Juniper Networks Certified Associate Junos JNCIA-Junos (JNCIA-JUNOS) — Questions 451514

514 questions total · 7pages · All types, answers revealed

Page 6

Page 7 of 7

451
MCQmedium

A network engineer notices that traffic to a critical server is being dropped intermittently. The server is reachable via a static route on the Juniper router. The engineer checks the routing table and sees the route is present. Which operational command should the engineer use next to isolate the issue?

A.show interfaces terse
B.show route 10.0.0.1
C.show arp
D.show route forwarding-table destination 10.0.0.1
AnswerD

Shows the forwarding table entry used by the PFE.

Why this answer

Option D is correct because the `show route forwarding-table destination 10.0.0.1` command displays the actual forwarding entry in the kernel's forwarding table (FIB). Even if the route is present in the routing table (RIB), a mismatch between the RIB and FIB can cause traffic drops. This command directly verifies whether the route has been installed into the forwarding table, isolating the issue to a possible hardware or kernel programming failure.

Exam trap

The trap here is that candidates assume a route present in the routing table guarantees it is being used for forwarding, but Junos separates control plane (RIB) from forwarding plane (FIB), so the FIB must be checked separately to identify programming failures.

How to eliminate wrong answers

Option A is wrong because `show interfaces terse` only displays interface status and configuration, not the routing or forwarding state for a specific destination. Option B is wrong because `show route 10.0.0.1` shows the route in the routing table (RIB), which the engineer already confirmed is present; it does not reveal whether the route is correctly programmed into the forwarding table (FIB). Option C is wrong because `show arp` displays the ARP cache for resolving next-hop MAC addresses, but the issue is about traffic being dropped despite a valid route, not about Layer 2 resolution failures.

452
Multi-Selecthard

Which THREE statements about the Junos OS file system are true? (Choose three.)

Select 3 answers
A.The /etc directory contains all log files
B.The /altroot directory is used for user-uploaded files
C.The active configuration is stored in the /config directory
D.Log files are typically stored in /var/log
E.The file system is UNIX-like with directories such as /, /var, /config
AnswersC, D, E

The file juniper.conf.gz is in /config.

Why this answer

Option C is correct because the active configuration in Junos OS is stored as a file named `junos.conf` in the `/config` directory. This file is used by the system to load the running configuration at boot time, and it is distinct from the candidate configuration stored in `/var/db/config`.

Exam trap

The trap here is that candidates confuse the `/etc` directory (which stores system configs, not logs) with the standard Linux convention, or they mistakenly think `/altroot` is for user files instead of its actual purpose as a backup root filesystem.

453
MCQhard

What permission bit must be included in a custom login class to allow a user to execute the ping command?

A.view
B.control
C.system
D.network
AnswerD

network permission allows diagnostic tools like ping and traceroute.

Why this answer

The correct answer is D, network. In Junos, the 'network' permission bit controls access to network diagnostic commands such as ping, traceroute, and ssh. Without this permission, a user cannot execute these commands even if they have other permissions like view or control.

Exam trap

The trap here is that candidates often assume 'view' or 'control' permissions are sufficient for basic troubleshooting commands, but Junos requires the specific 'network' permission bit for any command that sends or receives network traffic.

How to eliminate wrong answers

Option A is wrong because 'view' permission allows read-only access to configuration and operational data, but does not permit execution of diagnostic commands like ping. Option B is wrong because 'control' permission allows modifying the configuration and managing system operations, but does not grant access to network diagnostic commands. Option C is wrong because 'system' permission controls system-level commands such as halt, reboot, and file system operations, not network diagnostic tools like ping.

454
MCQmedium

A Juniper router is configured with two static routes to the same destination network, both with the same preference. One route has a metric of 5, the other a metric of 10. Which route will be installed in the routing table?

A.Neither route is installed because they conflict
B.The route with metric 5 is installed
C.The route with metric 10 is installed
D.Both routes are installed with equal preference
AnswerB

Lower metric is preferred when preference is equal.

