, not read-only access; read-only access would still show the same prompt but with restricted commands, and the output does not show any permission restrictions. Option B is wrong because the interface ge-0/0/0 is not mentioned in the output; the output only shows the CLI prompt, not any interface status or configuration. Option C is wrong because Junos never stores the root password in plaintext; it is always hashed using SHA-512 or MD5, and the output does not display any password.

242
MCQeasy

Refer to the exhibit. A frame with destination MAC 00:0c:29:2a:3b:4d arrives on interface ge-0/0/0. What action will the switch take?

A.Flood the frame to all ports except ge-0/0/0
B.Forward the frame out of ge-0/0/2 only
C.Drop the frame because the VLAN does not match
D.Forward the frame out of both ge-0/0/1 and ge-0/0/2
AnswerB

The MAC table shows the destination MAC on interface ge-0/0/2.

Why this answer

The switch learns MAC addresses and their associated VLANs from incoming frames. Since the destination MAC 00:0c:29:2a:3b:4d is already in the MAC address table and mapped to interface ge-0/0/2 within the same VLAN, the switch forwards the frame only out of ge-0/0/2. This is the fundamental behavior of transparent bridging: unicast frames are forwarded only to the port where the destination MAC was last seen.

Exam trap

The trap here is that candidates often assume a switch always floods unknown unicast frames, but the question explicitly provides a known destination MAC, so the correct action is unicast forwarding, not flooding.

How to eliminate wrong answers

Option A is wrong because flooding occurs only when the destination MAC is unknown (not in the MAC table) or is a broadcast/multicast address; here the MAC is known. Option C is wrong because the frame arrives on ge-0/0/0, which is an access port in the same VLAN as ge-0/0/2, so the VLAN matches; the switch does not drop the frame due to VLAN mismatch. Option D is wrong because the switch does not forward a known unicast frame out of multiple ports; it uses the single port from the MAC table, not both ge-0/0/1 and ge-0/0/2.

243
MCQhard

Refer to the exhibit. What is the most likely cause of the error?

A.The IP address 1.1.1.1/32 is already in use.
B.The candidate configuration has no errors and this is a warning.
C.The policy-statement 'test' contains a syntax error in the protocol match condition.
D.The commit check command requires user confirmation.
AnswerC

The error indicates 'protocol is not valid' in the policy-statement.

Why this answer

Option C is correct because the error message in the exhibit indicates a syntax error in the policy-statement 'test' when using the protocol match condition. In Junos, the 'protocol' match condition requires a valid protocol name (e.g., 'bgp', 'ospf', 'static'), and if an invalid or misspelled protocol is specified, the commit check fails with a syntax error. This is a common mistake when configuring policy-options, as the Junos CLI validates the protocol against a predefined list.

Exam trap

The trap here is that candidates may misinterpret a syntax error as a warning or an IP conflict, because Junos error messages can be verbose, but the key is to identify the specific line number and the 'syntax error' keyword in the output, which points directly to a configuration mistake in the policy-statement.

How to eliminate wrong answers

Option A is wrong because the error message does not indicate an IP address conflict; a '1.1.1.1/32 already in use' error would appear as a commit error with a specific message about duplicate address, not a syntax error in a policy statement. Option B is wrong because the candidate configuration contains an actual syntax error, not a warning; Junos warnings are typically informational (e.g., 'warning: statement ... is deprecated') and do not prevent a successful commit check, whereas this error blocks the commit. Option D is wrong because the commit check command does not require user confirmation; it validates the configuration and reports errors without prompting for confirmation, and the exhibit shows an error output, not a confirmation prompt.

244
MCQhard

A network must forward traffic to 10.1.1.0/24 through a specific next-hop 192.168.1.1, even if a dynamic route with a lower preference is available. Which configuration will achieve this?

A.Configure the dynamic protocol to export the route with a metric of 1.
B.Configure a static route to 10.1.1.0/24 with next-hop 192.168.1.1 and preference 5.
C.Configure a filter to reject the dynamic route.
D.Configure a static route to 10.1.1.0/24 with next-hop 192.168.1.1 and preference 15.
AnswerB

Preference 5 is lower than most dynamic defaults, so static will be active.

Why this answer

Configure a static route with preference 5, which is lower than the default dynamic preferences (e.g., OSPF 10, BGP 170). This ensures the static route is preferred. Option B (preference 15) would be higher than OSPF, so static would not win.

Option C could work but is not the simplest. Option D does not affect route selection across protocols.

245
MCQmedium

Under what circumstance would the 'deactivate' command be useful in Junos configuration?

A.To delete a configuration statement after commit
B.To permanently remove a configuration statement
C.To temporarily disable a configuration statement without removing it from the configuration
D.To mark a statement as inactive while keeping it in the active configuration
AnswerC

Deactivation disables the statement until it is activated again.

Why this answer

The 'deactivate' command in Junos temporarily disables a configuration statement without removing it from the configuration. This is useful for testing changes or troubleshooting because the deactivated statement remains in the configuration but is ignored by the commit operation, allowing easy reactivation with the 'activate' command.

Exam trap

The trap here is confusing 'deactivate' with 'delete' or assuming that deactivated statements remain active; candidates often think 'deactivate' removes the statement or that it still applies after commit, but in Junos, deactivated statements are completely ignored by the commit operation.

How to eliminate wrong answers

Option A is wrong because 'deactivate' does not delete a configuration statement after commit; it only marks it as inactive before commit, and the statement persists in the configuration. Option B is wrong because 'deactivate' does not permanently remove a statement; it only temporarily disables it, and the statement can be reactivated. Option D is wrong because a deactivated statement is not kept in the active configuration; it is excluded from the active configuration after commit, meaning it does not affect the running system.

246
MCQmedium

A network engineer needs to revert to the configuration that was active before the last commit. Which command accomplishes this?

A.rollback 1
B.rollback 0
C.load override
D.revert
AnswerA

Reverts to the previous committed configuration.

Why this answer

The 'rollback 1' command reverts the active configuration to the configuration that was committed immediately before the most recent commit. Junos maintains up to 50 previous committed configurations (rollback 0 being the current active configuration, rollback 1 the previous, and so on). This command is the correct way to undo the last commit without manually editing the configuration.

Exam trap

The trap here is that candidates familiar with Cisco IOS may expect a 'revert' command or confuse 'rollback 0' (current config) with the previous commit, leading them to select the wrong rollback number or a non-existent command.

How to eliminate wrong answers

Option B (rollback 0) is wrong because rollback 0 refers to the currently active configuration, not the one before the last commit; using it would load the same configuration already in use. Option C (load override) is wrong because it is used to replace the entire candidate configuration with a configuration from a file or URL, not to revert to a previous commit. Option D (revert) is wrong because 'revert' is not a valid Junos CLI command; the correct command is 'rollback'.

247
MCQmedium

Refer to the exhibit. Which log file will contain messages about authorization events?

A.messages
B.Both messages and interactive-commands
C.Neither
D.interactive-commands
AnswerA

The 'authorization info' statement means authorization events with priority info and above are logged to messages.

Why this answer

In Junos, the 'messages' log file (typically /var/log/messages) records system log messages, including authorization events such as user login failures, privilege escalation attempts, and configuration changes. Authorization events are generated by the system's authentication, authorization, and accounting (AAA) framework and are logged at the 'info' severity level by default, which is captured in the messages file. The 'interactive-commands' log file specifically records CLI commands entered by users, not authorization events.

Exam trap

The trap here is that candidates confuse 'interactive-commands' (which logs CLI commands) with authorization logging, assuming that because commands require authorization, the log file would contain authorization events, but Junos separates command logging from authorization event logging.

How to eliminate wrong answers

Option B is wrong because 'interactive-commands' logs only the actual CLI commands typed by users, not authorization events; authorization events are separate and appear in 'messages'. Option C is wrong because authorization events are indeed logged in Junos, specifically in the 'messages' file, so 'Neither' is incorrect. Option D is wrong because 'interactive-commands' does not contain authorization messages; it is dedicated to recording user-entered commands for auditing purposes.

248
Multi-Selecteasy

Which TWO statements about VLANs are correct? (Choose two.)

Select 2 answers
A.MAC addresses are shared across VLANs.
B.Each VLAN must be assigned a unique IP subnet.
C.Trunk links can carry traffic for multiple VLANs.
D.VLANs segment a network into separate broadcast domains.
E.A single switch port can belong to only one VLAN.
AnswersC, D

Trunks are used for multiple VLANs.

Why this answer

Option C is correct because trunk links, such as 802.1Q trunk ports, are designed to carry traffic for multiple VLANs by adding VLAN tags to Ethernet frames. This allows a single physical link between switches or between a switch and a router to transport frames from different VLANs simultaneously.

Exam trap

The trap here is that Juniper Networks often tests the misconception that a switch port can belong to only one VLAN, but this is only true for access ports—trunk ports can carry multiple VLANs, and some platforms support voice VLANs that allow a port to be in both a data and voice VLAN simultaneously.

249
MCQhard

Refer to the exhibit. An administrator notices repeated failed login attempts. What should be configured to mitigate this attack?

A.Set login retry limit
B.Configure a firewall filter to block the source IP
C.Disable SSH
D.Change the root password
AnswerB

B directly blocks the attacker IP.

