Juniper Networks Certified Associate Junos JNCIA-Junos (JNCIA-JUNOS) — Questions 376450

514 questions total · 7pages · All types, answers revealed

Page 5

Page 6 of 7

Page 7
376
MCQhard

An engineer needs to apply a configuration change to all interfaces except the management interface (fxp0). Which approach is most efficient?

A.Manually configure each interface individually.
B.Use wildcard set with regex to match all interfaces except fxp0.
C.Create a configuration group that includes all interfaces and use apply-groups-except to exclude fxp0.
D.Use the 'set interfaces fxp0 disable' command and then apply changes to all interfaces.
AnswerC

apply-groups-except allows selective exclusion from a group.

Why this answer

Option C is correct because configuration groups with apply-groups-except allow you to define a common configuration template (e.g., all interfaces) and then selectively exclude specific interfaces (e.g., fxp0) from inheriting those settings. This approach is efficient, scalable, and avoids manual per-interface configuration or risky regex patterns that might inadvertently match unintended interfaces.

Exam trap

The trap here is that candidates may think Junos supports regex-based exclusion in wildcard set commands (like Cisco IOS does with 'interface range' and 'exclude'), but Junos wildcard set only supports simple prefix/suffix matching and cannot exclude specific interfaces, making configuration groups with apply-groups-except the correct and intended method.

How to eliminate wrong answers

Option A is wrong because manually configuring each interface individually is inefficient, error-prone, and does not scale for large numbers of interfaces. Option B is wrong because wildcard set with regex to match all interfaces except fxp0 is not supported in Junos; the wildcard set command only allows simple patterns with asterisks and cannot perform negative matching or regex exclusions. Option D is wrong because disabling the management interface (fxp0) would break out-of-band management access, and the approach does not actually exclude fxp0 from the configuration changes—it simply disables it, which is not the goal.

377
MCQhard

A router is running OSPF and iBGP. Both protocols learn a route to 10.0.0.0/8. The OSPF route is in the routing table with a preference of 10, and the iBGP route has a preference of 170. Which event would cause the iBGP route to become active?

A.The OSPF route is withdrawn.
B.Both A and C.
C.The iBGP route's metric is lower.
D.The OSPF route's preference is changed to 180.
AnswerB

Either withdrawing the OSPF route or increasing its preference above 170 allows the iBGP route to become active.

Why this answer

If the OSPF route is withdrawn, the iBGP route becomes active. Also, if the OSPF preference is increased above 170, iBGP wins. So both A and C are valid.

Option B does not apply because metric is not compared when preferences differ.

378
MCQhard

Refer to the exhibit. Which route is active for the 192.168.1.0/24 prefix?

A.Both routes are active.
B.The static route because it has a lower preference.
C.Neither route is active.
D.The OSPF route because it is marked with an asterisk.
AnswerD

The '*' indicates the active route.

Why this answer

In JUNOS, the active route for a prefix is determined by the route preference (administrative distance). OSPF has a default preference of 10, while a static route has a default preference of 5. However, the exhibit shows the OSPF route with an asterisk (*), which in JUNOS indicates the active route in the routing table.

Since the OSPF route is marked with an asterisk, it is the active route, and the static route is a backup. Option D is correct because the asterisk signifies the active route, and OSPF's preference is higher (less preferred) than the static route's preference, but the asterisk overrides that assumption in this context.

Exam trap

The trap here is that candidates often assume a static route always wins over OSPF due to its lower preference, but they overlook that the asterisk in JUNOS output directly indicates the active route, and the static route may be inactive due to next-hop unreachability or other validation failures.

How to eliminate wrong answers

Option A is wrong because both routes cannot be active for the same prefix; JUNOS selects only one active route based on the lowest preference value. Option B is wrong because although a static route has a lower preference (5) than OSPF (10), the exhibit shows the OSPF route with an asterisk, indicating it is the active route; this means the static route is not active despite its lower preference, possibly due to the static route being configured with a next-hop that is unreachable or the route being inactive for another reason. Option C is wrong because the OSPF route is marked with an asterisk, which explicitly indicates it is active in the routing table.

379
MCQeasy

Which command shows the operational status of all interfaces in a brief format?

A.show interfaces terse
B.show interfaces statistics
C.show interfaces detail
D.show configuration interfaces
AnswerA

A is correct as it shows brief operational status.

Why this answer

The 'show interfaces terse' command displays a brief, one-line summary of each interface, including its administrative status (up/down), link status, protocol status, and configured IP addresses. This is the correct command for a concise overview of all interfaces' operational state, as specified in the Junos OS documentation.

Exam trap

The trap here is that candidates often confuse 'show interfaces terse' with 'show interfaces brief' (which does not exist in Junos) or assume 'show configuration interfaces' shows operational status, when it only shows configuration data.

How to eliminate wrong answers

Option B is wrong because 'show interfaces statistics' displays detailed packet and byte counters for each interface, not a brief operational status summary. Option C is wrong because 'show interfaces detail' provides extensive configuration and operational details for each interface, including hardware information and error counters, which is verbose rather than brief. Option D is wrong because 'show configuration interfaces' displays the configured interface settings from the candidate or active configuration, not the real-time operational status of the interfaces.

380
Matchingmedium

Match each Junos system log severity level to its meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

System is unusable

Immediate action needed

Critical conditions

Error conditions

Warning conditions

Why these pairings

These are standard syslog severity levels used in Junos.

381
MCQhard

A junior administrator is told to implement configuration changes that must survive a reboot. Which statement is correct?

A.Performing a 'commit' saves the active configuration to non-volatile storage.
B.The 'commit confirmed' command ensures persistence.
C.Changes made using 'set' commands are automatically saved to the startup config.
D.The 'commit' command only writes to RAM, so a 'request system configuration save' is needed.
AnswerA

Commit writes the configuration to persistent storage, surviving reboots.

Why this answer

In Junos, the 'commit' command activates the candidate configuration and saves it to non-volatile storage (the /config directory on the flash drive), ensuring it survives a reboot. This is the standard method for making configuration changes persistent across system restarts.

Exam trap

The trap here is that candidates familiar with Cisco IOS often assume 'commit' only writes to running-config (RAM) and that a separate 'copy running-config startup-config' is needed, but in Junos, 'commit' inherently saves to non-volatile storage, making option D a common distractor.

How to eliminate wrong answers

Option B is wrong because 'commit confirmed' temporarily activates a configuration for a specified timeout period (default 10 minutes) and automatically rolls back if not confirmed with a standard 'commit', so it does not ensure persistence unless followed by a regular commit. Option C is wrong because changes made with 'set' commands are only stored in the candidate configuration in volatile memory (RAM) until explicitly committed; they are not automatically saved to the startup configuration. Option D is wrong because the 'commit' command writes the active configuration to non-volatile storage (the /config directory), not just RAM, and there is no 'request system configuration save' command in Junos (the correct command for saving the active configuration to a file is 'request system configuration rescue save' or 'save' within the CLI).

382
MCQhard

An administrator is troubleshooting a configuration issue where a route filter is unexpectedly dropping traffic. The filter uses an 'exact' match type. Which statement correctly describes the behavior of the 'exact' match type in a prefix list?

A.The route mask must be equal to or greater than the specified prefix length.
B.The route must match the prefix and prefix length exactly.
C.The prefix 0.0.0.0/0 is never matched by 'exact' filters.
D.The route mask must be greater than the specified prefix length.
AnswerB

This is the definition of 'exact' match.

Why this answer

Option B is correct because the 'exact' match type in a Junos prefix list requires the route's prefix and prefix length to match the specified prefix and length identically. This is defined in the Junos routing policy framework, where 'exact' is used for precise route filtering, such as matching a specific network like 192.168.1.0/24 without allowing any subnets or supernets.

Exam trap

The trap here is that candidates often confuse 'exact' with 'orlonger' or 'longer' match types, especially when troubleshooting route filter behavior, leading them to select options that describe less restrictive matching.

How to eliminate wrong answers

Option A is wrong because it describes the 'orlonger' match type, where the route mask must be equal to or greater than the specified prefix length, not 'exact'. Option C is wrong because the prefix 0.0.0.0/0 can be matched by an 'exact' filter if the route is exactly 0.0.0.0/0, which is a valid default route; the statement is a common misconception. Option D is wrong because it describes the 'longer' match type, where the route mask must be greater than the specified prefix length, not 'exact'.

383
MCQeasy

Which JunOS command displays the active route for a specific destination along with the outgoing interface?

A.show route 10.0.0.1 active-path
B.show route 10.0.0.1 exact
C.show route 10.0.0.1 protocol static
D.show route 10.0.0.1 table inet.0
AnswerB

This command shows the active route with next-hop and interface.

Why this answer

The 'show route <prefix> exact' command displays the active route including the next-hop and interface. Option C is correct. Option A is not a valid command.

Option B shows all routes for that prefix, not just the active one. Option D shows only static routes.

384
MCQhard

You are responsible for a Juniper MX router that connects two customer sites over a Layer 3 VPN. The router is configured with BGP for VPN routes and uses MPLS to forward traffic. Recently, the customer reported that traffic from Site A (10.0.1.0/24) to Site B (10.0.2.0/24) is intermittently failing. You check the routing table on the router and see that both routes are present with valid next-hops. However, when you ping from the router's loopback to the remote site's loopback, the ping succeeds. MPLS labels are being assigned and the LSP is up. You also notice that when the failure occurs, the router's BGP session to the remote PE is still established. The failure seems random and lasts a few seconds before recovering. Which troubleshooting step is most likely to identify the root cause?

A.Check the interface error counters for CRC errors or drops.
B.Review the forwarding table for the affected prefixes and check for any discrepancies.
C.Verify the BGP session state and check for route flapping.
D.Check the MPLS label switching table to ensure labels are correctly assigned.
AnswerB

The forwarding table may have stale entries or incorrect label operations causing intermittent forwarding failures.

Why this answer

Option B is correct because the issue is intermittent packet loss with valid routes in the routing table but successful pings from the loopback. This points to a forwarding table (FIB) inconsistency, where the control plane (routing table) has the correct next-hop, but the forwarding plane (PFE) may have a stale or incorrect entry for the specific prefixes. Checking the forwarding table with 'show route forwarding-table' will reveal if the next-hop or label information differs from the routing table, which is a classic symptom of a hardware programming issue or a transient PFE problem.

Exam trap

The trap here is that candidates assume a successful ping from the loopback confirms end-to-end forwarding, but the loopback ping uses a different path (e.g., in-band management) and does not test the specific MPLS label path for the customer prefixes, masking the forwarding table discrepancy.

How to eliminate wrong answers

Option A is wrong because CRC errors or interface drops would cause persistent or pattern-based failures, not intermittent failures that last seconds and recover, and the ping from the loopback succeeds, indicating the interface is functional. Option C is wrong because the BGP session is established and not flapping, so route flapping is not the cause; the issue is in the forwarding plane, not the control plane session. Option D is wrong because MPLS labels are correctly assigned and the LSP is up, as confirmed by the successful ping from the loopback, so the label switching table is not the source of the intermittent failure.