Why this answer

In JUNOS, when multiple static routes to the same destination have the same preference (administrative distance), the route with the lower metric is selected for installation in the routing table. Here, metric 5 is lower than metric 10, so the route with metric 5 is installed. This behavior follows the standard route selection process where preference is evaluated first, then metric (also called cost or next-hop metric) as a tiebreaker.

Exam trap

The trap here is that candidates often confuse metric with preference or assume that both routes will be installed for load balancing, but JUNOS requires equal metrics (and equal preferences) for ECMP, not just equal preferences.

How to eliminate wrong answers

Option A is wrong because static routes to the same destination with different metrics do not conflict; JUNOS can select one based on metric when preference is equal. Option C is wrong because the route with metric 10 is not installed; the lower metric (5) is preferred, not the higher one. Option D is wrong because both routes are not installed with equal preference; only the best metric route is installed, and JUNOS does not install multiple equal-preference static routes to the same destination unless they have equal metrics (and even then, only one is typically active).

455
MCQmedium

A network engineer notices that the device is not accepting any configuration changes. The engineer suspects the configuration database is locked. Which command can be used to confirm if the configuration is locked and by which session?

A.show system rollback compare
B.show system commit
C.show system configuration lock
D.show system database
AnswerC

Shows configuration lock information.

Why this answer

Option C is correct because the 'show system configuration lock' command displays information about any current configuration database locks, including the session ID, user, and time the lock was acquired. This directly confirms whether the configuration is locked and by which session, allowing the engineer to identify the blocking session.

Exam trap

The trap here is that candidates may confuse 'show system configuration lock' with other 'show system' commands like 'show system commit' or 'show system rollback', which serve different purposes and do not reveal lock information.

How to eliminate wrong answers

Option A is wrong because 'show system rollback compare' is used to compare configuration rollback snapshots, not to check for configuration locks. Option B is wrong because 'show system commit' displays the commit history and status, not information about active configuration locks. Option D is wrong because 'show system database' is not a valid Junos command; the correct command for database-related information is 'show system database' does not exist—the relevant command for lock information is 'show system configuration lock'.

456
MCQhard

Refer to the exhibit. A network administrator configured a static route to 10.0.0.0/24 with next-hop 192.168.1.1. The route is not appearing in the active routing table. What is the most likely reason?

A.The next-hop address is not reachable.
B.The route is a reject route.
C.The route is being overridden by an OSPF route with lower preference.
D.The static route preference is too high.
AnswerA

Correct: the exhibit shows 'Next hop type: Unreachable', meaning 192.168.1.1 is not reachable, so the route is not installed.

Why this answer

The exhibit shows the route's next-hop type as 'Unreachable', indicating that 192.168.1.1 is not reachable. Option B is correct. Option A is incorrect because the preference of 5 is low, and a higher preference would make it less preferred, but the route is not active due to next-hop unreachability.

Option C is incorrect: if an OSPF route with lower preference (higher priority) existed, it would be active, but the static route would still be present as a backup; the exhibit shows the route is not active because the next-hop is unreachable. Option D is incorrect: a reject route would show a next-hop of 'Reject' or 'Discard'.

457
MCQmedium

A BGP session is flapping. The engineer runs 'show log messages' and sees 'BGP recv Notification' with error code 'Cease'. What does this indicate?

A.The BGP table is full
B.The hold timer expired
C.The remote peer closed the connection
D.The interface went down
AnswerC

Cease notification means session terminated by peer.

Why this answer

A BGP Cease notification indicates that the remote peer has closed the BGP session, often due to an administrative shutdown, configuration change, or error condition on the peer. The 'BGP recv Notification' message means the local router received this notification from the peer, so the remote peer initiated the closure.

Exam trap

The trap here is that candidates often confuse 'Cease' with a hold timer expiration, but 'Cease' is a clean notification sent by the peer, while hold timer expiration is a local detection of a missed keepalive.

How to eliminate wrong answers

Option A is wrong because a full BGP table would typically cause a 'BGP recv Notification' with error code 'Resource' or 'Maximum Prefixes', not 'Cease'. Option B is wrong because a hold timer expiration results in a 'Hold Timer Expired' error code, not 'Cease'. Option D is wrong because an interface going down would cause a BGP session reset due to a TCP connection failure, not a clean 'Cease' notification.