Why this answer

A firewall filter can block traffic from the source IP address of the repeated failed login attempts, preventing further access from that host. This is a direct and immediate mitigation against an ongoing brute-force attack, as it stops the attacker's traffic at the network layer before it reaches the SSH or login service.

Exam trap

The trap here is that candidates often confuse mitigation (stopping an ongoing attack) with prevention (hardening against future attacks), leading them to choose retry limits or password changes instead of the immediate IP-blocking solution.

How to eliminate wrong answers

Option A is wrong because setting a login retry limit only restricts the number of failed attempts per session, but it does not block the source IP; an attacker can simply open new sessions and continue. Option C is wrong because disabling SSH would prevent all remote access, including legitimate administrative access, which is an overly drastic and unnecessary measure. Option D is wrong because changing the root password does not stop the attacker from continuing to try new passwords; it only invalidates the current password, but the attack persists.

250
MCQhard

During a maintenance window, an engineer issues 'commit confirmed 5' but the change causes a connectivity loss. The engineer is unable to reconnect to the device before the timeout expires. What will happen?

A.The engineer must manually rollback using the rollback command.
B.The change remains committed until the next reboot.
C.The device reloads with factory defaults.
D.The device automatically reverts to the previous active configuration.
AnswerD

Commit confirmed automatically rolls back after the timeout if not confirmed.

Why this answer

The 'commit confirmed 5' command activates a candidate configuration and starts a 5-minute rollback timer. If the engineer does not issue a 'commit' or 'commit check' before the timer expires, Junos automatically reverts to the previously active configuration. This ensures the device returns to a known working state without manual intervention, preserving connectivity after the failed change.

Exam trap

The trap here is that candidates may think a 'commit confirmed' requires a manual rollback command (Option A) or that the change persists until a reboot (Option B), but Junos automatically reverts the configuration upon timeout, making it a safety mechanism for remote changes.

How to eliminate wrong answers

Option A is wrong because the automatic rollback occurs without requiring manual intervention; the engineer does not need to use the 'rollback' command after the timeout. Option B is wrong because a confirmed commit is explicitly designed to not remain committed; it automatically reverts if not confirmed, so the change does not persist until the next reboot. Option C is wrong because the device does not reload with factory defaults; it reverts only to the previous active configuration, not to a factory-reset state.

251
MCQeasy

A network administrator is configuring a new OSPF network. Which statement about OSPF router IDs is correct?

A.If no router ID is configured, the system uses the lowest IP address on an active interface.
B.The router ID must be an IP address from a directly connected interface.
C.The router ID is automatically derived from the MAC address.
D.Router IDs must be unique across all routers in the OSPF domain.
AnswerD

Unique router IDs prevent routing issues.

Why this answer

In OSPF, the router ID must be unique across the entire OSPF domain to ensure proper neighbor adjacency formation and loop-free routing. If two routers share the same router ID, OSPF cannot distinguish between them, leading to adjacency failures and potential routing loops. This uniqueness requirement is specified in RFC 2328.

Exam trap

The trap here is that candidates often confuse the OSPF router ID selection process with Cisco's behavior (which uses the highest loopback IP, then highest physical IP), but Junos uses the highest IP address on any active interface, with loopback interfaces taking precedence over physical interfaces.

How to eliminate wrong answers

Option A is wrong because if no router ID is configured, Junos selects the highest IP address on a loopback interface, or if no loopback exists, the highest IP address on any active interface — not the lowest. Option B is wrong because the router ID can be any unique 32-bit value, including an IP address that is not assigned to any interface (e.g., 1.1.1.1), and does not need to be from a directly connected interface. Option C is wrong because the router ID is not derived from the MAC address; it is either manually configured or automatically selected from the highest IP address on a loopback or active interface.

252
MCQhard

An engineer needs to check if a junos configuration file is syntactically correct before applying it. Which command should be used?

A.load check
B.commit check
C.check commit
D.validate
AnswerB

commit check verifies syntax and semantics of the candidate configuration.

Why this answer

The 'commit check' command validates the syntax and semantics of the candidate configuration without applying it. If errors are found, they are reported, and the configuration is not committed. This allows the engineer to verify correctness before making the change active.

Exam trap

The trap here is that candidates familiar with Cisco IOS may expect a 'validate' command or confuse the order of keywords, but Junos requires the exact syntax 'commit check' for pre-commit validation.

How to eliminate wrong answers

Option A is wrong because 'load check' is not a valid Junos command; the correct syntax for loading a configuration file is 'load merge', 'load override', etc., and 'load check' does not exist. Option C is wrong because 'check commit' reverses the order of the valid command; Junos uses 'commit check' as the standard syntax. Option D is wrong because 'validate' is not a Junos CLI command for checking configuration syntax; the equivalent functionality is provided by 'commit check' or 'commit confirmed'.

253
MCQhard

A network engineer sees an unknown unicast flood on a Juniper EX switch. Which mechanism is most effective at reducing such floods?

A.Enable storm control for unknown unicast traffic.
B.Configure static MAC addresses for all endpoints.
C.Increase the MAC address table aging time.
D.Disable MAC learning on trunk interfaces.
AnswerA

Storm control rate-limits flooding, reducing network impact.

Why this answer

Unknown unicast flooding occurs when a switch does not have a MAC address entry for a destination, causing it to flood the frame out of all ports in the VLAN except the ingress port. Storm control for unknown unicast traffic (set using `set ethernet-switching-options storm-control interface <interface> unknown-unicast`) directly limits the rate of such flooded traffic, preventing excessive bandwidth consumption. This is the most effective mechanism because it specifically targets and rate-limits unknown unicast floods without altering MAC learning or aging behavior.

Exam trap

The trap here is that candidates often confuse storm control (which rate-limits flooded traffic) with broadcast suppression or MAC learning controls, and may incorrectly think that increasing aging time or disabling MAC learning will reduce flooding, when in fact those actions either have no effect or worsen the problem.

How to eliminate wrong answers

Option B is wrong because configuring static MAC addresses for all endpoints is not scalable in a dynamic network and does not dynamically reduce flooding; it only prevents flooding for those specific statically defined addresses. Option C is wrong because increasing the MAC address table aging time can actually increase the likelihood of stale entries and does not reduce unknown unicast floods; it may even exacerbate flooding by delaying the removal of outdated entries. Option D is wrong because disabling MAC learning on trunk interfaces would prevent the switch from learning MAC addresses on those links, which would increase unknown unicast flooding rather than reduce it, as the switch would have fewer learned entries.

254
Multi-Selectmedium

Which TWO statements are true about the Junos file system? (Choose two.)

Select 2 answers
A.The /config directory contains configuration files.
B.The /var/tmp directory is used for temporary storage.
C.The /altroot directory is a backup root filesystem.
D.The /kernel directory contains the operating system kernel.
E.The root directory (/) is a RAM disk.
AnswersA, B

/config stores the active and candidate configuration files.

Why this answer

Option A is correct because the /config directory in the Junos file system stores the active and backup configuration files, including juniper.conf and juniper.conf.gz. These files are critical for device operation and are loaded during the boot process.

Exam trap

The trap here is that candidates may confuse the /altroot directory with a backup root filesystem, when in fact it is used for alternate root images during software upgrades, not a persistent backup.

255
MCQmedium

An engineer needs to apply a configuration change that adds a new static route to the Junos device. The engineer wants to ensure the change takes effect immediately and is persistent across reboots. Which command should the engineer use?

A.load override
B.commit confirmed
C.rollback
D.commit
AnswerD

'commit' activates the candidate configuration and makes it persistent across reboots.

Why this answer

The 'commit' command is correct because it immediately activates the candidate configuration (including the new static route) and makes it the active configuration that survives a reboot. Junos uses a two-stage configuration model where changes are first made to the candidate configuration and then committed to become the active, persistent configuration.

Exam trap

The trap here is that candidates familiar with Cisco IOS might assume 'copy running-config startup-config' is needed for persistence, but in Junos, a single 'commit' both activates the change and saves it permanently, making additional save commands unnecessary.

How to eliminate wrong answers

Option A is wrong because 'load override' replaces the entire candidate configuration with a new file, but it does not activate the configuration; a subsequent 'commit' is still required. Option B is wrong because 'commit confirmed' is used to automatically roll back to a previous configuration if the commit is not confirmed within a specified time (default 10 minutes), which is not appropriate for a permanent static route addition. Option C is wrong because 'rollback' reverts the candidate configuration to a previously committed version, which would remove any pending changes rather than applying them.

256
Multi-Selecteasy

Which TWO statements about active routes in the Junos routing table are correct?

Select 2 answers
A.All routes in the routing table are active.
B.Multiple active routes can exist for the same prefix.
C.An active route is installed in the forwarding table.
D.An active route must have a valid next hop.
E.An active route is always preferred over a passive route.
AnswersC, D

Active routes are used for forwarding.

Why this answer

Option C is correct because an active route in Junos is one that is selected as the best route for a given prefix and is installed in the forwarding table (the FIB). The forwarding table is used by the Packet Forwarding Engine (PFE) to make actual forwarding decisions, so only active routes are placed there.

Exam trap

The trap here is that candidates often confuse 'active route' with 'all routes in the table' or think multiple active routes can coexist for the same prefix, but Junos strictly selects only one active route per prefix based on route preference.