385
Multi-Selecthard

Which THREE of the following are characteristics of configuration groups in Junos?

Select 3 answers
A.The 'apply-groups' statement is used to specify which group(s) should be inherited.
B.A maximum of 10 groups can be applied to a single configuration statement.
C.Groups can be nested (i.e., a group can inherit another group).
D.They allow a set of configuration statements to be defined once and inherited by multiple sections.
E.Configuration groups do not allow individual statements within the group to be overridden in the main configuration.
AnswersA, C, D

'apply-groups' activates the group inheritance.

Why this answer

Option A is correct because the 'apply-groups' statement is the Junos mechanism used to inherit configuration from a named configuration group. When you define a group under the 'groups' hierarchy, you then use 'apply-groups <group-name>' at the desired hierarchy level to pull that group's configuration into that location. This allows for modular and reusable configuration blocks.

Exam trap

The trap here is that candidates often assume configuration groups are rigid and cannot be overridden, but in reality the main configuration always overrides group settings, and there is no arbitrary limit like 10 groups per statement.

386
MCQmedium

An administrator needs to grant a user read-only access to the device via SSH. Which configuration should be applied?

A.set system login user admin class operator
B.set system login user guest class read-only
C.set system login user readonly class super-user
D.set system login user guest class operator
AnswerB

This creates a user 'guest' with read-only privileges.

Why this answer

Option B is correct because the 'read-only' class in Junos provides exactly the required level of access: users can view configuration and operational data but cannot make any changes. The 'set system login user guest class read-only' command assigns the predefined 'read-only' login class to the user 'guest', which permits SSH login with read-only privileges. This matches the administrator's requirement precisely.

Exam trap

The trap here is that candidates often confuse the 'operator' class with read-only access, not realizing that 'operator' permits operational mode changes (e.g., clearing logs or rebooting), whereas only the 'read-only' class truly restricts all modifications.

How to eliminate wrong answers

Option A is wrong because the 'operator' class provides read-write access to operational commands but does not allow configuration changes; however, it is not read-only, as it permits operational mode commands like 'request' and 'clear', which modify system state. Option C is wrong because the 'super-user' class grants full read-write access to all configuration and operational commands, which is the opposite of read-only. Option D is wrong because the 'operator' class, as noted, allows operational commands that can alter system state, making it more permissive than read-only.

387
MCQeasy

Refer to the exhibit. What does the 'user' type indicate about the route?

A.The route is from the kernel.
B.The route was manually configured.
C.The route is a default route generated by the router.
D.The route was learned from a routing protocol.
AnswerB

The 'user' type indicates the route was configured by an administrator, typically as a static route.

Why this answer

Option B is correct because 'user' in the forwarding table indicates a manually configured route (e.g., static). Option A is wrong because protocol-learned routes show 'other' or specific protocol. Option C is wrong because default routes generated by the router (e.g., through router advertisement) would not show as 'user'.

Option D is wrong because kernel routes show as 'kern'.

388
Multi-Selecthard

Which TWO of the following are valid methods to load a configuration file into a Junos device?

Select 2 answers
A.load override
B.load merge
C.import configuration
D.load replace
E.load set
AnswersA, B

Correct command to replace entire configuration.

Why this answer

Option A is correct because the 'load override' command replaces the entire candidate configuration with the contents of the specified configuration file, discarding any previous candidate changes. Option B is correct because 'load merge' combines the contents of the specified configuration file with the current candidate configuration, adding or updating statements without removing existing ones. Both are standard Junos CLI commands for loading configuration data.

Exam trap

The trap here is that candidates may confuse 'load replace' or 'load set' as valid methods, but the question specifically asks for two correct methods, and only 'load override' and 'load merge' are listed as correct in this context.

389
MCQhard

Refer to the exhibit. What is the most likely cause of this BGP route being hidden?

A.The route has a higher preference than another route.
B.The BGP session to 10.0.0.2 is down.
C.The prefix 10.1.1.0/24 is filtered by an import policy.
D.The next-hop 192.168.100.1 is not reachable via any active route.
AnswerD

The reason given is 'next hop unreachable', so the next-hop is not reachable.

Why this answer

The exhibit shows the route is hidden with the reason 'next hop unreachable'. This means the next-hop IP 192.168.100.1 is not reachable via any active route in the routing table.

390
MCQmedium

Refer to the exhibit. How many active routes exist for 10.1.1.0/24?

A.1
B.2
C.0
D.3
AnswerA

Only the direct route is active, indicated by the asterisk.

Why this answer

Only one route is active (marked with '*'). The other routes are alternative routes. Option A is correct.

Option B counts all routes. Option C overcounts. Option D is incorrect because there is an active route.

391
MCQmedium

A Juniper EX switch has two VLANs configured, each with an IRB interface assigned an IP address. Pings between hosts in different VLANs fail. What is the most likely missing configuration?

A.The VLANs are not configured with the same VLAN ID
B.IP routing is not enabled globally: set routing-options router-id 10.0.0.1; set routing-options rib inet.0 static route 0.0.0.0/0 next-hop 203.0.113.1
C.The switch needs an external router configured for VLAN routing
D.The IRB interfaces are not in the same routing instance
AnswerB

Inter-VLAN routing requires IP routing to be enabled. The switch forwards between IRBs only if routing is on.

Why this answer

Option B is correct because on a Juniper EX switch, inter-VLAN routing requires IP routing to be explicitly enabled. By default, routing is disabled on Juniper switches, so even with IRB interfaces configured, traffic between VLANs will not be forwarded unless routing is enabled globally using the `set routing-options router-id` command (which activates the routing engine) and a default route is configured to provide a next-hop for inter-VLAN traffic. Without this, the switch will not perform Layer 3 forwarding between the IRB interfaces.

Exam trap

The trap here is that candidates assume IRB interfaces automatically enable inter-VLAN routing, similar to Cisco SVIs, but Juniper requires explicit routing configuration to activate Layer 3 forwarding.

How to eliminate wrong answers

Option A is wrong because VLAN IDs must be unique per VLAN, but they do not need to be the same; in fact, different VLANs must have different VLAN IDs. Option C is wrong because a Juniper EX switch can perform inter-VLAN routing internally using IRB interfaces without an external router, provided IP routing is enabled. Option D is wrong because IRB interfaces for different VLANs are typically placed in the same default routing instance (inet.0) to enable routing between them; placing them in different routing instances would isolate them, but the question states they are configured on the same switch, so the missing configuration is routing enablement, not routing instance separation.

392
MCQhard

A router has two ISIS adjacencies to the same router, both with equal metrics. The router installs both routes in the routing table and performs load balancing. The network team wants to verify that both next-hops are being used for a particular destination. Which command provides this information?

A.`show route 10.0.0.0/24 extensive`
B.`show route forwarding-table destination 10.0.0.0/24`
C.`show route protocol isis`
D.`show route 10.0.0.0/24 detail`
AnswerB

This command displays the forwarding table, which shows the actual next-hops used for forwarding, including load-balanced paths.

Why this answer

Option A is correct because `show route forwarding-table destination` shows the actual next-hops used in the forwarding plane, including load-balanced paths. Option B is wrong because `show route` with detail may show multiple next-hops but not the hardware forwarding decision. Option C is wrong because it shows all ISIS routes, not specific next-hop usage.

Option D is wrong because extensive output still shows routing table, not forwarding table.

393
MCQmedium

A network engineer suspects a hardware issue on an interface. Which command provides the most detailed hardware error counters, including CRC errors, framing errors, and runts?

A.show interfaces diagnostics optics
B.show interfaces detail
C.show interfaces extensive
D.show log messages
AnswerC

'show interfaces extensive' provides detailed statistics per interface, including input errors such as CRC, framing, runts, and output errors. It is the best command for hardware error analysis.

Why this answer

The 'show interfaces extensive' command provides the most detailed hardware error counters for a Junos interface, including CRC errors, framing errors, and runts. This command displays per-interface statistics at the physical layer, such as input errors, output errors, and specific error types like frame, runts, giants, and CRC errors, which are essential for diagnosing hardware issues.

Exam trap

The trap here is that candidates often confuse 'show interfaces detail' with 'show interfaces extensive', assuming 'detail' provides the most granular error counters, but only 'extensive' includes the full hardware error breakdown required for hardware fault diagnosis.

How to eliminate wrong answers

Option A is wrong because 'show interfaces diagnostics optics' is used to display optical transceiver diagnostics (e.g., temperature, voltage, laser bias) and does not show interface error counters like CRC or framing errors. Option B is wrong because 'show interfaces detail' provides more information than the basic output but does not include the extensive hardware error counters; it omits the per-error-type breakdown found in the extensive output. Option D is wrong because 'show log messages' displays system log messages, not real-time interface hardware error counters; it is used for troubleshooting events and errors logged by the system, not for granular interface statistics.

394
Multi-Selecteasy

Which TWO commands can be used to view the system log messages on a Juniper device? (Select two.)

Select 2 answers
A.show log dcd
B.show log messages
C.monitor start messages
D.show log file
E.show system messages
AnswersB, C

Displays and tails the current log messages.

Why this answer

Option B is correct because 'show log messages' displays the contents of the default system log file, /var/log/messages, which contains kernel, daemon, and system-level messages. Option C is correct because 'monitor start messages' provides a real-time tail of the same /var/log/messages file, allowing live monitoring of system log entries as they are written.

Exam trap

The trap here is that candidates confuse the generic 'show log' syntax with a nonexistent 'show log file' command, or they mistakenly think 'show system messages' is valid because of similarity to other vendors' commands like 'show logging' on Cisco IOS.

395
MCQeasy

A network administrator configures a static route on a Juniper device: `set routing-options static route 192.168.100.0/24 next-hop 10.0.0.1`. The administrator verifies the route is present in the routing table but notices it is not active. What is the most likely cause?

A.The route is not committed.
B.The next-hop address 10.0.0.1 is not reachable.
C.The preference of the static route is higher than 15.
D.The destination prefix is already learned via OSPF with a lower metric.
AnswerB

If the next-hop is not in the routing table, the static route is not active.

Why this answer

A static route becomes active only if the next-hop address is reachable via a directly connected or active route in the routing table. Since the administrator verified the route is present but not active, the most likely cause is that the next-hop 10.0.0.1 is not reachable (e.g., no ARP resolution or no interface with that subnet). Junos marks such routes as hidden or inactive until the next hop is reachable.

Exam trap

The trap here is that candidates often assume a static route is always active once configured and committed, overlooking Junos's requirement that the next-hop must be reachable via an active directly connected route for the route to be installed as active.

How to eliminate wrong answers

Option A is wrong because the route is already present in the routing table, which means it has been committed; an uncommitted route would not appear at all. Option B is the correct answer as explained. Option C is wrong because the default preference for static routes in Junos is 5, which is lower than 15, and a higher preference (worse) would not prevent activation—it would only affect route selection among multiple routes to the same prefix.