458
MCQeasy

A Juniper device receives several routes to the same destination prefix from different routing protocols. Which parameter is used first to select the active route?

A.Route preference (administrative distance)
B.Metric
C.AS path length
D.Local preference
AnswerA

Route preference is the primary tie-breaker for routes from different protocols.

Why this answer

Option C is correct because route preference (administrative distance) is compared first when routes are from different protocols. Options A and B are BGP-specific and used after preference. Option D is used within the same protocol only.

459
MCQeasy

An administrator is configuring a static route to a remote network 10.10.10.0/24 via next-hop 192.168.1.1. Which command correctly adds this route?

A.set routing-options route 10.10.10.0/24 static next-hop 192.168.1.1
B.set routing-options static route 10.10.10.0 next-hop 192.168.1.1 mask 255.255.255.0
C.set routing-options static next-hop 192.168.1.1
D.set routing-options static route 10.10.10.0/24 next-hop 192.168.1.1
AnswerD

Correct syntax for a static route.

Why this answer

Option D is correct because the Junos syntax for configuring a static route uses the hierarchy `set routing-options static route <destination-prefix> next-hop <address>`. The prefix must include the subnet mask in CIDR notation (e.g., /24). This command installs a route to 10.10.10.0/24 with next-hop 192.168.1.1 into the routing table.

Exam trap

The trap here is that candidates familiar with Cisco IOS may try to use a separate `mask` parameter (as in Option B) or place the route directly under `routing-options route` (as in Option A), failing to recognize Junos requires the `static route` hierarchy and CIDR notation in the destination.

How to eliminate wrong answers

Option A is wrong because the hierarchy is incorrect; `route` is not a direct child of `routing-options` — static routes must be under `routing-options static route`. Option B is wrong because it incorrectly uses a separate `mask` parameter instead of CIDR notation; Junos requires the prefix length in the destination (e.g., 10.10.10.0/24), not a separate mask. Option C is wrong because it omits the destination prefix entirely; a static route must specify both the destination network and the next-hop.

460
Multi-Selectmedium

Which two statements correctly describe Junos OS login classes? (Choose two.)

Select 2 answers
A.They allow users to enter only operational mode.
B.They are defined under the [edit system login class] hierarchy.
C.They are automatically assigned to all users by default.
D.They can restrict access to configuration mode.
E.They cannot be modified after creation.
AnswersB, D

Login classes are configured under the 'system login class' hierarchy.

Why this answer

Option B is correct because Junos OS login classes are defined under the [edit system login class] hierarchy in the configuration. This hierarchy allows administrators to create custom classes that specify the permissions and access levels for users, such as read-only or superuser access.

Exam trap

The trap here is that candidates often confuse login classes with user accounts, assuming classes are automatically applied or immutable, when in fact they are manually assigned and fully configurable.

461
MCQeasy

A network engineer needs to revert to the configuration that was committed two commits ago. Which rollback number should they use?

A.rollback 0
B.rollback 2
C.rollback 1
D.rollback 3
AnswerB

rollback 2 reverts to the configuration committed two commits ago.

Why this answer

The rollback command in Junos OS allows reverting to a previously committed configuration. The rollback number corresponds to the number of commits ago, starting with rollback 0 for the most recent commit, rollback 1 for the commit before that, and so on. Therefore, to revert to the configuration committed two commits ago, the correct rollback number is 2.

Exam trap

The trap here is confusing the rollback number with the number of commits to revert, where candidates might mistakenly think rollback 1 means one commit ago (which is correct) but then incorrectly apply that logic to two commits ago by choosing rollback 1 instead of rollback 2.

How to eliminate wrong answers

Option A is wrong because rollback 0 refers to the most recent committed configuration, not two commits ago. Option C is wrong because rollback 1 refers to the configuration committed one commit ago, not two. Option D is wrong because rollback 3 refers to the configuration committed three commits ago, which is further back than needed.