257
Multi-Selecthard

Which THREE statements are true about commit operations in Junos OS?

Select 3 answers
A.The 'commit confirmed' command immediately discards changes if not confirmed.
B.Multiple users can make configuration changes simultaneously, but only one can commit at a time.
C.The 'commit check' command validates the configuration syntax without activating it.
D.The 'commit confirmed' command allows a rollback to the previous configuration if not confirmed within the timeout period.
E.The 'commit' command always requires 'commit synchronize' when using dual Routing Engines.
AnswersB, C, D

Junos uses a lock to serialize commits.

Why this answer

Option B is correct because Junos OS allows multiple users to enter configuration mode and make changes simultaneously, but the commit operation is serialized: only one user can commit at a time. This prevents conflicting changes from being applied concurrently, ensuring configuration consistency.

Exam trap

The trap here is confusing 'commit confirmed' with an immediate discard of changes, when in fact it temporarily activates the configuration and only rolls back if the confirmation is not received within the timeout period.

258
Multi-Selectmedium

Which TWO attributes are used by Junos to select the active route among multiple routes to the same destination?

Select 2 answers
A.Metric
B.Preference
C.Protocol type
D.Next hop address
E.AS path length
AnswersA, B

Lower metric is preferred when preference is equal.

Why this answer

Junos uses the route preference (also known as administrative distance) as the primary attribute to select the active route among multiple routes to the same destination. If multiple routes have the same preference, Junos then compares the metric (also called cost or protocol-specific metric) to break the tie. Preference is a local, configurable value that ranks the trustworthiness of the routing protocol source, while metric is a protocol-specific value (e.g., OSPF cost, RIP hop count) used within the same protocol.

Exam trap

The trap here is that candidates often confuse Junos's use of 'preference' with Cisco's 'administrative distance' and mistakenly think 'protocol type' or 'next hop address' are selection attributes, when in fact Junos uses preference and metric as the two standard tiebreakers for active route selection.

259
MCQmedium

A network engineer needs to view the operational status of all interfaces on a Junos device, including those that are disabled. Which command should be used?

A.show interfaces
B.show configuration interfaces
C.show interfaces terse
D.monitor interface traffic
AnswerC

The 'show interfaces terse' command displays all interfaces in a compact format, including disabled ones.

Why this answer

The 'show interfaces terse' command displays a concise, one-line-per-interface summary of all interfaces, including their administrative status (up/down) and whether they are disabled. Unlike 'show interfaces', which by default only shows interfaces that are physically present and enabled, 'terse' includes interfaces that are administratively disabled (e.g., 'down' in the Admin column). This makes it the correct choice for viewing the operational status of all interfaces, including disabled ones.

Exam trap

The trap here is that candidates often assume 'show interfaces' shows all interfaces, but it only shows enabled interfaces by default, while 'show interfaces terse' explicitly includes disabled interfaces in its output.

How to eliminate wrong answers

Option A is wrong because 'show interfaces' displays detailed information only for interfaces that are physically present and enabled; it does not show interfaces that are administratively disabled unless they are explicitly specified. Option B is wrong because 'show configuration interfaces' displays the configured interface statements from the candidate or active configuration, not the operational status (e.g., up/down, disabled state). Option D is wrong because 'monitor interface traffic' is used for real-time traffic monitoring and statistics, not for viewing the administrative or operational status of interfaces.

260
MCQhard

A service provider operates a Juniper MX router that receives a default route from two different ISPs via EBGP. Both ISPs advertise 0.0.0.0/0 with the same local preference (100), same AS path length, and same metric. The network administrator wants to load balance outgoing traffic across both ISPs for redundancy and bandwidth utilization. After applying the configuration, the administrator checks the routing table and sees that only one default route is active, the one from ISP-A. The other route from ISP-B is present but not active. The administrator verifies that both routes have the same preference (170) and same BGP attributes. The ISP links are different: ISP-A is connected via interface ge-0/0/0.0 with next-hop 10.1.1.2, and ISP-B via interface ge-0/0/1.0 with next-hop 10.2.2.2. What is the most likely reason that both routes are not active and load-balanced?

A.The router has 'no-policy-statistics' enabled on the BGP sessions.
B.The BGP routes have different next-hop addresses.
C.The BGP routes are from different autonomous systems.
D.The router is configured with 'multipath multiple-as' under BGP.
AnswerC

Junos requires the 'multipath multiple-as' configuration to load balance routes from different ASes; otherwise, only the best path is installed.

Why this answer

The correct answer is C. By default, Junos BGP does not load balance routes from different autonomous systems. To enable multipath across different ASes, the 'multipath multiple-as' command must be configured under BGP.

Option A is irrelevant. Option B is not a cause because different next-hops can be load-balanced under multipath. Option D is the solution, not the cause.

Therefore, the most likely cause is that the routes are from different ASes.

261
MCQmedium

Which command is used to verify that the current active configuration is the same as the candidate configuration?

A.commit check
B.show configuration
C.show system configuration
D.show | compare
AnswerD

The 'show | compare' command displays differences between the candidate and active configurations. If no differences are shown, the configurations are identical.

Why this answer

The command `show | compare` displays the differences between the candidate configuration and the active (committed) configuration. If there are no differences, the candidate configuration is identical to the active configuration. This is the correct way to verify whether the candidate configuration matches the active configuration in Junos.

Exam trap

The trap here is that candidates often confuse `commit check` (which only validates syntax) with a comparison command, leading them to select Option A, but `commit check` does not compare the candidate to the active configuration.

How to eliminate wrong answers

Option A is wrong because `commit check` validates the syntax and semantics of the candidate configuration but does not compare it to the active configuration; it only ensures the candidate can be committed without errors. Option B is wrong because `show configuration` displays the candidate configuration (or the active if no candidate changes exist), but it does not perform a comparison with the active configuration. Option C is wrong because `show system configuration` is not a valid Junos command; the correct command to view system configuration is `show configuration` or `show system` with specific filters.

262
MCQhard

During a maintenance window, an engineer needs to apply a configuration change that reverts automatically if the commit fails or the administrator does not confirm within a set time. Which feature should be used?

A.commit confirmed
B.commit check
C.commit synchronize
D.commit at 03:00
AnswerA

Correctly implements automatic rollback if not confirmed within the set time.

Why this answer

The 'commit confirmed' feature allows an engineer to apply a configuration change that automatically reverts to the previous configuration if the commit is not confirmed within a specified time period (default 10 minutes). This ensures that if the commit fails or the administrator loses connectivity, the system rolls back safely without manual intervention.

Exam trap

The trap here is that candidates often confuse 'commit confirmed' with 'commit check' or 'commit synchronize', mistakenly thinking that syntax validation or dual-RE synchronization provides the same automatic rollback safety, but only 'commit confirmed' implements the timed confirmation and automatic revert mechanism.

How to eliminate wrong answers

Option B is wrong because 'commit check' only validates the syntax and semantics of the candidate configuration without actually applying it; it does not provide any automatic rollback or confirmation mechanism. Option C is wrong because 'commit synchronize' is used in a dual-RE (Routing Engine) chassis to apply the configuration to both REs simultaneously, not to provide a timed automatic rollback. Option D is wrong because 'commit at 03:00' schedules the commit to occur at a specific time but does not include a confirmation or automatic rollback feature; once committed, the change persists unless manually reverted.

263
MCQeasy

You are a network engineer at a company that uses a pair of Juniper EX4300 switches in a virtual chassis (VC) configuration for the campus core. The VC is running OSPF with a single area and has multiple uplinks to an upstream router. The router is advertising a default route via OSPF. You want all inter-vlan traffic within the VC to be switched, but internet-bound traffic should be routed via the default route. You notice that some VLANs are not able to reach the internet while others can. All VLANs have a default gateway on the VC, which is the same IP (the VC's management IP). Users in the failing VLANs can ping the default gateway but cannot ping the upstream router's interface IP. What is the most likely cause?

A.The VC is configured as an OSPF area border router and is not creating a summary for the failing VLANs.
B.The VC's MAC address table is not learning the upstream router's MAC address on the correct VLAN.
C.The IRB interface for the failing VLANs does not have OSPF enabled, so the upstream router does not have a route to those subnets, and return traffic is dropped.
D.The default route from OSPF is not being installed because there is a static default route with lower preference.
AnswerC

For the upstream router to send return traffic, it must have a route to the VLAN subnet; if the VC does not advertise the subnet via OSPF, the router may use a default route but might send traffic to a different next-hop.

Why this answer

Option A is correct because if the failed VLANs are not included in the OSPF configuration on the VC, the VC may not advertise those networks, and the upstream router may not have a route back, causing asymmetric routing. Also, if OSPF is not enabled on the VLAN's IRB interface, the default route is not installed for that subnet. Option B is incorrect; the default route is learned via OSPF and is global.

Option C is incorrect; the VC's MAC address is not relevant. Option D is incorrect; OSPF does not require an area border.

264
MCQmedium

A network administrator notices that traffic between two VLANs is not reaching its destination. The switch has an IRB interface configured with an IP address in each VLAN's subnet. What is the most likely missing configuration?

A.The IRB interface does not have an IP address configured.
B.The VLANs are on different switches.
C.The VLANs are not defined on the switch.
D.The switch ports are not configured for VLAN tagging.
AnswerC

Without defining the VLANs, the switch cannot associate ports or IRB interfaces with them.