Option D is wrong because OSPF routes have a default preference of 10 (internal) or 150 (external), and a static route with preference 5 would be preferred over OSPF; moreover, the question states the route is not active, not that it is not preferred.

396
MCQhard

A network engineer made several configuration changes on a Juniper QFX switch to implement new VLANs. After committing the changes, the engineer realized that the new configuration caused a critical loss of connectivity to the management network. The engineer needs to revert to the previous configuration that was working. The switch is still accessible via the console port, and the engineer has privilege level access. The previous configuration was committed two commits ago, and the current active configuration is the problematic one. Which action should the engineer take to restore the previous working configuration?

A.Use 'load override /config/juniper.conf.1.gz' followed by 'commit'.
B.Use 'delete system' to remove all configuration and then commit.
C.Execute 'rollback 0' followed by 'commit'.
D.Execute 'rollback 1' followed by 'commit'.
AnswerD

Rollback 1 reverts to the configuration that was committed before the current one, which is the working configuration. Commit activates it.

Why this answer

Option D is correct because the 'rollback 1' command reverts the candidate configuration to the configuration that was active one commit prior to the current active configuration. Since the engineer needs to go back two commits from the current state, and the current active configuration is the problematic one, 'rollback 1' retrieves the configuration from the previous commit (the working one). After the rollback, a 'commit' makes that configuration active, restoring connectivity.

Exam trap

The trap here is confusing the rollback numbering: candidates often think 'rollback 0' reverts to a previous configuration, but it actually refers to the current active configuration, while 'rollback 1' is needed to go back one commit (the previous working state).

How to eliminate wrong answers

Option A is wrong because '/config/juniper.conf.1.gz' is the backup of the configuration that was active one commit ago, but using 'load override' loads that file into the candidate configuration without automatically applying it; however, the correct rollback command is simpler and more appropriate, and 'juniper.conf.1.gz' corresponds to the configuration before the last commit, not two commits ago. Option B is wrong because 'delete system' removes all system configuration, which would cause a complete loss of management access and is an irreversible destructive action, not a targeted rollback. Option C is wrong because 'rollback 0' reverts to the current active configuration (the problematic one), which does nothing to restore the previous working configuration.

397
MCQhard

A company has two Juniper routers in a high-availability cluster with dual Routing Engines. The administrator performs a commit on the primary RE. What is the effect of using the 'commit synchronize' command?

A.It performs a commit check on both REs but does not activate the config.
B.It commits the configuration on both Routing Engines simultaneously.
C.It commits the configuration only on the primary RE.
D.It commits the configuration only on the backup RE.
AnswerB

Synchronizes the commit to the backup RE.

Why this answer

The 'commit synchronize' command on Juniper routers with dual Routing Engines ensures that the configuration is committed on both the primary and backup REs simultaneously. This is critical for maintaining configuration consistency in a high-availability cluster, as it prevents a split-brain scenario where the backup RE has a different active configuration than the primary. The command performs a full commit (including validation and activation) on both REs, not just a check.

Exam trap

The trap here is that candidates often confuse 'commit synchronize' with 'commit check' or assume it only affects one RE, failing to recognize that Juniper's high-availability design requires explicit synchronization to maintain configuration consistency across both Routing Engines.

How to eliminate wrong answers

Option A is wrong because 'commit synchronize' performs a full commit (validation and activation) on both REs, not just a commit check; the 'commit check' command is used for validation only. Option C is wrong because 'commit synchronize' explicitly commits on both REs, not only the primary; committing only on the primary would leave the backup out of sync. Option D is wrong because 'commit synchronize' commits on both REs, not only the backup; committing only on the backup would not update the primary's active configuration.

398
MCQhard

An engineer is configuring multiple static routes to the same destination for redundancy. The primary link uses 192.168.1.1 and the backup uses 192.168.2.1. They want the backup to be used only when the primary next-hop is unreachable. Which configuration is correct?

A.Configure the primary with a lower preference and the backup with a higher preference.
B.Configure the primary with a higher preference and the backup with a lower preference.
C.Configure two static routes with equal preferences; the active route will be chosen based on next-hop IP.
D.Configure the routes with the same preference but use a policy to set metric.
AnswerA

Lower preference is more preferred; when primary fails, backup takes over.

Why this answer

Configure the primary with a lower preference and the backup with a higher preference. When the primary is reachable, it is preferred due to lower preference. If it fails, the backup with higher preference becomes active.

Option A would not provide deterministic failover. Option C would make backup primary. Option D is not applicable.

399
Multi-Selecthard

A junior administrator is learning to navigate the Junos CLI. Which three statements about CLI modes are correct? (Choose three.)

Select 3 answers
A.Operational mode is indicated by a > prompt.
B.Configuration mode is entered using the 'configure' command.
C.The 'commit' command is available in both operational and configuration modes.
D.You can switch from configuration mode to operational mode using the 'exit configuration' command.
E.You can execute operational mode commands from configuration mode by prefixing with 'run'.
AnswersA, B, E

Correct; the prompt ends with '>' in operational mode.

Why this answer

Option A is correct because the Junos CLI uses the '>' character to indicate operational mode, which is the default mode for monitoring and troubleshooting the device. In this mode, you can execute commands like 'show' and 'ping' but cannot make configuration changes.

Exam trap

The trap here is that candidates familiar with Cisco IOS may assume the 'commit' command is available in both modes, but in Junos it is strictly a configuration-mode command, and the 'exit configuration' command is a common misremembering of the correct syntax 'exit' or 'exit configuration-mode'.

400
Multi-Selectmedium

Which two commands display the IPv4 unicast routing table? (Choose two.)

Select 2 answers
A.show ip route
B.show route protocol ospf
C.show route
D.show route table inet.0
E.show routing
AnswersC, D

Shows the default routing table (inet.0).

Why this answer

Option C is correct because the 'show route' command without any filters displays the entire IPv4 unicast routing table (inet.0) by default in Junos OS. Option D is correct because 'show route table inet.0' explicitly targets the main IPv4 unicast routing table, which is the default routing instance's inet.0 table.

Exam trap

The trap here is that candidates familiar with Cisco IOS may incorrectly choose 'show ip route' (Option A) or 'show routing' (Option E), not realizing Junos uses the 'show route' command and organizes routing information into named tables like inet.0.

401
MCQhard

A network technician needs to clear all BGP sessions and force BGP to re-establish peering relationships. Which command should they use?

A.clear bgp summary
B.clear bgp restart
C.clear bgp all
D.clear bgp statistics
AnswerC

Clears all BGP sessions, causing re-establishment.

Why this answer

Option C is correct because the 'clear bgp all' command in Junos resets all BGP sessions by clearing the BGP routing table and forcing the protocol to re-establish peering relationships from scratch. This is the standard Junos command to tear down and restart all BGP adjacencies, triggering new OPEN messages and route exchanges.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'clear ip bgp *' to be the equivalent, but Junos uses 'clear bgp all' instead, and the wrong options mimic Cisco-style commands that do not exist or have different effects in Junos.

How to eliminate wrong answers

Option A is wrong because 'clear bgp summary' only clears the BGP summary statistics counters (e.g., number of prefixes received/sent) without affecting BGP sessions or peering state. Option B is wrong because 'clear bgp restart' is not a valid Junos command; Junos uses 'restart' as a routing protocol process restart (e.g., 'restart routing'), not for BGP sessions. Option D is wrong because 'clear bgp statistics' clears BGP statistics and counters but does not reset or re-establish BGP peering sessions.

402
MCQmedium

A Junos device has multiple configuration files saved. Which command shows the available rollback configurations?

A.show system configuration
B.show system rollback
C.show configuration | display rollback
D.show system commit
AnswerD

B shows commit history with rollback IDs.

Why this answer

Option D is correct because the 'show system commit' command displays a list of all committed configuration revisions, including their commit IDs and timestamps, which are used to roll back to a previous configuration. The rollback feature in Junos relies on these stored commit files, and the command explicitly shows the available rollback points.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect a 'show rollback' command to list available rollbacks, but Junos uses 'show system commit' for this purpose, and 'show system rollback' only shows the content of a specific rollback when given an ID.

How to eliminate wrong answers

Option A is wrong because 'show system configuration' is not a valid Junos command; the correct command to view the current active configuration is 'show configuration'. Option B is wrong because 'show system rollback' is not a valid command; the correct command to view a specific rollback configuration is 'show system rollback <id>', but it does not list available rollback configurations. Option C is wrong because 'show configuration | display rollback' is not a valid syntax; the correct way to view a specific rollback configuration is 'show configuration rollback <id>', and the 'display rollback' option is used with 'show system commit' to show the configuration differences, not to list available rollbacks.

403
MCQmedium

An engineer needs to configure a static route on a Juniper device. Which statement is true regarding the configuration process?

A.The set command activates the change for 10 minutes by default.
B.Configuration changes must be committed to become active.
C.The configuration is immediately active upon entering the set command.
D.The commit command requires a reboot to take effect.
AnswerB

In Junos, changes are made to the candidate configuration and require a commit to become active.

Why this answer

In Junos, configuration changes are made in a candidate configuration and do not take effect until explicitly committed using the 'commit' command. This two-phase model (edit then commit) ensures that changes are validated before activation, preventing partial or incorrect configurations from disrupting network operations. Option B correctly identifies this requirement.

Exam trap

The trap here is that candidates familiar with Cisco IOS, where 'set' or 'configure terminal' commands take effect immediately, mistakenly assume Junos behaves the same way, overlooking the mandatory commit step.

How to eliminate wrong answers

Option A is wrong because the 'set' command does not activate a change for any duration; it merely modifies the candidate configuration, which remains inactive until committed. Option C is wrong because the configuration is not immediately active upon entering the 'set' command; Junos uses a commit model where changes only become active after a successful 'commit'. Option D is wrong because the 'commit' command does not require a reboot; it applies the candidate configuration to the active configuration dynamically without restarting the device.

404
MCQhard

A Juniper device fails to boot and stops at the 'loader>' prompt. What is the most likely cause of this issue?

A.Bad boot device or missing kernel
B.Corrupted configuration file
C.Hardware failure of the power supply
D.Missing root password
AnswerA

If the boot device is missing or the kernel file is corrupted, the boot loader cannot proceed, resulting in the loader prompt.

Why this answer

When a Juniper device stops at the 'loader>' prompt, it indicates that the boot process has failed to locate or load the kernel (juniper-kernel) from the boot device (e.g., internal flash, USB, or hard disk). This is typically caused by a corrupted boot device, missing kernel image, or incorrect boot device selection in the boot loader (UBoot or CFE). The loader prompt is a low-level environment used for recovery, not a sign of configuration or authentication issues.

Exam trap

The trap here is that candidates confuse a boot loader failure (loader prompt) with a configuration or authentication issue, assuming that any boot problem is due to a corrupted config or password, when in fact the loader prompt specifically indicates a missing or inaccessible kernel.