462
MCQhard

Refer to the exhibit. An engineer notices that SNMP traffic from source 10.1.1.1 is being rejected on interface ge-0/0/1. The engineer wants to allow SNMP from this source while still blocking other SNMP traffic from the 10.0.0.0/8 range. Which change should be made?

A.Add a term at the end to permit all from 10.1.1.1
B.Change the source-address in term 1 to 10.0.0.0/8 except 10.1.1.1
C.Insert a term 0 before term 1 to permit SNMP from 10.1.1.1
D.Remove the filter and apply a new filter that permits SNMP from 10.1.1.1
AnswerC

This allows specific source before blocking remainder.

Why this answer

Option C is correct because firewall filters in Junos are evaluated sequentially from the lowest term number. By inserting a new term 0 before the existing term 1 that explicitly permits SNMP traffic (UDP ports 161/162) from source 10.1.1.1, the filter will match and accept this traffic before reaching the deny term for the 10.0.0.0/8 range. This ensures the specific host is allowed while still blocking other SNMP traffic from the broader subnet.

Exam trap

The trap here is that candidates often think they can use an 'except' keyword or add a term at the end to override a previous deny, not realizing that Junos filters stop processing after the first match and do not support exclusion syntax within a source-address match.

How to eliminate wrong answers

Option A is wrong because adding a term at the end would never be evaluated if the preceding term 1 (which denies 10.0.0.0/8) already matches and rejects the traffic; Junos firewall filters stop processing after the first match. Option B is wrong because Junos does not support an 'except' modifier on source-address in a firewall filter term; you cannot exclude a single host from a prefix match within the same term. Option D is wrong because it is unnecessarily disruptive and inefficient; the existing filter can be modified by inserting a term, which is the standard Junos practice for such requirements.

463
MCQhard

Refer to the exhibit. A network engineer sees repeated 'PFE interrupt error' messages in the log for fpc0. What is the most likely impact and recommended action?

A.Remove and reinsert the PIC on FPC0 to reseat the connection.
B.Restart the PFE process using 'restart pfe' command.
C.Perform a software upgrade on the router to fix a known bug.
D.Replace the line card (FPC0) as it is experiencing hardware failures causing traffic loss.
AnswerD

The repeated PFE interrupts suggest hardware failure; replacement is needed.

Why this answer

The 'PFE interrupt error' message indicates a hardware-level failure on the Packet Forwarding Engine (PFE) of FPC0. Since the PFE is responsible for forwarding packets, such errors typically cause traffic loss or drops. The recommended action is to replace the line card (FPC0) because persistent PFE interrupt errors are symptomatic of a hardware fault that cannot be resolved by software resets or upgrades.

Exam trap

The trap here is that candidates confuse 'PFE interrupt error' with a software process issue and choose to restart the PFE process, but the repeated nature of the error points to a hardware fault requiring line card replacement.

How to eliminate wrong answers

Option A is wrong because removing and reinserting the PIC (Physical Interface Card) addresses issues at the PIC level, not the PFE on the FPC; PFE interrupt errors originate from the FPC's forwarding engine, not the PIC. Option B is wrong because restarting the PFE process ('restart pfe') is a temporary software reset that may clear transient errors but does not fix underlying hardware failures; repeated errors indicate a persistent hardware issue. Option C is wrong because while software upgrades can fix known bugs, 'PFE interrupt error' messages are typically hardware-related, and a software upgrade would not resolve a physical fault on the line card.

464
MCQhard

An enterprise uses OSPF across multiple areas. To reduce routing table size in the backbone area, the engineer wants to advertise a single summary route for all subnets in area 2. Which configuration is appropriate?

A.Configure a virtual-link between area 2 and area 0
B.Configure a default route from area 2 using 'default-metric'
C.Use a static route for the summary and redistribute it into OSPF
D.Configure 'area 2 area-range 10.0.0.0/16' on the ABR
AnswerD

This summarizes area 2's routes into a single prefix for other areas.