Why this answer

The IRB interface provides Layer 3 routing between VLANs, but it requires the VLANs themselves to be defined on the switch. If the VLANs are not defined, the switch cannot associate the IRB interface with the correct broadcast domains, and traffic will not be forwarded between them. Option C correctly identifies this missing configuration.

Exam trap

The trap here is that candidates often assume an IRB interface with an IP address is sufficient for inter-VLAN routing, overlooking the prerequisite that the VLAN must be defined and associated with the IRB in the switch configuration.

How to eliminate wrong answers

Option A is wrong because the question states the IRB interface has an IP address in each VLAN's subnet, so an IP address is already configured. Option B is wrong because IRB interfaces can route between VLANs on the same switch or across different switches if the VLANs are extended via trunk links; the issue is not about switch placement. Option D is wrong because VLAN tagging on switch ports is only relevant for trunk ports carrying multiple VLANs, not for the IRB interface itself, and the problem is about inter-VLAN routing, not port configuration.

265
Multi-Selecthard

Which THREE CLI features are available in Junos OS to assist with command entry?

Select 3 answers
A.? (question mark) for context-sensitive help.
B.Ctrl+R to repeat the last command.
C.Up arrow key to recall previous commands.
D.Ctrl+Z to undo the last command.
E.Tab key for command completion.
AnswersA, C, E

Displays available commands or options.

Why this answer

Option A is correct because the question mark (?) provides context-sensitive help in Junos OS, displaying available commands, options, and syntax at any point in the CLI. This is a fundamental feature for command discovery and verification, especially when the exact command syntax is not known.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly associate Ctrl+Z with undo functionality (since in IOS it exits configuration mode) or Ctrl+R with repeating commands, but Junos uses different key bindings and relies on the Up arrow and Tab for command recall and completion.

266
MCQeasy

You are a network engineer for a company that uses two Juniper routers, R1 and R2, connected via an Ethernet link. R1 and R2 are running OSPF in the same area, and R2 also has an eBGP session with a service provider to reach the internet. On R1, you have configured a static route to the subnet 172.16.10.0/24 with a next-hop of 192.168.1.2, which is the IP address of R2's interface facing R1. You have verified that the static route is configured correctly in the configuration, but traffic from R1 to 172.16.10.0/24 is not being forwarded. You check the routing table on R1 and see that the static route is present but marked as 'hidden'. You also notice that R1 has an OSPF-learned route to 192.168.1.0/30 (the link between R1 and R2) with a cost of 1. What is the most likely reason for the hidden static route?

A.Disable the eBGP session on R2 to remove the BGP routes from the routing table.
B.Increase the static route's preference to a lower value (e.g., 4).
C.Configure a more specific static route to 172.16.10.0/24 with a mask of /25.
D.Check if the next-hop IP 192.168.1.2 is reachable via the directly connected interface.
AnswerD

Correct: the next-hop unreachability is the most common cause of a hidden static route; verifying reachability (e.g., ping, ARP) will identify the issue.

Why this answer

A static route becomes hidden when the next-hop is unreachable. Even though R1 has an OSPF route to the subnet containing the next-hop (192.168.1.0/30), the router checks reachability at the IP level. In this scenario, the next-hop 192.168.1.2 is directly connected and should be reachable via the OSPF route.

However, the question states the static route is hidden, indicating the next-hop is not considered reachable. This can happen if there is a firewall filter or a security policy blocking ARP or if the interface is down. Option A is the most direct troubleshooting step.

Option B is incorrect because the default preference of 5 is already low; increasing it would make the route less preferred. Option C is incorrect as the route is already specific. Option D is incorrect: disabling BGP would not affect the static route's next-hop reachability.

267
MCQeasy

A junior network engineer is learning JunOS CLI and wants to view the last 10 lines of the system log file. They log into the device and type 'show log messages | last 10'. They receive an error: 'unknown pipe command'. Which pipe command should they use instead?

A.| last 10
B.| display 10
C.| head 10
D.| tail 10
AnswerD

The '| tail' pipe command displays the last N lines of output.

Why this answer

In JunOS CLI, the pipe command to display the last N lines of output is '| tail N', not '| last N'. The 'tail' command filters the output to show only the final lines, analogous to the Unix 'tail' utility. Option D is correct because '| tail 10' will show the last 10 lines of the system log file.

Exam trap

The trap here is that candidates familiar with Cisco IOS may expect '| last 10' to work, but JunOS uses Unix-style pipe commands where 'tail' is the correct filter for displaying the end of output.

How to eliminate wrong answers

Option A is wrong because '| last 10' is not a valid JunOS pipe command; it triggers an 'unknown pipe command' error. Option B is wrong because '| display 10' is not a valid pipe command; 'display' is used for XML or set format output, not for line count filtering. Option C is wrong because '| head 10' would show the first 10 lines, not the last 10, and is the opposite of what the engineer needs.

268
MCQhard

Refer to the exhibit. An engineer adds a new static route to 10.10.10.0/24 via next-hop 172.16.1.2. The new route does not appear in the route table. What is the most likely reason?

A.The route requires an export policy to be installed.
B.The route has a different AS path.
C.The next-hop 172.16.1.2 is not directly reachable.
D.Static routes cannot have the same preference as an existing route.
AnswerC

If the next-hop is not directly connected or has no route, the static route is hidden.

Why this answer

Option C is correct because in Junos, a static route's next-hop must be directly reachable (i.e., on a connected subnet) for the route to be installed in the inet.0 route table. If the next-hop 172.16.1.2 is not directly connected, the route remains hidden (inactive) and does not appear in the forwarding table. Junos does not perform recursive next-hop resolution for static routes by default unless configured with 'resolve'.

Exam trap

The trap here is that candidates familiar with Cisco IOS expect static routes to automatically perform recursive next-hop resolution, but Junos requires either a directly connected next-hop or the explicit 'resolve' parameter to install the route.

How to eliminate wrong answers

Option A is wrong because static routes do not require an export policy to be installed in the route table; export policies are used to advertise routes from the routing table into a routing protocol (e.g., BGP), not to install them locally. Option B is wrong because AS path is a BGP attribute and has no relevance to static route installation; static routes are not learned via BGP and do not carry an AS path. Option D is wrong because static routes can share the same preference as an existing route; Junos uses route preference (administrative distance) for route selection, but a static route with the same preference as an existing route would simply be considered equal and may be installed as an additional next-hop (if ECMP-capable) or ignored, but it does not prevent installation due to preference alone.

269
MCQhard

A static route to 10.0.0.0/8 has next-hop 192.168.1.1. The route is not installed in the routing table. Which condition must be met for the route to become active?

A.The static route must have a lower preference than any dynamic route to the same prefix.
B.The next-hop must have an ARP entry in the ARP table.
C.The next-hop 192.168.1.1 must be reachable via an active route (e.g., a direct or OSPF route).
D.The metric of the static route must be lower than that of any other route to the same prefix.
AnswerC

Indirect next-hops require an active route to the next-hop address for the static route to be installed.

Why this answer

The correct answer is C. For a static route with an indirect next-hop, the next-hop must be reachable via another active route. This is called recursive route resolution.

Option A is incorrect because static routes do not depend on an ARP entry directly; they require a route to the next-hop. Option B is incorrect because preference affects selection, not installation. Option D is incorrect because metric is not used by static routes for resolution.

270
MCQeasy

An engineer is troubleshooting a network issue where hosts on the same VLAN cannot communicate with each other. Which configuration element is most likely missing?

A.Spanning Tree Protocol enabled
B.An IRB interface for the VLAN
C.A Layer 3 switchport
D.A default gateway for the VLAN
AnswerB

An IRB interface provides Layer 3 functionality for a VLAN on MX or EX series.

Why this answer

Hosts on the same VLAN communicate at Layer 2 using MAC addresses, so they do not need a default gateway or a Layer 3 interface. However, if an IRB (Integrated Routing and Bridging) interface is missing, the VLAN cannot participate in inter-VLAN routing or provide a gateway for hosts that need to reach other subnets. For intra-VLAN communication, the missing element is typically a Layer 2 switchport assigned to the VLAN, not an IRB interface; the question implies the hosts cannot communicate at all, which suggests the VLAN itself is not properly configured or the switchports are not in the same broadcast domain.

The most likely missing element is an IRB interface only if the hosts are trying to communicate across VLANs, but for same-VLAN communication, the correct answer should be a Layer 2 switchport; however, given the options, B is marked as correct in the source, so the explanation must align: an IRB interface is required when the VLAN needs to route traffic, but for same-VLAN communication, the issue is often that the VLAN is not created or the ports are not access ports in that VLAN.

Exam trap

The trap here is that candidates often confuse the need for a default gateway (Layer 3) with Layer 2 connectivity, assuming hosts on the same VLAN need a gateway to communicate, when in fact they communicate directly via ARP and MAC addresses.

How to eliminate wrong answers

Option A is wrong because Spanning Tree Protocol (STP) prevents loops in redundant topologies but is not required for basic Layer 2 communication within a single VLAN; hosts can communicate without STP enabled. Option C is wrong because a Layer 3 switchport is used for routing between VLANs, not for same-VLAN communication; hosts on the same VLAN communicate at Layer 2, so a Layer 2 switchport is needed. Option D is wrong because a default gateway is only necessary for traffic destined outside the local subnet; hosts on the same VLAN communicate directly via MAC addresses and do not need a default gateway.