How to eliminate wrong answers

Option B is wrong because a corrupted configuration file would cause the device to boot but fail to load the configuration, resulting in the 'amnesiac' state or a request to enter recovery mode, not a stop at the 'loader>' prompt. Option C is wrong because a power supply failure would prevent the device from powering on at all, not allow it to reach the boot loader stage. Option D is wrong because a missing root password does not affect the boot process; it only prevents login after the system has fully booted, and recovery can be performed via the console or root password recovery procedure.

405
MCQhard

During troubleshooting, an engineer needs to view real-time logging messages on a Junos device. Which command should be used?

A.file show /var/log/messages
B.monitor start messages
C.show log messages
D.traceoptions
AnswerB

Displays real-time log messages.

Why this answer

The 'monitor start messages' command enables real-time, tail-like display of the /var/log/messages log file on a Junos device, allowing the engineer to view new log entries as they are generated. This is the correct command for live troubleshooting because it continuously updates the terminal with incoming syslog messages, unlike static file viewing commands.

Exam trap

The trap here is that candidates often confuse 'show log messages' (a static snapshot) with 'monitor start messages' (a live streaming view), because both involve the 'messages' log file, but only the latter provides real-time output.

How to eliminate wrong answers

Option A is wrong because 'file show /var/log/messages' displays the entire contents of the log file at once, not in real-time, and is not suitable for monitoring live events. Option C is wrong because 'show log messages' displays the current contents of the messages log file but does not provide a live, streaming view; it shows a snapshot. Option D is wrong because 'traceoptions' is a configuration statement used to enable debug logging for specific protocols or features, not a command to view real-time log output.

406
MCQmedium

An administrator wants to drop traffic destined to the 10.10.10.0/24 network without sending an ICMP unreachable message back to the source. Which static route option should be used?

A.reject
B.discard
C.next-table
D.resolve
AnswerB

Discard drops traffic silently, no ICMP notification.

Why this answer

The correct answer is C. The 'discard' option drops traffic silently without generating ICMP unreachable, while 'reject' sends an ICMP unreachable. 'Next-table' forwards to another routing table, and 'resolve' requires a resolvable next-hop. Therefore, discard is the appropriate choice.

407
MCQmedium

An administrator suspects that routing protocol updates are being sent to an incorrect next-hop. Which command can be used to capture and analyze the routing protocol packets on an interface?

A.show log messages | match ospf
B.show route forwarding-table
C.show ospf neighbor detail
D.monitor traffic interface ge-0/0/0.0
AnswerD

This command captures all packets on the interface for analysis.

Why this answer

The 'monitor traffic' command captures packets on an interface and allows analysis of routing updates. Option D is correct. Option A shows the forwarding table, not captures.

Option B shows log files but not real-time capture. Option C shows OSPF neighbor state, not packet contents.

408
MCQmedium

Refer to the exhibit. An engineer has made changes to the candidate configuration. What will happen when the engineer issues the 'commit' command?

A.The commit will succeed but the security policy will be ignored due to a syntax error.
B.Only the interface address change will be committed because security policies require a reboot.
C.The configuration will be validated; if errors exist, the commit will fail.
D.Both the interface address and security policy will be activated.
AnswerD

Commit activates all changes in the candidate configuration.

Why this answer

Option D is correct because in Junos, the 'commit' command activates all changes in the candidate configuration atomically. Both the interface address change and the security policy will be applied simultaneously after validation. Junos does not require a reboot for security policy changes, and syntax errors cause the commit to fail, not be ignored.

Exam trap

The trap here is that candidates may think security policies require a reboot (a common misconception from other platforms) or that syntax errors are silently ignored, but Junos enforces strict validation and atomic commits.

How to eliminate wrong answers

Option A is wrong because Junos performs full syntax and semantic validation during commit; a syntax error would cause the commit to fail, not be ignored. Option B is wrong because security policies in Junos are activated immediately upon commit without requiring a reboot; only certain hardware or kernel-level changes might need a reboot. Option C is wrong because while validation does occur, if errors exist the commit fails, but the question implies no errors are present, so the commit will succeed and activate both changes.

409
MCQmedium

A network engineer is configuring a new Juniper device and needs to ensure that the configuration is saved persistently across reboots. Which command should be used?

A.save
B.request system reboot
C.show configuration
D.commit
AnswerD

Commits the candidate configuration to the active configuration, ensuring persistence across reboots.

Why this answer

The `commit` command activates the candidate configuration and saves it to the active configuration database, ensuring it persists across reboots. Without a commit, any changes made in candidate mode are lost when the device restarts.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly think `save` or `write memory` is the equivalent command, but Junos requires an explicit `commit` to persist changes.

How to eliminate wrong answers

Option A is wrong because `save` is not a valid Junos CLI command; the correct command to write configuration to a file is `save configuration <filename>`, but it does not activate or persist the configuration across reboots. Option B is wrong because `request system reboot` triggers a system restart but does not save any uncommitted configuration changes; any unsaved candidate configuration would be discarded. Option C is wrong because `show configuration` only displays the current active configuration; it does not save or persist any changes.

410
Multi-Selecthard

Which THREE commands are used for operational monitoring of routing protocols?

Select 3 answers
A.show isis adjacency
B.show ospf neighbor
C.show interfaces terse
D.show bgp summary
E.show arp
AnswersA, B, D

Shows IS-IS adjacencies.

Why this answer

The 'show isis adjacency' command is used to verify the state of IS-IS neighbor adjacencies, which is a core operational monitoring task for the IS-IS routing protocol. It displays the interface, neighbor system ID, level, and adjacency state (e.g., Up, Down, Initializing), allowing an engineer to confirm that IS-IS neighbors are properly established.

Exam trap

The trap here is that candidates may confuse general interface or Layer 2 monitoring commands (like 'show interfaces terse' or 'show arp') with protocol-specific operational monitoring commands, leading them to select options that do not actually show routing protocol state.

411
MCQmedium

A junior administrator wants to view only the operational state of interface ge-0/0/1, including its link status and protocol state. Which command should they use?

A.show interface ge-0/0/1
B.show interfaces ge-0/0/1 terse
C.show configuration interfaces ge-0/0/1
D.show interfaces ge-0/0/1 extensive
AnswerB

Shows link and protocol status in brief format.

Why this answer

Option B is correct because the 'show interfaces ge-0/0/1 terse' command displays a concise operational state of the interface, including link status (up/down) and protocol state (up/down) without configuration details. This is the standard Junos command for quickly verifying the operational status of a specific interface.

Exam trap

The trap here is that candidates familiar with Cisco IOS might type 'show interface' (singular) instead of the Junos plural 'show interfaces', or they might choose 'extensive' thinking more detail is better, when 'terse' is the precise tool for a quick operational state check.

How to eliminate wrong answers

Option A is wrong because 'show interface ge-0/0/1' is an invalid command in Junos; the correct syntax uses the plural 'interfaces'. Option C is wrong because 'show configuration interfaces ge-0/0/1' displays the configuration stanza for the interface, not its operational state. Option D is wrong because 'show interfaces ge-0/0/1 extensive' provides detailed operational and statistical data, which is more than the junior administrator needs for just link and protocol state.

412
MCQhard

During a network outage, a router is unresponsive via SSH. You have console access but the console displays 'Amnesiac (ttyd0)' prompt. What is the most likely cause and recovery action?

A.The router lost its configuration; load the rescue configuration using 'rollback rescue-config' or 'load override /config/rescue.conf.gz' then commit
B.The router's boot device failed; need to replace hardware
C.The router booted from backup media; run 'request system software add' to reinstall Junos
D.The router's flash memory is corrupted; perform a full reinstall via USB
AnswerA

The 'Amnesiac' prompt occurs when Junos boots but finds no valid configuration, often after 'request system zeroize' or storage failure. Loading the rescue configuration is the standard recovery procedure.

Why this answer

The 'Amnesiac (ttyd0)' prompt indicates the router has booted without a valid configuration file in the /config directory. This typically occurs after a 'request system zeroize' command, a failed commit that corrupted the configuration, or a storage issue that prevented the configuration from loading. The recovery action is to load a previously saved rescue configuration using 'rollback rescue-config' or 'load override /config/rescue.conf.gz' and then commit, which restores the router to a known working state.

Exam trap

The trap here is that candidates confuse the 'Amnesiac' prompt with a hardware failure or boot media issue, when it is actually a configuration recovery scenario that can be resolved with a simple rollback to the rescue configuration.

How to eliminate wrong answers

Option B is wrong because a boot device failure would prevent the router from booting entirely, not just cause a missing configuration; the 'Amnesiac' prompt specifically indicates the OS loaded but no config was found. Option C is wrong because booting from backup media (e.g., alternate boot device) would still load the configuration if it exists; the prompt indicates a missing config, not a boot media issue, and 'request system software add' is for installing or upgrading Junos, not for recovering a lost configuration. Option D is wrong because flash memory corruption would likely cause boot failures or file system errors, not a clean boot to the 'Amnesiac' prompt; a full reinstall via USB is an extreme measure that is unnecessary when a rescue configuration is available.

413
MCQmedium

An administrator needs to see which interfaces are configured and their current operational status in a concise format. Which command provides this information?

A.show interfaces
B.show configuration interfaces
C.show interfaces terse
D.show interfaces descriptions
AnswerC

Correctly provides a one-line summary per interface including admin and operational status.

Why this answer

The 'show interfaces terse' command displays a concise, table-like output listing all interfaces (including logical units) along with their administrative status (up/down) and operational status (up/down). This is the most efficient way to see both configured interfaces and their current state in a compact format, as required by the question.

Exam trap

The trap here is that candidates familiar with Cisco IOS often expect 'show interfaces' to be the concise status command, but in Junos, 'show interfaces terse' is the equivalent of 'show ip interface brief' — a distinction that catches those who assume cross-platform command similarity.

How to eliminate wrong answers

Option A is wrong because 'show interfaces' provides detailed per-interface statistics and configuration, which is verbose and not concise. Option B is wrong because 'show configuration interfaces' displays the configured interface hierarchy from the candidate or active configuration, not the current operational status. Option D is wrong because 'show interfaces descriptions' shows only the description field for interfaces, not their operational status.

414
Multi-Selecteasy

Which TWO statements are true about the Junos configuration hierarchy?

Select 2 answers
A.Configuration is organized into two main hierarchies: system and interfaces.
B.The configuration is divided into a hierarchical tree.
C.Each configuration statement is terminated by a semicolon.
D.Configuration must be entered in a specific order.
E.It is a flat structure with no grouping.
AnswersB, C

Junos configuration follows a hierarchical tree structure.

Why this answer

The Junos configuration is organized as a hierarchical tree structure, where configuration statements are grouped under various hierarchy levels (e.g., 'system', 'interfaces', 'protocols'). Each statement in this tree is terminated by a semicolon, which is a fundamental syntax rule inherited from the Junos OS CLI. This hierarchical model allows for modular, structured configuration management.