Why this answer

Option D is correct because the 'area-range' command on an Area Border Router (ABR) allows you to summarize a set of routes from a specific area into the backbone (area 0) by advertising a single aggregate route (e.g., 10.0.0.0/16) instead of all individual subnets. This reduces the routing table size in area 0 while still providing reachability to all subnets in area 2.

Exam trap

The trap here is that candidates often confuse 'area-range' (which summarizes routes between areas) with 'virtual-link' (which fixes connectivity issues) or assume redistribution is needed for summarization, when OSPF's built-in ABR summarization is the correct and simplest method.

How to eliminate wrong answers

Option A is wrong because a virtual-link is used to connect a non-backbone area to area 0 when the area is physically disconnected, not for route summarization; it does not create a summary route. Option B is wrong because 'default-metric' is used to set the metric for default routes redistributed into OSPF, but it does not summarize area-specific subnets into a single route. Option C is wrong because using a static route and redistributing it into OSPF would create a separate external route (type 5 LSA) rather than a type 3 summary LSA, and it would not automatically summarize all subnets in area 2; it also adds administrative overhead and may cause suboptimal routing.

465
MCQmedium

Refer to the exhibit. A network administrator notices intermittent connectivity issues. Based on the log messages, what is the most likely cause?

A.The ISIS protocol has a configuration error that prevents adjacency.
B.The interface ge-0/0/0 is experiencing a physical layer issue causing it to flap.
C.An SNMP trap is causing a loop in the network.
D.The router's MIB is corrupted causing false logs.
AnswerB

The logs show a link down followed by a rapid recovery, consistent with a physical layer problem like a bad cable or SFP.

Why this answer

The log shows rapid down/up events (flapping) on interface ge-0/0/0. This pattern typically indicates a physical layer problem such as a faulty cable or transceiver. Option B is plausible but the traps are symptoms, not the cause.

Option C is less likely because the adjacency recovers quickly. Option D is unsupported by the logs.

466
MCQhard

You are a network engineer at a service provider. You have a Juniper MX router that serves as a BGP route reflector for a large number of customer routes. Recently, the router has been experiencing high CPU utilization, and the BGP process (rpd) is consuming excessive memory. You suspect that the router is receiving too many routes from a specific BGP peer, causing the routing table to grow beyond the available memory. You need to diagnose the issue without affecting production traffic. Which course of action should you take?

A.Immediately shut down all BGP peers to stop the influx of routes.
B.Configure a prefix limit on all BGP peers.
C.Use the 'show route summary' command to check the routing table size and memory usage.
D.Use the 'show bgp summary' command to check the number of prefixes per peer.
AnswerC

This command provides a high-level view of route counts and memory usage, helping to identify if the routing table is oversized.

Why this answer

Option C is correct because the 'show route summary' command provides a high-level overview of the routing table size, including the total number of routes and the memory utilization of the routing table. This allows the engineer to quickly assess whether the routing table has grown beyond available memory without disrupting production traffic, which is the primary goal of the diagnosis.

Exam trap

The trap here is that candidates may confuse 'show bgp summary' (which shows prefix counts per peer) with 'show route summary' (which shows total routing table size and memory usage), and incorrectly assume that checking prefix counts alone is sufficient to diagnose memory exhaustion.

How to eliminate wrong answers

Option A is wrong because immediately shutting down all BGP peers would cause a complete loss of routing information and disrupt production traffic, which violates the requirement to not affect production traffic. Option B is wrong because configuring a prefix limit on all BGP peers is a reactive mitigation step that would change the router's configuration and potentially drop legitimate routes, not a diagnostic action to identify the source of the problem. Option D is wrong because while 'show bgp summary' shows the number of prefixes per peer, it does not provide memory usage details or the total routing table size, which are necessary to confirm that memory exhaustion is the root cause.

467
MCQhard

An administrator suspects that an interface is flapping but the router is remote and the connection is intermittent. The administrator wants to monitor the interface status without maintaining an SSH session. Which approach should be used?

A.Configure event-options to trigger on interface down and send syslog
B.Use 'monitor interface ge-0/0/0' and rely on terminal persistence
C.Use 'monitor start' to capture logs
D.Schedule a cron job to run 'show interfaces ge-0/0/0' every minute and log output
AnswerA

Logs events remotely without requiring an active SSH session.