271
MCQhard

You are a network engineer for a service provider that recently deployed a Juniper MX router at a new Point of Presence (PoP). The router is used to aggregate customer connections and exchange routes with upstream providers via BGP. After the initial configuration, you notice that the router is not learning any routes from one of the upstream BGP peers. You have verified that the BGP session is established (state Established) and that the peer is sending routes. You suspect that the issue might be related to the firewall filter or routing policy. You want to determine if any inbound routes are being rejected and why. Which command would provide the most direct information about why routes are being rejected?

A.show route protocol bgp
B.show route receive-protocol bgp 192.0.2.1
C.show bgp summary
D.show firewall filter <filter-name>
AnswerB

Displays received routes and indicates if any are rejected by policy.

Why this answer

Option B, 'show route receive-protocol bgp 192.0.2.1', is correct because it displays the exact routes received from a specific BGP peer along with any policy or filter actions applied (e.g., reject, accept). This command directly shows whether routes are being rejected and the reason (e.g., due to an import policy or firewall filter), making it the most direct diagnostic tool for the described issue.

Exam trap

The trap here is that candidates often assume 'show bgp summary' or 'show route protocol bgp' will reveal route rejection details, but they only show aggregated statistics or installed routes, not the per-peer policy decisions that cause routes to be hidden or rejected.

How to eliminate wrong answers

Option A is wrong because 'show route protocol bgp' displays all BGP routes in the routing table, but it does not show why routes were rejected or filtered before installation. Option C is wrong because 'show bgp summary' only shows BGP session state and statistics (e.g., prefixes received), not the specific routes or rejection reasons. Option D is wrong because 'show firewall filter <filter-name>' shows firewall filter counters and rules, but it does not directly correlate to BGP route rejection unless the filter is explicitly applied to the BGP session; it is indirect and less specific than the receive-protocol command.

272
MCQhard

You are managing a Juniper MX router that serves as a BGP route reflector for multiple customer VPNs. The router has two routing engines (RE0 and RE1) in a graceful switchover (GRES) configuration. During a routine maintenance window, you need to upgrade the Junos OS from version 18.1R1 to 20.2R2. The upgrade must minimize traffic disruption. You have already staged the new image on both REs. Which sequence of commands ensures minimal impact?

A.On RE0: request system software add jinstall-20.2R2.tgz reboot; then on RE1 same command
B.On RE0: request system reboot (without adding software)
C.On RE1: request system software add jinstall-20.2R2.tgz reboot; after reboot, on RE0: request chassis routing-engine master switch; then request system software add jinstall-20.2R2.tgz reboot
D.On both REs: request system software add jinstall-20.2R2.tgz reboot
AnswerC

Minimizes downtime by upgrading backup first, then switching.

Why this answer

Option C is correct because it performs a non-disruptive upgrade by first upgrading the backup RE (RE1), then switching mastership to the upgraded RE, and finally upgrading the original master RE. This sequence leverages Graceful Routing Engine Switchover (GRES) to maintain BGP sessions and VPN forwarding during the upgrade, minimizing traffic disruption.

Exam trap

The trap here is that candidates assume rebooting both REs sequentially with the same command is sufficient, but they overlook the need to switch mastership to the upgraded backup RE before upgrading the original master to avoid a double-reboot scenario that disrupts traffic.

How to eliminate wrong answers

Option A is wrong because rebooting both REs sequentially without first switching mastership causes a full outage when the master RE reboots, as the backup RE is not yet upgraded and may not take over cleanly. Option B is wrong because rebooting without adding the new software does not perform an upgrade, leaving the router on the old version. Option D is wrong because adding the software and rebooting both REs simultaneously or without proper mastership control can cause a complete loss of routing and forwarding, as both REs may reboot at the same time or the backup RE cannot take over gracefully.

273
Multi-Selecteasy

Which TWO statements about the Junos OS configuration hierarchy are correct? (Choose two.)

Select 2 answers
A.All configuration is stored in a flat file with line numbers
B.The hierarchy is stored in multiple configuration files that are merged at boot
C.Configuration is organized in a hierarchical structure with levels
D.Configuration values are inherited from the root level automatically
E.Each level can contain one or more statements or values
AnswersC, E

Junos uses a tree-like hierarchy, e.g., protocols > bgp > group > neighbor.

Why this answer

Option C is correct because the Junos OS configuration is organized in a hierarchical structure, resembling a tree with defined levels (e.g., [edit interfaces], [edit protocols ospf]). This hierarchy allows for logical grouping of configuration statements, making it easier to manage and navigate. The structure is enforced by the Junos CLI and the configuration database, which uses a set-based model rather than a flat file.

Exam trap

The trap here is that candidates often confuse Junos's hierarchical structure with Cisco IOS's flat or modular configuration approach, leading them to incorrectly assume that Junos uses multiple merged files or automatic root-level inheritance.

274
MCQmedium

Refer to the exhibit. A packet with destination IP 192.168.1.100 arrives. Which next-hop IP will the router use?

A.10.0.0.1
B.10.0.0.0
C.10.0.0.2
D.Directly connected (the packet is sent directly to 192.168.1.100)
AnswerC

The route for 192.168.1.0/24 points to 10.0.0.2.

Why this answer

The router performs a longest-prefix match lookup in its routing table for destination 192.168.1.100. The most specific matching route is 192.168.1.0/25 via next-hop 10.0.0.2, so the router forwards the packet to 10.0.0.2. Option C is correct.

Exam trap

The trap here is that candidates often assume the route with the lower metric or administrative distance wins, but in Junos (and all IP routing), the longest-prefix match is always evaluated first, regardless of metric or preference.

How to eliminate wrong answers

Option A is wrong because 10.0.0.1 is the next-hop for the 192.168.1.0/24 route, but the /25 route is more specific and takes precedence. Option B is wrong because 10.0.0.0 is not a valid next-hop IP address; it is a network address, not a usable host address. Option D is wrong because the destination 192.168.1.100 is not on a directly connected subnet; the router must forward the packet to a next-hop router.

275
MCQhard

A junior engineer is troubleshooting a routing issue and wants to see the route table for IPv4 unicast routes. Which command will display this information?

A.show route table inet.0
B.show route table inet6.0
C.show route forwarding-table
D.show route protocol bgp
AnswerA

Displays IPv4 unicast route table.

Why this answer

Option A is correct because the command 'show route table inet.0' displays the IPv4 unicast route table in Junos. The inet.0 table is the default routing table for IPv4 unicast routes, containing all active routes learned via various protocols (e.g., OSPF, BGP, static). This command is the standard way to view the IPv4 unicast routing information base (RIB) on Juniper devices.

Exam trap

The trap here is that candidates often confuse the routing table (RIB) with the forwarding table (FIB), or they may think 'show route protocol bgp' shows all routes, when it only shows routes from a specific protocol.

How to eliminate wrong answers

Option B is wrong because 'show route table inet6.0' displays the IPv6 unicast route table, not IPv4 unicast routes. Option C is wrong because 'show route forwarding-table' displays the forwarding table (FIB), which contains the actual next-hop information used for packet forwarding, not the route table (RIB) that stores all learned routes. Option D is wrong because 'show route protocol bgp' filters the route table to show only routes learned via BGP, not the entire IPv4 unicast route table.

276
MCQhard

During a maintenance window, an engineer needs to apply a series of configuration changes that are stored in a text file. Which command sequence should be used to load and apply the changes from the file?

A.request system configuration rescue save
B.load override /var/tmp/changes.txt; commit
C.configure; load patch /var/tmp/changes.txt; commit
D.configure; load merge /var/tmp/changes.txt; commit
AnswerD

Loads the configuration changes from the file without overwriting existing configuration, then commits.

Why this answer

Option D is correct because the engineer needs to enter configuration mode (configure) and then use the 'load merge' command to merge the contents of the text file into the candidate configuration without replacing the entire configuration. The 'commit' command then activates the changes. This is the standard Junos workflow for applying incremental changes from a file.

Exam trap

The trap here is that candidates often confuse 'load merge' with 'load override' or 'load patch', not realizing that 'load merge' is the correct command for applying incremental changes from a standard configuration text file, while 'load override' wipes the entire configuration and 'load patch' requires a specific diff format.

How to eliminate wrong answers

Option A is wrong because 'request system configuration rescue save' saves the current active configuration as a rescue configuration, not loads changes from a file. Option B is wrong because 'load override' replaces the entire candidate configuration with the contents of the file, which would discard all existing configuration not in the file, and the command sequence does not include entering configuration mode ('configure'). Option C is wrong because 'load patch' is used to apply a patch file (a diff between two configurations), not a standard text file of configuration changes; it would likely fail or produce unintended results if the file is not in patch format.

277
MCQmedium

Refer to the exhibit. An engineer notices high error counts on the interface. Based on the output, what is the most likely cause?

A.The interface has a hardware fault.
B.The interface is experiencing excessive broadcasts.
C.The interface is operating in half-duplex mode.
D.The interface is connected to a device configured for half-duplex.
AnswerD

Correct; collisions on a full-duplex link indicate a duplex mismatch with the remote end.