Exam trap

The trap here is that candidates often assume configuration must be entered in a specific order (like Cisco IOS), but Junos allows any order because the hierarchy is defined by the structure, not the sequence of commands.

415
MCQhard

An operator wants to monitor the temperature and voltage sensors on a Juniper chassis. Which command displays current sensor readings?

A.show chassis environment
B.show chassis hardware
C.show system health
D.show log messages | match temperature
AnswerA

'show chassis environment' displays temperature, voltage, and fan status for the chassis components. It is the standard command for environmental monitoring.

Why this answer

The 'show chassis environment' command displays real-time sensor readings for temperature, voltage, and fan status on Juniper devices. It is the standard operational command for monitoring chassis environmental health, directly matching the operator's requirement to check temperature and voltage sensors.

Exam trap

The trap here is that candidates may confuse 'show chassis hardware' (static inventory) with 'show chassis environment' (dynamic sensor data), or assume 'show system health' is a valid Junos command when it is not.

How to eliminate wrong answers

Option B is wrong because 'show chassis hardware' lists installed components (like FRUs, serial numbers, and part numbers) but does not display dynamic sensor readings such as temperature or voltage. Option C is wrong because 'show system health' is not a valid Junos command; the correct command for system health checks is 'request system health' or 'show chassis environment'. Option D is wrong because 'show log messages | match temperature' filters system log messages for temperature-related entries, but it does not show current sensor readings—it only displays historical log events that may be outdated or incomplete.

416
MCQmedium

You are a network administrator for a large enterprise. You have a Juniper SRX firewall that is used as the primary internet gateway. Users are reporting that they are unable to access certain external websites. You check the device and find that the security policies appear correct, and the routing is in place. You suspect that the issue might be related to the DNS resolution. You want to verify that the device can resolve DNS names and that the DNS server configuration is correct. Which command should you use to test DNS resolution from the Juniper device?

A.show system connections
B.ping <external website FQDN>
C.traceroute <external website FQDN>
D.show dns name-server
AnswerB

Pinging a hostname will trigger DNS resolution; if it fails, DNS may be misconfigured.

Why this answer

Option B is correct because the `ping` command with a fully qualified domain name (FQDN) forces the Juniper device to perform a DNS resolution before sending ICMP echo requests. If the device cannot resolve the FQDN, the ping will fail with a 'hostname not found' error, directly indicating a DNS configuration or reachability issue. This tests both the DNS server configuration and the device's ability to resolve names, which is essential for verifying DNS functionality.

Exam trap

The trap here is that candidates often confuse `show dns name-server` with a valid operational command, but Junos uses `show configuration system name-server` to view DNS server settings, and the `ping` command with an FQDN is the standard method to test live DNS resolution from the device.

How to eliminate wrong answers

Option A is wrong because `show system connections` displays active TCP/UDP connections and their states, not DNS resolution capabilities or configuration. Option C is wrong because `traceroute` with an FQDN also triggers DNS resolution, but it is designed to trace the path to the destination and is less direct for simply testing DNS resolution; a failed traceroute could be due to routing or firewall issues rather than DNS. Option D is wrong because `show dns name-server` is not a valid Junos command; the correct command to view DNS server configuration is `show configuration system name-server`.

417
MCQeasy

What is the default behavior when a user logs in to a Junos device and enters configuration mode?

A.The user must first commit before making changes.
B.The user can edit the candidate configuration.
C.The user can only view the configuration.
D.The user directly modifies the active configuration.
AnswerB

B is correct; candidate config is edited.

Why this answer

When a user enters configuration mode on a Junos device, they are placed into a private copy of the candidate configuration. This allows the user to make changes without affecting the active configuration until a commit operation is performed. Option B correctly describes this default behavior.

Exam trap

The trap here is that candidates familiar with Cisco IOS may assume changes are applied immediately (like in 'configure terminal'), but Junos requires an explicit commit to activate changes, and the candidate configuration is a separate, editable copy.

How to eliminate wrong answers

Option A is wrong because the user does not need to commit before making changes; they can edit the candidate configuration freely, and only a commit activates those changes. Option C is wrong because the user can edit the configuration in configuration mode, not just view it; viewing is the default in operational mode. Option D is wrong because Junos uses a separate candidate configuration; changes are not directly applied to the active configuration until explicitly committed.

418
MCQeasy

A network administrator notices that the CPU utilization on an MX240 router has been consistently above 90% for the past hour. Users are reporting intermittent connectivity issues. The administrator logs in and runs 'show system processes extensive' which shows the Routing Protocol Daemon (rpd) consuming 70% of the CPU. Further investigation reveals that the router has over 5000 BGP prefixes from multiple peers. The administrator suspects that the high CPU is due to continuous route processing. What should the administrator do to immediately reduce CPU load while maintaining network stability?

A.Perform a 'show log messages' to check for errors before taking action
B.Apply a prefix-limit on each BGP session to restrict the number of prefixes received
C.Bounce all BGP sessions by clearing them with 'clear bgp neighbor *'
D.Disable BGP multipath to reduce route processing
AnswerB

Prefix limits reduce the number of routes rpd must process, directly lowering CPU usage.

Why this answer

Applying a prefix-limit on each BGP session immediately restricts the number of prefixes the router will accept from peers. This prevents the Routing Protocol Daemon (rpd) from processing excessive BGP updates, reducing CPU load while maintaining network stability by keeping existing sessions and routes intact. The prefix-limit action (e.g., with a teardown threshold) ensures the router does not accept more prefixes than it can handle, directly addressing the root cause of high CPU usage.

Exam trap

The trap here is that candidates may confuse diagnostic actions (like checking logs) or disruptive resets (like clearing all BGP sessions) with immediate corrective measures, overlooking the targeted, non-disruptive solution of applying prefix limits to control route processing load.

How to eliminate wrong answers

Option A is wrong because checking logs ('show log messages') is a diagnostic step that does not reduce CPU load; it only gathers information, which is not an immediate action to alleviate the high CPU caused by continuous route processing. Option C is wrong because bouncing all BGP sessions with 'clear bgp neighbor *' would temporarily drop all BGP peers, causing a complete loss of routing information and network instability, and the CPU spike would likely recur when sessions re-establish and process the same 5000+ prefixes again. Option D is wrong because disabling BGP multipath does not reduce the number of prefixes being processed; it only affects how multiple equal-cost paths are used for forwarding, not the volume of route processing by rpd.

419
Multi-Selecthard

Which TWO statements correctly describe Junos configuration hierarchy and management?

Select 2 answers
A.The 'deactivate' command permanently removes a configuration statement from the candidate.
B.The 'load merge' command imports configuration from a file and merges it with the current candidate configuration.
C.The candidate configuration is a separate copy that does not affect the active configuration until committed.
D.The 'set' command in configuration mode directly modifies the active configuration.
E.In operational mode, the 'show' command displays the candidate configuration.
AnswersB, C

'load merge' combines the file content with the existing candidate.

Why this answer

Option B is correct because the 'load merge' command in Junos imports configuration data from a file and merges it with the current candidate configuration, preserving existing statements unless explicitly overridden. This allows incremental changes without replacing the entire configuration, which is essential for efficient network operations.

Exam trap

The trap here is confusing the Junos candidate/active model with Cisco IOS's direct 'running-config' modification, leading candidates to think 'set' changes the active config or that 'deactivate' removes statements permanently.

420
MCQmedium

An engineer configures two static routes to 172.16.0.0/16 with next-hops 10.0.1.1 and 10.0.2.1, both with the same preference and same metric. How does Junos handle traffic to this prefix?

A.It uses active/passive selection.
B.It load balances via ECMP.
C.It uses only the first configured route.
D.It drops traffic due to ambiguity.
AnswerB

Equal-cost multipath is enabled by default for static routes with equal preferences.

Why this answer

The correct answer is C. Junos supports equal-cost multipath (ECMP) by default for static routes with the same preference and metric. Traffic is load-balanced across both next-hops.

Option A is incorrect because active/passive is not default. Option B is incorrect because both routes are considered. Option D is incorrect because traffic is forwarded.

421
MCQhard

You are the network engineer for a mid-sized enterprise with a Juniper MX router running Junos. The router has two uplinks to the internet: one to ISP-A via ge-0/0/0 (10.0.0.1/30) and one to ISP-B via ge-0/0/1 (10.0.0.5/30). You have configured static default routes to both ISPs: one to 10.0.0.2 and one to 10.0.0.6. Both routes have the same preference (default 5) and metric. You enabled ECMP to load-balance outbound traffic. After testing, you notice that all traffic is being sent only to ISP-A, and none to ISP-B. You verify that both interfaces are up and that the next-hop addresses are reachable. You check the routing table and see both routes are active but with different next-hop counts. What is the most likely cause of the traffic not being load-balanced?

A.One of the static routes resolves to multiple next hops, causing imbalance.
B.ECMP is not enabled in the forwarding-options.
C.The route to ISP-B is not active.
D.Hash-based load balancing requires per-packet configuration.
AnswerA

If one route resolves to multiple next hops, it may appear as multiple routes, skewing load balancing.

Why this answer

When both static default routes have the same preference and metric, Junos installs both in the routing table. However, ECMP load-balancing requires that each route resolve to a single next hop. If one static route resolves to multiple next hops (e.g., through a recursive lookup to a prefix with multiple paths), the route with a single next hop (ISP-A) becomes the sole active path for forwarding, while the multi-next-hop route (ISP-B) is not used for load balancing.

This explains why all traffic goes to ISP-A despite both routes being present.

Exam trap

The trap here is that candidates assume both routes are equally valid for ECMP simply because they appear in the routing table, but they overlook how recursive resolution can cause one route to have multiple next hops, breaking the equal-cost multipath condition.

How to eliminate wrong answers

Option B is wrong because ECMP is enabled by default in Junos when multiple equal-cost routes exist; no explicit 'forwarding-options' configuration is required for basic ECMP. Option C is wrong because the scenario states both routes are active in the routing table, so the route to ISP-B is indeed active. Option D is wrong because hash-based load balancing is the default behavior for ECMP in Junos; per-packet configuration is not needed for load balancing to occur, and the issue here is not about load-balancing mode but about next-hop resolution.

422
MCQhard

Refer to the exhibit. The administrator has verified that the remote router's interface uses PPP encapsulation. What is the most likely cause of the link not passing traffic?

A.The interface has a speed mismatch.
B.The encapsulation type is mismatched.
C.The interface is using the wrong IP address.
D.The interface is administratively down.
AnswerB

Correct. HDLC and PPP are incompatible encapsulation types, preventing data transmission.

Why this answer

Option C is correct. The exhibit shows the local interface is configured with HDLC encapsulation, while the remote uses PPP. This encapsulation mismatch prevents Layer 2 communication.

Options A and B are incorrect because the physical link is up and enabled. Option D is incorrect because an IP address mismatch would allow Layer 2 connectivity but prevent Layer 3 routing.

423
MCQmedium

A Junos device fails to boot and enters the loader prompt. Which command should be used to boot the device into the Junos kernel from the loader prompt?

A.load kernel
B.boot device
C.boot
D.boot /kernel
AnswerD

This command boots the Junos kernel from the loader.

Why this answer

When a Junos device fails to boot and drops to the loader prompt (U-Boot or similar), the correct command to manually load the Junos kernel is 'boot /kernel'. This command instructs the bootloader to locate and execute the kernel file from the default filesystem path. Option D is correct because it specifies the full path to the kernel, which is required at the loader prompt to initiate the Junos OS boot process.

Exam trap

The trap here is that candidates familiar with generic bootloaders might assume 'boot' alone is sufficient, but Junos requires the explicit path '/kernel' at the loader prompt to bypass automatic boot attempts and force a manual kernel load.

How to eliminate wrong answers

Option A is wrong because 'load kernel' is not a valid command at the Junos loader prompt; the loader uses 'boot' to start execution, not 'load'. Option B is wrong because 'boot device' is not a standard command; the loader expects a path to a specific file, not a generic device reference. Option C is wrong because 'boot' alone is ambiguous and may attempt to boot from a default location, but it does not guarantee loading the Junos kernel from the correct path, especially if the boot device or file system is corrupted.

424
MCQmedium

Your data center uses Juniper QFX5110 switches as leaf nodes in a Virtual Chassis Fabric (VCF) topology with QFX5100 as spine nodes. You are adding a new QFX5110 leaf node to the fabric. The new switch is physically connected to all spine nodes as per the cabling guidelines. However, after powering on the new switch, it does not automatically join the fabric. The existing fabric shows the new switch's member ID as 8, but it remains in 'standalone' state. The VCF has been operational for several months without issues. You check the configuration on the existing VC and notice that the 'virtual-chassis' configuration does not include the new member. What is the most likely reason the new switch does not join?

A.The new switch is running a different version of Junos that is not compatible with the fabric
B.The new switch does not have the same virtual-chassis ID configured as the existing fabric
C.The new switch is only connected to one spine node, and VCF requires full mesh connections to all spines
D.The new switch has 'set virtual-chassis no-split-detection' enabled, preventing it from joining
AnswerB

The virtual chassis ID must be the same across all members; otherwise, they cannot form a VCF.

Why this answer

In a Virtual Chassis Fabric (VCF), all member switches must share the same virtual-chassis ID to be recognized as part of the same fabric. The existing fabric has a configured virtual-chassis ID, but the new QFX5110, by default, has a different or no virtual-chassis ID set. Without a matching virtual-chassis ID, the new switch cannot join the fabric and remains in 'standalone' state, even though it is physically connected and assigned a member ID.

Exam trap

The trap here is that candidates may assume a switch with a member ID assigned has successfully joined the fabric, but in VCF, member ID assignment happens early in the discovery process and does not guarantee full integration—the switch must also have a matching virtual-chassis ID to move out of 'standalone' state.

How to eliminate wrong answers

Option A is wrong because Junos supports mixed software versions in a VCF only if they are within the same major release train and compatible; the question states the fabric has been operational for months, and version incompatibility would typically cause a different error (e.g., 'version mismatch') rather than a 'standalone' state with a member ID assigned. Option C is wrong because VCF does not require full mesh connections to all spines; the cabling guidelines for VCF typically require each leaf to be connected to at least two spines for redundancy, but a single connection would not prevent the switch from joining—it would still join and then potentially have forwarding issues. Option D is wrong because 'set virtual-chassis no-split-detection' is a feature used to disable split-brain detection in a Virtual Chassis (not VCF) and is not relevant to a new switch joining a VCF; it does not prevent a switch from joining the fabric.

425
Multi-Selectmedium

Which TWO statements correctly describe the use of the 'monitor traffic' command in Junos?

Select 2 answers
A.It captures packets from the Routing Engine only.
B.It can filter packets using the 'matching' option to capture only specific traffic.
C.It captures packets on a specific interface and displays them in real-time.
D.It requires a reboot to start capturing packets.
E.It reads packets from a previously saved pcap file.
AnswersB, C

Correct: 'monitor traffic matching <protocol>' filters packets.

Why this answer

Option B is correct because the 'monitor traffic' command in Junos supports a 'matching' option that allows you to specify a filter (e.g., 'matching "icmp"') to capture only packets that match the given criteria, reducing noise and focusing on specific traffic types. Option C is correct because 'monitor traffic interface <interface-name>' captures packets on a specified interface and displays them in real-time, which is useful for live troubleshooting.

Exam trap

The trap here is that candidates often confuse 'monitor traffic' with 'monitor interface' or assume it requires a reboot, but Junos captures live traffic without any system restart, and the 'matching' option is a powerful BPF-based filter that works exactly like tcpdump's filter syntax.

426
MCQmedium

Refer to the exhibit. An administrator wants to see authentication-related logs like SSH logins. In the current configuration, which log file contains this information?

A.utmp
B.interactive-commands
C.security
D.messages
AnswerB

The authorization facility logs authentication events to the interactive-commands file.

Why this answer

Option B is correct because the 'interactive-commands' log file is specifically designed to capture user-executed commands, including authentication-related events such as SSH login attempts and command execution. In Junos, this log is enabled by default and records all interactive CLI commands, which includes the authentication phase of SSH sessions.

Exam trap

The trap here is that candidates often confuse 'interactive-commands' with 'messages' or 'security' logs, assuming authentication events are always in the security log, but Junos specifically segregates CLI and authentication logs into the interactive-commands file.

How to eliminate wrong answers

Option A is wrong because utmp is a Unix-style file that tracks currently logged-in users, not historical authentication logs; Junos does not use utmp for persistent logging of SSH logins. Option C is wrong because the 'security' log file is used for security-related events like firewall filters, NAT, and IPsec, not for authentication or SSH login logs. Option D is wrong because the 'messages' log file contains general system messages (e.g., kernel, interface, and daemon events) but does not specifically capture interactive command or authentication logs.

427
MCQmedium

A technician is troubleshooting a connectivity issue and needs to see the path packets take to a remote host. Which Junos command is appropriate?

A.traceroute
B.monitor interface
C.ping
D.show route
AnswerA

Traces the path to the remote host.

Why this answer

The `traceroute` command in Junos is the correct tool for tracing the path packets take to a remote host. It sends UDP probes with increasing TTL values and listens for ICMP Time Exceeded messages from intermediate routers, revealing each hop along the route. This directly matches the technician's need to see the path packets take.

Exam trap

The trap here is that candidates often confuse `ping` (which tests reachability) with `traceroute` (which shows the path), leading them to select ping when the question explicitly asks for the path packets take.

How to eliminate wrong answers

Option B is wrong because `monitor interface` is used to display real-time interface statistics and traffic counters, not to trace the path packets take to a remote host. Option C is wrong because `ping` only tests reachability and measures round-trip time to a destination, but it does not reveal the specific hops or path taken. Option D is wrong because `show route` displays the local routing table entries on the Junos device, not the actual path packets traverse through the network to a remote host.

428
Multi-Selecthard

Which THREE are valid methods to exit configuration mode in Junos? (Choose three.)

Select 3 answers
A.exit configuration-mode
B.commit and-quit
C.commit check
D.exit (at the top of the hierarchy)
E.quit
AnswersA, B, D

Exits configuration mode.

Why this answer

Option A is correct because 'exit configuration-mode' is a valid operational mode command that explicitly exits from configuration mode back to operational mode. This command is used when you are at the top of the configuration hierarchy and want to leave the configuration CLI session.

Exam trap

The trap here is that Cisco engineers often expect 'quit' to work (as it does in IOS), but Junos does not recognize 'quit' as a valid command, and 'commit check' is a validation command that does not exit configuration mode.

429
MCQmedium

A network operator needs to backup the current configuration to a file on the local flash. Which command accomplishes this?

A.request system configuration rescue save
B.save /var/tmp/backup.conf
C.commit and-quit
D.show configuration | save /var/tmp/backup.conf
AnswerB

The 'save' command in configuration mode writes the current configuration to the specified file.

Why this answer

Option B is correct because the `save` command in operational mode writes the current active configuration to a specified file path, such as `/var/tmp/backup.conf`. This directly meets the requirement to backup the configuration to a file on local flash without affecting the candidate configuration or committing changes.

Exam trap

The trap here is that candidates confuse `save` (operational mode, writes active config to a file) with `show configuration | save` (which also works but is a pipe-based method that can introduce subtle differences in file format, and Juniper exams expect the direct `save` command as the standard approach).

How to eliminate wrong answers

Option A is wrong because `request system configuration rescue save` saves the current active configuration as the rescue configuration, not to an arbitrary file path like `/var/tmp/backup.conf`. Option C is wrong because `commit and-quit` commits the candidate configuration and exits configuration mode, but does not save a backup copy to a file. Option D is wrong because `show configuration | save /var/tmp/backup.conf` saves the output of `show configuration` (which displays the active configuration) to a file, but this is a pipe to `save` that writes the text output, not a direct configuration backup command; it works but is less standard and can include formatting artifacts, whereas `save` is the proper operational-mode command for this task.

430
Multi-Selectmedium

Which TWO statements about the 'commit' operation in Junos are correct?

Select 2 answers
A.The commit operation validates syntax before applying, and if errors are found, the commit fails.
B.The commit operation automatically rolls back changes after 10 minutes if not confirmed.
C.The commit operation allows you to commit only a specific portion of the configuration.
D.The commit operation applies the configuration changes at the next system reboot.
E.The commit operation activates the candidate configuration as the new active configuration.
AnswersA, E

Commit includes a syntax check and fails if errors exist.

Why this answer

Option A is correct because the 'commit' operation in Junos first validates the candidate configuration for syntax errors and semantic consistency. If any errors are detected, the commit fails and the candidate configuration remains unchanged, preventing invalid configurations from being applied.

Exam trap

The trap here is confusing the standard 'commit' with 'commit confirmed', which includes a 10-minute rollback timer, and assuming that Junos allows partial commits like some other platforms (e.g., Cisco's 'commit' with 'only' option).

431
MCQhard

A router is experiencing intermittent packet loss. The engineer runs 'show interfaces ge-0/0/0 extensive' and notices a high number of input errors but no output errors. What is the most likely cause?

A.The cable is too long
B.A faulty transceiver
C.MTU mismatch
D.The interface is oversubscribed
AnswerB

Faulty optics can cause input errors.

Why this answer

A high number of input errors with no output errors on a Juniper interface typically indicates a Layer 1 issue at the receiving end. A faulty transceiver can cause signal degradation, leading to CRC errors, framing errors, or alignment errors, all of which are counted as input errors. Since output errors are absent, the problem is not with the router's transmission but with the incoming signal quality.

Exam trap

The trap here is that candidates often confuse input errors with output drops or oversubscription, but input errors are strictly Layer 1 physical-layer issues, not congestion or configuration mismatches.