Why this answer

The output shows high error counts on the interface, which is a classic symptom of a duplex mismatch. When one end of an Ethernet link operates in full-duplex and the other in half-duplex, collisions occur on the half-duplex side because it expects to wait for the carrier to be clear before transmitting, while the full-duplex side transmits at any time. This leads to frame check sequence (FCS) errors, alignment errors, and runts on the half-duplex interface.

Option D is correct because the local interface is likely full-duplex (default on modern Juniper devices), and the connected device is configured for half-duplex, causing the mismatch.

Exam trap

The trap here is that candidates often assume high error counts always indicate a hardware fault (Option A), but in JNCIA-JUNOS, the specific error types (e.g., collisions, late collisions) point to a duplex mismatch, not a physical layer failure.

How to eliminate wrong answers

Option A is wrong because a hardware fault typically manifests as a high rate of CRC errors or interface resets, not the specific pattern of errors seen in a duplex mismatch (e.g., excessive collisions and late collisions). Option B is wrong because excessive broadcasts cause high CPU utilization and broadcast storms, not physical-layer errors like FCS or alignment errors on the interface counters. Option C is wrong because if the local interface were operating in half-duplex, it would not be the cause of the high error counts; rather, the mismatch with a full-duplex peer would still be the issue, and the question states the engineer notices high error counts on the interface, implying the local interface is likely full-duplex.

278
MCQhard

Based on the exhibit, what is the most likely impact on the router?

A.Routing protocol adjacencies will be lost, causing routing instability.
B.The CPU will be overloaded due to the kernel messages.
C.The router will stop forwarding packets immediately.
D.The router will reboot automatically.
AnswerA

The rpd process is killed, so dynamic routing protocols will fail.

Why this answer

The exhibit shows kernel messages indicating a hardware or software fault (e.g., a FPC crash or PIC restart). In Junos, such critical events cause the Packet Forwarding Engine (PFE) to reset, which tears down all routing protocol adjacencies (OSPF, BGP, IS-IS) because the control plane loses communication with the forwarding plane. This leads to route withdrawal and routing instability until the adjacencies are re-established.

Exam trap

The trap here is that candidates assume kernel messages always cause a full reboot or immediate forwarding stop, but Junos is designed to isolate failures to specific components (like FPCs) rather than crashing the entire router.

How to eliminate wrong answers

Option B is wrong because kernel messages are logged as part of normal fault handling and do not inherently overload the CPU; Junos prioritizes control plane stability. Option C is wrong because the router continues to forward packets using the last known forwarding table until the PFE restarts, and even then, forwarding may resume after the restart without a full stop. Option D is wrong because Junos does not automatically reboot on kernel messages; it isolates the faulty component (e.g., FPC restart) to maintain overall system availability.

279
MCQmedium

A network engineer is managing a hub-and-spoke OSPF network for a retail company. The hub router (hub01) is at the data center with a loopback address 10.99.99.99. The spoke router (spoke01) is at a branch office and connects to hub01 via two links: a primary T1 link on interface ge-0/0/0.0 and a backup LTE link on interface lte-0/0/0.0. Both links are in area 0. Recently, the spoke router began sending traffic to the hub's loopback over the LTE link instead of the T1 link, causing higher latency and data charges. The engineer checks the routing table on spoke01 and sees that the route to 10.99.99.99/32 has two equal-cost next-hops: one via ge-0/0/0.0 and one via lte-0/0/0.0. The engineer wants to ensure that only the T1 link is used under normal conditions, with the LTE link as a backup. Which action should the engineer take to achieve this?

A.Decrease the OSPF cost on interface ge-0/0/0.0 to 1.
B.Configure a static route to 10.99.99.99/32 with next-hop referencing the T1 interface and a lower preference than OSPF.
C.Set the OSPF priority on ge-0/0/0.0 to 128 to influence the designated router election.
D.Increase the OSPF cost on interface lte-0/0/0.0 to a value higher than the cost on ge-0/0/0.0.
AnswerD

This makes the T1 path lower cost, so it will be the only active route. The LTE path becomes a backup if the T1 fails.

Why this answer

The correct answer is A. By increasing the OSPF cost on the LTE interface, the path via LTE becomes higher cost, making the T1 path the only active route (since ECMP will break). Option B may not work if the T1 cost is already at the minimum (1).

Option C uses a static route, which would override OSPF but is not best practice and could cause routing loops. Option D affects DR election, not route selection. Hence, A is the best course of action.

280
MCQhard

An administrator notices that after committing a configuration change on a Juniper MX router, the device loses connectivity to the management network. The management interface is part of a dedicated management routing instance. Which of the following is the most likely cause?

A.A firewall filter was applied to the management interface that blocks all traffic
B.NTP was configured with an incorrect server address
C.A syslog server was configured that is unreachable
D.The routing instance for the management interface was accidentally removed
AnswerD

If the management interface's routing instance is removed, the interface loses its route to the management network, causing connectivity loss.

Why this answer

The management interface is part of a dedicated management routing instance (often named mgmt_junos). If this routing instance is accidentally removed during a commit, the management interface loses its routing context and becomes unreachable, causing loss of connectivity to the management network. This is a common misconfiguration when an administrator modifies routing instance configurations without realizing the management interface depends on it.

Exam trap

The trap here is that candidates often assume a firewall filter or service configuration (like NTP or syslog) is the cause, but the real issue is the removal of the routing instance that provides the logical separation for the management interface.

How to eliminate wrong answers

Option A is wrong because applying a firewall filter that blocks all traffic to the management interface would cause immediate loss of connectivity, but the question states the issue occurs after committing a configuration change, and the most likely cause is a structural change to the routing instance rather than a filter. Option B is wrong because configuring NTP with an incorrect server address would not cause loss of management connectivity; it would only prevent time synchronization. Option C is wrong because configuring an unreachable syslog server would only affect logging, not the management interface's ability to communicate on the network.

281
MCQhard

An engineer enables Spanning Tree PortFast on a switch port connected to a host. Later, another switch is connected to that same port, causing a loop. What feature could have prevented this?

A.Loop guard
B.BPDU guard
C.Root guard
D.UplinkFast
AnswerB

BPDU guard disables the port upon receiving a BPDU, preventing loops on PortFast ports.

Why this answer

BPDU guard is the correct answer because it disables a port configured with PortFast if a BPDU is received, preventing loops when a switch is accidentally connected. In this scenario, PortFast was enabled for a host, but connecting another switch caused BPDUs to be sent, which BPDU guard detects and shuts down the port to break the loop.

Exam trap

The trap here is that candidates confuse BPDU guard with Loop guard, thinking both prevent loops, but Loop guard addresses unidirectional link failures, not the accidental connection of a switch to a PortFast port.

How to eliminate wrong answers

Option A is wrong because Loop guard is designed to prevent alternate or root ports from becoming designated in the absence of BPDUs (e.g., due to unidirectional link failure), not to block BPDUs on PortFast-enabled ports. Option C is wrong because Root guard enforces the root bridge position by disabling a port if it receives superior BPDUs, but it does not prevent loops from a switch connected to a PortFast port. Option D is wrong because UplinkFast is a Cisco-proprietary feature that accelerates convergence after a direct link failure on access switches, unrelated to protecting PortFast ports from BPDU reception.

282
MCQeasy

An administrator wants to view the differences between the current candidate configuration and the last committed configuration. Which command displays this?

A.show configuration
B.commit check
C.show | compare
D.rollback ?
AnswerC

'show | compare' shows the delta between the candidate and the last committed configuration.

Why this answer

The 'show | compare' command displays the differences between the candidate and the active (committed) configuration.

283
MCQhard

A network engineer accidentally committed a configuration on a Juniper router that caused a loss of management access via SSH and SNMP. The engineer has console access and the device is still operational. Before the change, the engineer had saved a rescue configuration using 'request system configuration rescue save'. Which action should the engineer take to restore management access most quickly?

A.At the shell prompt, execute 'cli -c "rollback rescue"' and then commit.
B.At the configuration mode, execute 'rollback 0'.
C.Power cycle the device; it will automatically boot with the rescue configuration.
D.Reboot the device and press the space bar to load the rescue configuration.
AnswerA

This loads the rescue configuration without rebooting.

Why this answer

Option A is correct because the 'request system configuration rescue save' command stores a rescue configuration that can be rolled back to using 'rollback rescue' in configuration mode. Since the engineer has console access, they can enter configuration mode and execute 'rollback rescue' followed by 'commit' to instantly revert to the last known working configuration, restoring SSH and SNMP access without requiring a reboot.

Exam trap

The trap here is that candidates may confuse 'rollback rescue' with a boot-time recovery mechanism, assuming the rescue configuration loads automatically on reboot, when in fact it requires a manual command after the device is operational.

How to eliminate wrong answers

Option B is wrong because 'rollback 0' reverts to the most recently committed configuration, which is the same problematic configuration that caused the loss of management access, so it would not restore connectivity. Option C is wrong because power cycling the device does not automatically load the rescue configuration; Junos boots from the active file system (e.g., 'junos.conf') unless explicitly instructed otherwise via the boot loader or a rescue configuration load during boot. Option D is wrong because pressing the space bar during boot interrupts the normal boot process to access the loader prompt, but it does not automatically load the rescue configuration; the rescue configuration must be explicitly loaded via the 'load rescue' command in the loader or after booting into the operating system.

284
MCQmedium

Refer to the exhibit. Based on the output, what is the operational status of interface ge-0/0/0?

A.The interface is up but the link is down.
B.The interface has no IP address configured.
C.The interface is administratively down.
D.The interface is administratively up and the link is up.
AnswerD

Both Admin and Link are up.

Why this answer

Option D is correct because the output shows 'Physical link is Up' and 'Administratively Up', confirming that the interface is both enabled and receiving a carrier signal. In JUNOS, the 'show interfaces terse' command displays 'up' for the administrative status and 'up' for the link status when both conditions are met.

Exam trap

The trap here is that candidates often confuse the 'up/down' notation in 'show interfaces terse' with Cisco's 'show ip interface brief', where the first 'up' refers to the line protocol and the second to the administrative status, whereas JUNOS reverses the order (administrative first, then link).

How to eliminate wrong answers

Option A is wrong because the output explicitly states 'Physical link is Up', not down, so the link is operational. Option B is wrong because the interface does have an IP address configured (192.168.1.1/24 is shown in the output), and the absence of an IP address would not affect the operational status of the interface being up or down. Option C is wrong because the output shows 'Administratively Up', meaning the interface has not been disabled with the 'disable' command; if it were administratively down, the output would show 'Administratively Down'.

285
MCQmedium

A network engineer is designing a redundant network with two Juniper routers running VRRP. The virtual IP address is 10.0.0.1. Both routers are configured as VRRP group 1. What is the purpose of the 'priority' parameter in VRRP configuration?

A.It sets the interval for VRRP advertisements.
B.It determines the master router election.
C.It determines the virtual MAC address.
D.It changes the virtual IP address.
AnswerB

Higher priority increases the chance of becoming the master.

Why this answer

In VRRP, the 'priority' parameter (range 1-254, default 100) is used to elect the master router. The router with the highest priority becomes the master for the virtual IP address 10.0.0.1, ensuring redundancy by taking over traffic forwarding if the current master fails.

Exam trap

The trap here is that candidates confuse VRRP's priority with HSRP's priority or think it controls advertisement timers, but VRRP priority strictly governs master election and preemption behavior.

How to eliminate wrong answers

Option A is wrong because the interval for VRRP advertisements is set by the 'advertise-interval' parameter (default 1 second), not by priority. Option C is wrong because the virtual MAC address (00:00:5E:00:01:XX where XX is the VRRP group ID) is derived from the VRRP group number, not from priority. Option D is wrong because the virtual IP address is configured directly via the 'virtual-address' statement and is independent of the priority value.

286
MCQeasy

A network engineer wants to see all commands entered in the current session. Which operational mode command should they use?

A.history
B.show commands
C.show system history
D.show cli history
AnswerD

This command shows the history of CLI commands for the current session.

Why this answer

Option D is correct because 'show cli history' is the operational mode command in Junos that displays all commands entered during the current CLI session. This command retrieves the session-specific command history buffer, which is distinct from the system-wide history or shell history.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly choose 'history' or 'show history' (which are valid Cisco commands) without realizing Junos uses the specific 'show cli history' syntax.

How to eliminate wrong answers

Option A is wrong because 'history' is not a valid Junos operational mode command; it is a Linux shell command that shows shell history, not Junos CLI session history. Option B is wrong because 'show commands' is not a valid Junos command; it is a generic phrase that might be confused with 'show configuration' or 'show system' but does not exist as a command. Option C is wrong because 'show system history' displays system log messages (syslog) or reboot history, not the CLI command history of the current session.

287
Multi-Selecteasy

Which two factors does Junos use to select the best route when multiple routes to the same prefix exist? (Choose two.)

Select 2 answers
A.Route preference
B.Next-hop type
C.Number of hops
D.Metric
E.Route age
AnswersA, D

Lower preference is preferred; this is the primary selection criterion.

Why this answer

The correct answers are A and B. Junos first compares route preference; if equal, then metric is used. Next-hop type, route age, and number of hops are not standard tie-breakers.

Option C is not used. Option D (route age) might be used as a final tie-breaker? Actually Junos does use route age as a tie-breaker after metric? But in JNCIA, preference and metric are the primary factors. I'll stick with A and B.

288
MCQmedium

An engineer is configuring a firewall filter and wants to verify the syntax of the configuration before committing. Which command should be used?

A.validate
B.commit check
C.show | display inheritance
D.commit confirmed
AnswerB

Correctly validates the configuration syntax without committing.

Why this answer

The 'commit check' command validates the syntax and configuration semantics of the candidate configuration without activating it. This allows the engineer to verify that the firewall filter configuration is correct before committing, preventing potential service disruption from a faulty commit.

Exam trap

The trap here is that candidates familiar with Cisco IOS may confuse the Junos 'commit check' with the Cisco 'validate' command, but Junos uses 'commit check' for syntax verification and has no 'validate' command.

How to eliminate wrong answers

Option A is wrong because 'validate' is not a valid Junos CLI command; the correct command for syntax checking is 'commit check'. Option C is wrong because 'show | display inheritance' displays inherited configuration values, not syntax validation. Option D is wrong because 'commit confirmed' commits the configuration immediately and automatically rolls back if not confirmed within a timeout, which does not verify syntax before committing.

289
MCQmedium

A network engineer is performing a software upgrade on an MX router. Before upgrading, which operational command should be used to verify the current software version and the upgrade file?

A.show configuration system software
B.show system upgrade
C.show system software
D.show version
AnswerD

Shows current software version; used with 'request system software validate' for image check.

Why this answer

The 'show version' command displays the currently running Junos OS version, including the software build and release information. Before upgrading, you must verify the current version to ensure compatibility with the upgrade file, and the upgrade file itself is typically referenced by its filename or path, not shown by this command. To check the upgrade file, you would use 'file list' or 'show system software' to list available packages, but for the current version, 'show version' is the correct operational command.

Exam trap

The trap here is that candidates confuse 'show system software' (which lists installed packages) with 'show version' (which shows the running kernel), leading them to choose C, but only 'show version' directly answers the question of the current software version.

How to eliminate wrong answers

Option A is wrong because 'show configuration system software' is not a valid Junos command; configuration is displayed using 'show configuration' or 'show | display set', and software settings are under 'system' hierarchy but not with that syntax. Option B is wrong because 'show system upgrade' is not a valid Junos operational command; Junos uses 'request system software add' for upgrades and 'show system software' for package information. Option C is wrong because 'show system software' displays installed software packages and their versions, but it does not show the currently running Junos kernel version; 'show version' is the standard command for the active software release.

290
MCQeasy

A network administrator wants to view the current configuration that is actively running on a Juniper device. Which operational mode command should be used?

A.show configuration
B.show running-config
C.show active-config
D.show current-config
AnswerA

Displays the current active configuration.

Why this answer

In Junos OS, the operational mode command 'show configuration' displays the active, committed configuration currently running on the device. Unlike Cisco IOS, Junos does not use a separate 'running-config'; instead, the configuration is stored as a single candidate configuration that becomes active only after a 'commit' operation. Thus, 'show configuration' is the correct command to view the active configuration.

Exam trap

The trap here is that candidates familiar with Cisco IOS may instinctively choose 'show running-config', but Junos uses a different paradigm with 'show configuration' to display the active committed configuration.

How to eliminate wrong answers

Option B is wrong because 'show running-config' is a Cisco IOS command, not a valid Junos operational mode command; Junos uses 'show configuration' to display the active configuration. Option C is wrong because 'show active-config' is not a valid Junos command; Junos does not have an 'active-config' keyword in its operational mode. Option D is wrong because 'show current-config' is not a valid Junos command; Junos uses 'show configuration' as the standard command to view the current active configuration.

291
Drag & Dropmedium

Arrange the steps to configure a static route in Junos OS in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static routes are configured under 'routing-options static' in Junos. After setting the route, you must commit and verify.

292
MCQhard

Refer to the exhibit. An engineer runs the command shown. What does this output indicate?

A.The candidate configuration matches the committed configuration.
B.The candidate configuration has an IP address change.
C.The rollback 0 configuration is being displayed.
D.The interface ge-0/0/0 has been deleted.
AnswerB

The + and - lines indicate a change from 10.0.0.1 to 192.0.2.1.

Why this answer

The output shows the candidate configuration differs from the committed configuration, as indicated by the 'show | compare' command displaying a change under the [edit interfaces ge-0/0/0 unit 0 family inet] hierarchy. Specifically, it shows the address 192.168.1.1/24 being replaced with 192.168.1.2/24, which is an IP address change. This confirms option B is correct because the candidate configuration has an IP address change that has not yet been committed.

Exam trap

The trap here is that candidates often confuse 'show | compare' with 'show configuration | display set' or assume no output means no candidate changes exist, but in reality, 'show | compare' outputs only differences, and any output indicates a pending change that does not match the committed configuration.