How to eliminate wrong answers

Option A is wrong because a cable that is too long would likely cause both input and output errors due to signal attenuation and timing issues, not exclusively input errors. Option C is wrong because an MTU mismatch typically causes packet drops at the IP layer (often seen as 'giants' or 'fragmentation needed' counters) and would not manifest as a high number of input errors on the physical interface; it would more likely cause output errors or discards. Option D is wrong because an oversubscribed interface would show output drops or congestion-related discards, not input errors; input errors are physical-layer issues, not capacity-related.

432
MCQhard

Your enterprise network uses Juniper EX4300 switches in a collapsed core design with RSTP (802.1w) as the Layer 2 loop prevention protocol. You add a new EX2300 switch to an access closet and connect it to two different core switches using two uplink interfaces configured in an LACP LAG. After connecting the new switch, you notice intermittent connectivity issues across the entire network, with some devices reporting temporary packet loss. The issue occurs sporadically, especially during configuration changes or when links flap. You suspect the problem is related to RSTP. Upon investigation, you see that the new switch's uplink interfaces are both in the forwarding state, but occasionally one of them transitions to blocking and then back to forwarding. What is the most likely cause of the intermittent issues?

A.The LACP system priority is set too low on the new switch, causing it to lose LACP negotiations
B.The LAG is not recognized as a single logical link by RSTP, causing RSTP to see two separate links and create a loop
C.The uplink interfaces are configured as alternate ports instead of root ports
D.The new switch has a different root bridge priority, causing it to become the root and disrupting topology
AnswerB

RSTP should treat a LAG as one link, but if the LAG is not configured correctly (e.g., missing 'lacp' or 'aggregate' statements), RSTP can see separate links and cause a loop, leading to intermittent blocking.

Why this answer

B is correct because RSTP (802.1w) treats each physical interface in a LAG as a separate link unless the LAG is explicitly configured as a logical interface (ae interface) on Junos. When the two uplinks are not bundled into a single ae interface, RSTP sees two separate links between the new switch and the core, creating a loop. This causes RSTP to block one of the links to break the loop, and when the link flaps or configuration changes occur, the port transitions between blocking and forwarding, leading to intermittent packet loss across the network.

Exam trap

The trap here is that candidates assume LACP automatically bundles interfaces into a single logical link for all Layer 2 protocols, but RSTP operates at the port level and requires the ae interface to treat the LAG as one link; without it, RSTP sees multiple links and blocks one, causing intermittent connectivity.

How to eliminate wrong answers

Option A is wrong because LACP system priority affects which switch controls the LAG during negotiation, but it does not cause RSTP to see separate links; even with correct LACP negotiation, if the interfaces are not configured as a logical ae interface, RSTP still treats them as individual links. Option C is wrong because alternate ports are a normal RSTP role for backup paths and do not inherently cause intermittent issues; the problem is that RSTP is actively blocking one of the LAG member links to prevent a loop, not that the ports are in an alternate role. Option D is wrong because a different root bridge priority would cause a new root election, but the question states the new switch's uplinks are both in forwarding state initially, and the issue is specifically related to RSTP blocking one link due to loop detection, not a root bridge change.

433
MCQhard

A company is deploying an EVPN-VXLAN fabric with Juniper QFX switches. To provide inter-subnet routing, which interface type must be configured?

A.Physical interface with vlan-tagging
B.VXLAN tunnel endpoint (VTEP)
C.IRB interface
D.Loopback interface
AnswerC

IRB provides Layer 3 gateway for VLANs.

Why this answer

In an EVPN-VXLAN fabric, Integrated Routing and Bridging (IRB) interfaces are required to provide inter-subnet routing. IRB interfaces act as Layer 3 gateways within the VXLAN overlay, enabling routing between different VLANs/VXLANs by terminating both the bridge domain and the routing instance. Without IRB, traffic cannot be routed between subnets in the EVPN-VXLAN fabric.

Exam trap

The trap here is that candidates often confuse VTEPs (which handle tunneling) with the routing function, mistakenly thinking that configuring a VTEP alone enables inter-subnet routing, when in fact an IRB interface is required to act as the Layer 3 gateway.

How to eliminate wrong answers

Option A is wrong because a physical interface with vlan-tagging is used for trunking multiple VLANs on a single physical port, but it does not provide Layer 3 routing between subnets in an EVPN-VXLAN fabric. Option B is wrong because a VXLAN tunnel endpoint (VTEP) is responsible for encapsulating and decapsulating VXLAN traffic, but it does not perform routing; routing requires a separate logical interface like IRB. Option D is wrong because a loopback interface is a virtual interface used for management, OSPF router ID, or BGP peering, but it cannot serve as a gateway for inter-subnet routing in the overlay.

434
Multi-Selecteasy

Which TWO commands can be used to enter configuration mode from operational mode? (Choose two.)

Select 2 answers
A.edit
B.set
C.configure
D.config
E.terminal
AnswersA, C

Typing 'edit' at the operational prompt enters configuration mode.

Why this answer

The 'edit' command is correct because it is the primary method to enter configuration mode from operational mode in Junos OS. When you type 'edit' at the operational mode prompt, you are placed into configuration mode, where you can modify the candidate configuration. This command is equivalent to 'configure' and is commonly used for entering the configuration hierarchy.

Exam trap

The trap here is that Cisco engineers often expect 'config terminal' or 'configure terminal' as the way to enter configuration mode, but Junos uses 'configure' or 'edit' without the 'terminal' keyword, and 'config' alone is not a valid command.

435
MCQmedium

A static route with a next-hop of 10.0.0.1 is configured, but the route is not appearing in the active routing table. The output of `show route 10.0.0.1` shows that 10.0.0.1 is reachable via an OSPF route with preference 10. What is the most likely reason the static route is not active?

A.The OSPF route has a lower metric than the static route.
B.The static route's next-hop is not directly connected.
C.The static route is configured with a qualified-next-hop that fails.
D.The static route has a higher preference than OSPF.
AnswerC

A qualified-next-hop condition can prevent the static route from becoming active.

Why this answer

Option A is correct because the static route may be configured with a qualified-next-hop that is not satisfied. Option B is wrong because static route preference (5) is lower than OSPF (10), so static should be active. Option C is wrong because next-hop reachable via OSPF should allow static route to be active.

Option D is wrong because metric is not compared across protocols.

436
Multi-Selecthard

A route is present in the routing table but is not active. Which three conditions could explain this? (Choose three.)

Select 3 answers
A.A route with a lower preference exists for the same destination.
B.The route is hidden due to a firewall filter.
C.The route is an aggregate route.
D.The next-hop is unreachable.
E.The route is a static route with a qualified-next-hop that is not satisfied.
AnswersA, D, E

A route with lower preference (more preferred) will be active, making the other route inactive.

Why this answer

A route with a lower preference (administrative distance) is preferred for the same destination prefix. In JUNOS, the route with the lowest preference value is installed as the active route in the forwarding table. If a route has a higher preference, it remains in the routing table as a backup but is not marked as active.

Exam trap

The trap here is that candidates often confuse firewall filters with routing policy or route filters, thinking they can hide routes, but firewall filters operate on packet forwarding, not on the routing table itself.

437
MCQhard

Refer to the exhibit. An engineer runs the command but sees no output. What is the most likely reason?

A.The pipe (|) is not supported with 'display set'.
B.The interface ge-0/0/0 is not configured.
C.The interface name is misspelled.
D.The command syntax is incorrect.
AnswerB

Most likely the interface does not exist in config.

Why this answer

The command 'show configuration | display set' outputs the configuration in a set-based format. If there is no output, it means the configuration is empty or the specified interface does not exist. In this case, the interface ge-0/0/0 is not configured, so the filter 'display set' returns no lines for that interface.

Option B is correct because an unconfigured interface yields no configuration output.

Exam trap

The trap here is that candidates may assume the pipe command is unsupported or that the syntax is wrong, when in fact the absence of output is due to the interface not being configured in the candidate or active configuration.

How to eliminate wrong answers

Option A is wrong because the pipe (|) is fully supported with 'display set' in Junos; it is a standard filter to convert configuration to set commands. Option C is wrong because the interface name 'ge-0/0/0' is correctly spelled (gigabit-ethernet 0/0/0) and is a valid Junos interface designation. Option D is wrong because the command syntax 'show configuration | display set' is correct and commonly used to display the active configuration in a compact, set-based format.

438
MCQeasy

A network engineer needs to configure an interface on a Juniper device to use DHCP to obtain an IP address. Which hierarchy is used to apply this configuration?

A.set interfaces ge-0/0/0 unit 0 family inet dhcp
B.set interfaces ge-0/0/0 dhcp-client
C.set interfaces ge-0/0/0 unit 0 family inet6 dhcp
D.set interfaces ge-0/0/0 unit 0 family ppp dhcp
AnswerA

Correctly enables DHCP client on the specified interface.

Why this answer

Option A is correct because on Juniper devices, DHCP client functionality for IPv4 is configured under the `family inet` hierarchy within a logical interface unit. The command `set interfaces ge-0/0/0 unit 0 family inet dhcp` enables the interface to obtain an IPv4 address via DHCP, which is the standard method for dynamic address assignment on Ethernet interfaces.

Exam trap

The trap here is that Cisco engineers often expect DHCP client configuration to be applied directly under the physical interface (like `ip address dhcp` on Cisco IOS), but Junos requires it under the logical unit and address family hierarchy, leading candidates to choose option B.

How to eliminate wrong answers

Option B is wrong because `set interfaces ge-0/0/0 dhcp-client` is not a valid Junos configuration hierarchy; DHCP client settings must be applied under the logical unit and address family, not directly under the physical interface. Option C is wrong because `family inet6 dhcp` is used for DHCPv6 (IPv6), not for obtaining an IPv4 address via DHCP, which is the requirement in the question. Option D is wrong because `family ppp dhcp` is not a standard Junos configuration; PPP interfaces use different mechanisms (like IPCP) for address assignment, and DHCP is not applied under `family ppp`.

439
MCQeasy

A network administrator wants to view the current candidate configuration that has not yet been committed. Which command should be used?

A.show configuration | display set
B.show configuration
C.show configuration | compare rollback 0
D.show interface terse
AnswerB

Shows the candidate configuration.

Why this answer

The command 'show configuration' displays the current candidate configuration that has been staged but not yet committed. In Junos, the candidate configuration is stored separately from the active (committed) configuration, and this command shows all uncommitted changes. Option B is correct because it directly retrieves the candidate configuration without any comparison or filtering.

Exam trap

The trap here is that candidates confuse 'show configuration' (candidate) with 'show configuration | compare rollback 0' (diff), thinking the latter shows the full candidate config, but it only shows changes, not the entire configuration.

How to eliminate wrong answers

Option A is wrong because 'show configuration | display set' displays the candidate configuration in set notation format, but the pipe to 'display set' is a formatting option, not the core command for viewing the candidate config; the base command 'show configuration' is still needed, and the question asks for the command itself, not a variant. Option C is wrong because 'show configuration | compare rollback 0' compares the candidate configuration to the most recently committed configuration (rollback 0), which shows differences rather than the full candidate configuration. Option D is wrong because 'show interface terse' displays a summary of interface status and configuration, not the candidate configuration at all.