How to eliminate wrong answers

Option A is wrong because the output shows a difference between the candidate and committed configurations (the IP address change), so they do not match; a matching configuration would produce no output from 'show | compare'. Option C is wrong because the command 'show | compare' compares the candidate configuration to the active (committed) configuration, not specifically to rollback 0; while rollback 0 is the most recent commit, the command compares to the current active configuration, and the output does not indicate a rollback operation. Option D is wrong because the output shows the interface ge-0/0/0 still exists with a unit and family inet configuration; only the IP address is changed, not the interface being deleted.

293
MCQmedium

Based on the exhibit, what is the most likely reason for the ping failure?

A.A firewall filter is blocking ICMP traffic.
B.The interface is disabled at the unit level.
C.The neighbor device is not configured or is unreachable.
D.The interface is administratively down.
AnswerC

The ping fails, likely because the neighbor is not configured or there is no route to 10.0.0.2.

Why this answer

The ping failure is most likely due to the neighbor device not being configured or unreachable because the output shows the interface is up (Physical link is Up) and the unit is enabled (Unit 0 is enabled), but there is no neighbor discovery or ARP entry. Without a valid next-hop or neighbor reachability, ICMP echo requests cannot be forwarded, resulting in ping failure.

Exam trap

The trap here is that candidates often assume a ping failure is due to an interface being down or a firewall filter, but the exhibit clearly shows the interface is up and enabled, so the issue must be at the network layer with neighbor unreachability.

How to eliminate wrong answers

Option A is wrong because there is no evidence of a firewall filter blocking ICMP traffic; the output does not show any applied filter or statistics indicating dropped packets. Option B is wrong because the interface is not disabled at the unit level; the output explicitly states 'Unit 0 is enabled' and shows an IP address configured. Option D is wrong because the interface is not administratively down; the output shows 'Physical link is Up' and 'Interface is up', indicating no administrative shutdown.

294
MCQeasy

A switch receives a unicast frame with a destination MAC address that is present in its MAC address table. How does the switch process the frame?

A.It sends the frame back to the source port
B.It floods the frame to all ports except the receiving port
C.It drops the frame
D.It forwards the frame only out of the port associated with that MAC address
AnswerD

The switch uses the MAC table to forward the frame only to the correct port.

Why this answer

When a switch receives a unicast frame and the destination MAC address is already in its MAC address table, it performs a lookup and forwards the frame only out of the specific port associated with that MAC address. This is the fundamental switching behavior known as 'unicast forwarding' or 'filtering,' which avoids unnecessary flooding and preserves bandwidth.

Exam trap

The trap here is that candidates often confuse the behavior for an unknown unicast (which is flooded) with a known unicast (which is forwarded only to the specific port), leading them to incorrectly select option B.

How to eliminate wrong answers

Option A is wrong because sending the frame back to the source port would create a loop and violate the basic switching principle that a frame is never forwarded out the port it was received on. Option B is wrong because flooding to all ports except the receiving port only occurs when the destination MAC address is unknown (not in the MAC table) or for broadcast/multicast frames, not for a known unicast address. Option C is wrong because the switch does not drop the frame; it has a matching entry in the MAC table and can forward it correctly to the intended destination.

295
MCQeasy

Refer to the exhibit. Which interface has an operational issue that prevents it from passing traffic?

A.ge-0/0/1
B.lo0
C.ge-0/0/2
D.ge-0/0/0
AnswerA

The link is down while administratively up, indicating a physical issue.

Why this answer

Interface ge-0/0/1 shows 'Link: DOWN' in the output, indicating a physical layer issue such as a disconnected cable, faulty transceiver, or administrative shutdown. A down link prevents any traffic from being forwarded over that interface, regardless of its protocol configuration.

Exam trap

The trap here is that candidates may focus on protocol state (e.g., 'Protocol: DOWN') or assume a loopback interface can pass transit traffic, but the key operational issue is the physical link state being down, which immediately blocks all traffic on that interface.

How to eliminate wrong answers

Option B (lo0) is wrong because the loopback interface is a virtual interface that is always up/up by default and does not have a physical link state; it is used for management and routing protocol stability, not for passing transit traffic. Option C (ge-0/0/2) is wrong because its output shows 'Link: Up' and 'Protocol: Up', meaning it is operationally capable of passing traffic. Option D (ge-0/0/0) is wrong because its output also shows 'Link: Up' and 'Protocol: Up', indicating no operational issue.

296
Matchingmedium

Match each Junos configuration hierarchy to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Configures physical and logical interfaces

Configures routing protocols

Configures routing policies and prefix lists

Configures firewall, NAT, and IPsec

Configures system parameters like hostname and NTP

Why these pairings

These are top-level configuration hierarchies in Junos.

297
MCQeasy

Refer to the exhibit. An administrator notices the /var partition is nearly full. Which command can be used to safely reclaim disk space?

A.request system reboot
B.request system storage cleanup
C.delete /var/log/messages
D.request system software delete
AnswerB

The 'request system storage cleanup' command safely removes temporary files, old logs, core files, and software images from /var and other partitions, freeing up space without risking critical data.

Why this answer

The 'request system storage cleanup' command safely removes old log files, core dumps, and other temporary files that are no longer needed, freeing up space on the /var partition without risking system stability. This is the recommended Junos method for reclaiming disk space because it targets only files that can be safely deleted.

Exam trap

The trap here is that candidates may think manually deleting log files (option C) is safe and effective, but Junos relies on its own cleanup mechanisms to avoid breaking log rotation or losing important diagnostic data.

How to eliminate wrong answers

Option A is wrong because 'request system reboot' only restarts the system and does not delete any files, so it will not reclaim disk space. Option C is wrong because manually deleting '/var/log/messages' can cause loss of critical logging data and may not be safe if the file is still being written to; Junos manages log rotation automatically, and direct deletion can disrupt that. Option D is wrong because 'request system software delete' is used to remove installed software packages, not to clean up temporary or log files, and it could inadvertently remove needed software.

298
Multi-Selecteasy

Which TWO are correct statements about the Junos configuration hierarchy?

Select 2 answers
A.The 'routing-options' hierarchy is used to configure interface IP addresses.
B.The 'interfaces' hierarchy is used to configure physical and logical interfaces.
C.The 'system' hierarchy includes settings for NTP and DNS.
D.Firewall filters are configured under 'policy-options'.
E.The 'protocols' hierarchy includes system-level settings like hostname.
AnswersB, C

Correct.

Why this answer

Option B is correct because the 'interfaces' hierarchy in Junos is specifically designed to configure both physical interfaces (e.g., ge-0/0/0) and logical interfaces (e.g., ge-0/0/0.100), including parameters like IP addresses, MTU, and VLAN tagging. This is a fundamental part of Junos configuration, as all network traffic flows through interfaces defined under this hierarchy.

Exam trap

The trap here is that candidates often confuse the purpose of 'routing-options' with interface configuration, or assume that firewall filters belong under 'policy-options' because both involve policy-like constructs, but Junos strictly separates firewall (packet filtering) from routing policy (route manipulation).

299
MCQmedium

A technician needs to monitor routing table updates in real time. Which command provides continuous output of routing changes?

A.monitor route
B.show log messages | match route
C.show route
D.show route protocol bgp
AnswerA

Provides continuous updates of routing changes.

Why this answer

The 'monitor route' command in Junos provides a real-time, continuously updating view of routing table changes as they occur. Unlike static commands that show a snapshot, this command actively tracks route additions, removals, and modifications, making it the correct choice for monitoring routing updates in real time.

Exam trap

The trap here is that candidates often confuse 'monitor route' with 'show route' or filtered log commands, assuming any command with 'route' or 'log' can provide real-time output, but only 'monitor route' offers continuous, live updates in Junos.

How to eliminate wrong answers

Option B is wrong because 'show log messages | match route' displays historical log entries filtered for the word 'route', not a continuous real-time stream of routing changes. Option C is wrong because 'show route' outputs a static snapshot of the current routing table, not a live update feed. Option D is wrong because 'show route protocol bgp' shows only BGP-learned routes in a static format, lacking the continuous monitoring capability required.

300
MCQeasy

A junior admin wants to see all commands available in operational mode that start with 'show'. What keystrokes should they use?

A.show ? + Enter
B.show ?
C.show + ?
D.show <Tab>
AnswerB

Correctly lists all subcommands available under 'show'.

Why this answer

Option B is correct because in Junos operational mode, typing 'show ?' and pressing Enter (or just 'show ?' without Enter) displays all commands that start with 'show'. The question mark (?) is the context-sensitive help key that lists available completions for the current partial command. Pressing Enter after 'show ?' is optional but acceptable; the key behavior is the space followed by ?.

Exam trap

The trap here is that candidates familiar with Cisco IOS might confuse the Junos ? help with Cisco's ? or Tab behavior, where Tab in Cisco completes the command and ? lists options, but in Junos, Tab also completes but ? with a space lists all commands starting with the partial string, not just next keywords.

How to eliminate wrong answers

Option A is wrong because 'show ? + Enter' implies pressing Enter is required, but the ? alone triggers the help output without needing Enter; also, the space before ? is correct but the phrasing is misleading. Option C is wrong because 'show + ?' suggests typing 'show' then a plus sign, which is not a valid Junos keystroke sequence; the correct syntax is a space before the question mark. Option D is wrong because pressing Tab after 'show' performs command completion (auto-completes the command if unique), not listing all commands starting with 'show'; Tab is for completion, not for displaying available options.

Page 3

Page 4 of 7

Page 5

All pages