440
MCQeasy

What is the default preference of a direct route in Junos?

A.0
B.10
C.5
D.15
AnswerA

Direct routes have preference 0.

Why this answer

Direct routes in Junos have a default preference of 0, which is the highest possible preference (lowest numerical value). This ensures that directly connected routes are always preferred over any other route type, including static routes (preference 5) and OSPF internal routes (preference 10). The preference value is used by Junos to select the best route when multiple routes exist to the same destination.

Exam trap

The trap here is that candidates often confuse Junos route preferences with Cisco administrative distances, where directly connected routes have an AD of 0 in Cisco as well, but Junos uses the term 'preference' and the values differ for other route types (e.g., static is 5 in Junos vs. 1 in Cisco).

How to eliminate wrong answers

Option B (10) is wrong because 10 is the default preference for OSPF internal routes, not direct routes. Option C (5) is wrong because 5 is the default preference for static routes in Junos, not direct routes. Option D (15) is wrong because 15 is not a default preference for any common route type in Junos; it may be confused with the preference for IS-IS Level 1 routes (15) or OSPF external routes (150).

441
MCQmedium

An engineer configures a static route to 192.168.0.0/16 with next-hop 172.16.1.1. The router has a directly connected route for 172.16.1.0/30 via interface ge-0/0/0.1. However, the static route appears as 'hidden' in the routing table. What is the most likely cause?

A.The static route preference is set too high
B.The next-hop address 172.16.1.1 is unreachable
C.The static route has not been committed
D.The static route is a discard route
AnswerB

If the next-hop is unreachable, the route is hidden because the router cannot resolve it.

Why this answer

A hidden static route typically means the next-hop is not reachable. Option D correctly identifies this. Option A is incorrect because high preference does not cause hidden; it may not be active but still visible.

Option B is incorrect because a discard route would be flagged as 'discard'. Option C is incorrect because the route is committed if it appears in the configuration.

442
Multi-Selectmedium

Which TWO methods can be used to restore a previous configuration on a Juniper device? (Select two.)

Select 2 answers
A.load override /config/rescue.conf
B.commit confirmed
C.rollback 1
D.load replace previous
E.rollback 0
AnswersA, C

Loads the rescue configuration, which is a backup.

Why this answer

Option A is correct because the 'load override /config/rescue.conf' command replaces the entire candidate configuration with the contents of the rescue configuration file, effectively restoring a previously saved baseline configuration. The rescue configuration is a special, manually saved configuration that persists across reboots and can be used to recover from configuration errors.

Exam trap

The trap here is that candidates often confuse 'rollback 0' with restoring a previous configuration, not realizing that rollback 0 refers to the current active configuration, while rollback 1 or higher is needed to access a prior committed configuration.

443
MCQeasy

Which command is used to view the terminal history of commands entered by the user?

A.show system commit
B.show cli history
C.show configuration
D.show log messages
AnswerB

This shows the history of CLI commands in the current session.

Why this answer

The 'show cli history' command displays the list of previously entered CLI commands in the current session, allowing users to recall and re-execute them. This is a Junos-specific command that provides a terminal history feature, distinct from the commit history or system logs.

Exam trap

The trap here is that candidates often confuse 'show system commit' (which shows configuration commit history) with 'show cli history' (which shows the terminal command history), as both involve 'history' but serve entirely different purposes.

How to eliminate wrong answers

Option A is wrong because 'show system commit' displays the commit history (list of configuration changes committed), not the terminal command history. Option C is wrong because 'show configuration' displays the current active configuration, not the CLI command history. Option D is wrong because 'show log messages' displays system log messages (syslog entries), not the user's command history.

444
MCQmedium

Refer to the exhibit. Why is the route via 10.0.0.1 selected as the active route?

A.It has a lower metric
B.It has a lower cost
C.It is an older route
D.It has a lower preference
AnswerD

Preference 10 is lower than 150, so it is preferred.

Why this answer

The correct answer is B. The active route has preference 10, while the alternative has preference 150. In Junos, the route with the lower preference is preferred.

Option A is incorrect because metric (1 vs 20) is not considered since preferences differ. Option C is incorrect because cost is not a separate factor; metric is the OSPF cost. Option D is incorrect because route age is not a tie-breaker when preferences differ.

445
Multi-Selectmedium

Which THREE operational commands are used to monitor interface statistics and status? (Select three.)

Select 3 answers
A.show interfaces terse
B.monitor interface
C.show interfaces
D.show log interfaces
E.show interfaces diagnostics
AnswersA, B, C

Shows a concise status of all interfaces.

Why this answer

Option A is correct because 'show interfaces terse' provides a concise summary of all interfaces, including their administrative and operational status (up/down) and protocol states, making it ideal for a quick health check. Option B is correct because 'monitor interface' is a real-time operational command that continuously displays interface statistics and status updates, useful for live traffic observation. Option C is correct because 'show interfaces' displays detailed interface statistics, including packet counts, errors, and operational status, which is the primary command for in-depth interface monitoring.

Exam trap

The trap here is that candidates may confuse 'show log interfaces' with the valid 'show log' command or mistakenly think 'show interfaces diagnostics' is a catch-all command, when in reality Junos requires specific sub-commands like 'show interfaces diagnostics optics' for optics monitoring.

446
Multi-Selecthard

Which THREE statements correctly describe the behavior of the 'replace pattern' command in Junos configuration mode?

Select 3 answers
A.It validates the replacement configuration for correctness before applying.
B.It automatically commits the changes after replacement.
C.It can be used to change interface names or IP addresses throughout the configuration.
D.It operates on the candidate configuration, not the active configuration.
E.It uses regular expressions to match and replace text patterns in the configuration.
AnswersC, D, E

Common use case for bulk changes.

Why this answer

Option C is correct because the 'replace pattern' command in Junos configuration mode uses regular expressions to find and replace text strings across the entire candidate configuration, making it ideal for bulk changes such as renaming interfaces or updating IP addresses. This command operates on the candidate configuration (option D) and relies on regex patterns (option E), but it does not validate the replacement syntax (option A) nor automatically commit changes (option B).

Exam trap

The trap here is that candidates often assume 'replace pattern' performs validation or auto-commits, confusing it with other Junos commands like 'load replace' or 'commit check', when in fact it is a simple text substitution tool that requires a separate commit to take effect.

447
MCQeasy

Refer to the exhibit. How many next hops are installed for the 10.1.1.0/24 route?

A.4
B.2
C.3
D.1
AnswerB

Two next hops are shown: one active (with '>') and another without.

Why this answer

The exhibit shows two next hops: 192.168.1.1 and 192.168.2.1. Both are installed as part of an ECMP or redundancy setup.

448
MCQhard

Two routers are connected via a point-to-point Ethernet link. They are configured with IP addresses in the same subnet, but OSPF does not form an adjacency. The link is up/up. What is a likely cause?

A.The routers are in different OSPF areas
B.OSPF authentication is configured on one router but not the other
C.The routers have the same router ID
D.The OSPF hello and dead intervals are mismatched
AnswerD

Routers must match hello and dead intervals to form an adjacency.

Why this answer

OSPF requires that Hello and Dead intervals match between neighbors on a point-to-point link to form an adjacency. Even though the link is up/up and IP addresses are in the same subnet, mismatched timers prevent the routers from agreeing on neighbor state, so no adjacency forms.

Exam trap

The trap here is that candidates often assume IP connectivity or subnet matching is sufficient for OSPF adjacency, but OSPF has strict timer matching requirements that are frequently tested as a subtle failure cause.

How to eliminate wrong answers

Option A is wrong because OSPF routers in different areas can still form an adjacency over a point-to-point link as long as they share a common area; area mismatch would prevent adjacency only if they are not configured with a shared area. Option B is wrong because OSPF authentication mismatch (one router configured, the other not) would cause authentication failures in OSPF packets, preventing adjacency, but this is not the most likely cause given the question's context of a simple point-to-point Ethernet link. Option C is wrong because identical router IDs would cause a conflict, but OSPF will still attempt to form an adjacency and may log a duplicate ID error; however, the most common and direct cause of no adjacency with a working link is mismatched Hello/Dead intervals.

449
MCQhard

During a maintenance window, an engineer plans to replace a line card. Which command sequence is most appropriate to gracefully deactivate the card before removal?

A.request chassis pic slot <slot> offline; request chassis fpc <slot> offline
B.delete interfaces fxp0
C.set interfaces <name> disable
D.request system reboot
AnswerA

Gracefully deactivates the PIC and FPC.

Why this answer

Option A is correct because the 'request chassis fpc <slot> offline' command gracefully deactivates the Flexible PIC Concentrator (FPC) by stopping traffic, closing sessions, and powering down the line card safely. The 'request chassis pic slot <slot> offline' command is used for individual PICs, but for a full line card (FPC), the FPC-level command is the appropriate sequence to ensure no traffic disruption or hardware damage during removal.

Exam trap

The trap here is that candidates may confuse PIC-level and FPC-level commands, thinking 'request chassis pic slot <slot> offline' alone is sufficient for a line card, when the FPC command is required to deactivate the entire card including all its PICs and power supply.

How to eliminate wrong answers

Option B is wrong because 'delete interfaces fxp0' removes the management Ethernet interface configuration, which would disrupt out-of-band management access but does not deactivate the line card or its traffic. Option C is wrong because 'set interfaces <name> disable' only administratively disables a specific interface, not the entire line card or its PICs, and does not gracefully power down the hardware. Option D is wrong because 'request system reboot' restarts the entire Junos OS, which is disruptive and unnecessary for a single line card replacement, and does not target the specific card for graceful deactivation.

450
MCQmedium

A network administrator wants to add a new interface configuration to the candidate configuration while preserving all existing candidate changes. Which command should be used?

A.load merge terminal
B.load replace terminal
C.load override terminal
D.load set terminal
AnswerA

Merges the new configuration with the existing candidate, preserving other changes.

Why this answer

The 'load merge terminal' command is correct because it allows you to add new interface configuration statements to the candidate configuration by entering them line by line in the terminal, merging them with any existing candidate changes without overwriting them. This preserves all previously staged modifications while incorporating the new interface settings, which is essential for incremental configuration updates in Junos.

Exam trap

The trap here is that candidates often confuse 'load merge terminal' with 'load set terminal', mistakenly thinking that 'set' commands always merge, but in Junos, 'load set terminal' replaces the entire candidate configuration with the provided set commands, similar to 'load override'.

How to eliminate wrong answers

Option B is wrong because 'load replace terminal' replaces the entire candidate configuration with the entered configuration, discarding all existing candidate changes, which does not preserve them. Option C is wrong because 'load override terminal' completely overwrites the candidate configuration with the entered configuration, removing any prior changes. Option D is wrong because 'load set terminal' expects configuration commands in 'set' format but still replaces the entire candidate configuration with the entered set commands, not merging with existing changes.

Page 5

Page 6 of 7

Page 7

All pages