Why this answer

Option A is correct because Junos event-options allows you to define an event policy that triggers on a specific event, such as an interface down transition, and then executes an action like sending a syslog message. This enables asynchronous monitoring without requiring an active SSH session, making it ideal for intermittent connectivity scenarios.

Exam trap

The trap here is that candidates confuse real-time monitoring commands like 'monitor interface' with persistent event-driven monitoring, assuming that terminal persistence or log capture can substitute for an event-based solution that works without an active session.

How to eliminate wrong answers

Option B is wrong because 'monitor interface' is a real-time CLI command that requires an active SSH session to display continuous output; it does not persist after the session ends. Option C is wrong because 'monitor start' is used to capture log file output in real time, but it also requires an active SSH session and does not trigger on specific events like interface flapping. Option D is wrong because scheduling a cron job on a remote router is not a native Junos feature; Junos does not support cron, and the approach would require an external management server, not a solution directly on the device.

468
Drag & Dropmedium

Order the steps to configure a BGP peering session in Junos.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

BGP requires an AS number, group configuration, and neighbor definition. Verify with 'show bgp summary'.

469
MCQhard

Refer to the exhibit. Based on the log messages, what is the most likely cause of the interface flapping?

A.Faulty SFP module
B.MTU mismatch
C.Duplicate IP address
D.Spanning tree topology change
AnswerA

Rapid link up/down events (flapping) are often caused by physical layer issues such as a faulty SFP, loose cable, or bad fiber. This pattern is characteristic of hardware failure.

Why this answer

The log messages show repeated link up/down events (interface flapping). In Junos, interface flapping is most commonly caused by a faulty SFP module, as physical layer issues like degraded optics or loose connections trigger continuous link transitions. The logs typically show 'link up' followed by 'link down' without any protocol-level errors, pointing to a hardware fault rather than configuration mismatches.

Exam trap

The trap here is that candidates often attribute interface flapping to higher-layer issues like MTU or IP conflicts, but Junos logs physical link transitions (up/down) are almost always due to Layer 1 problems such as faulty optics, cables, or hardware, not configuration mismatches.

How to eliminate wrong answers

Option B is wrong because an MTU mismatch causes packet fragmentation or drops but does not cause the physical link state to toggle; it would generate error counters or ICMP messages, not interface up/down events. Option C is wrong because a duplicate IP address results in address conflict logs and connectivity issues, not physical interface flapping; Junos would log 'Duplicate IP address detected' or ARP-related errors. Option D is wrong because spanning tree topology changes affect forwarding state (blocking/forwarding) but do not cause the interface itself to go up/down; STP events would show 'STP topology change' in logs, not link state transitions.

470
MCQhard

An organization plans to upgrade Junos from version 18.1R3 to 19.1R1. The device currently runs on 18.1R3. Which statement is true regarding the upgrade process?

A.The upgrade can be performed directly from 18.1R3 to 19.1R1 using a single junos-install package.
B.The device should be upgraded incrementally through each maintenance release before reaching 19.1R1.
C.The command 'request system software add' is used to install the new image.
D.The device will remain operational during the upgrade process without a reboot.
AnswerB

Juniper recommends sequential upgrades to avoid incompatibilities.

Why this answer

Option B is correct because Junos OS requires an incremental upgrade path when the target release is more than one major version ahead. Since 18.1R3 and 19.1R1 are separated by a major version boundary, the device must first be upgraded to an intermediate release (e.g., 18.2 or 18.4) before applying the 19.1R1 image. Skipping major versions can cause incompatibilities in the file system or configuration database.

Exam trap

The trap here is that candidates assume Junos upgrades are always direct like some other network OS, but Junos strictly enforces major version stepping to prevent database corruption and ensure compatibility.

How to eliminate wrong answers

Option A is wrong because a direct upgrade from 18.1R3 to 19.1R1 using a single junos-install package is not supported; Junos requires stepping through intermediate major releases to ensure proper database and filesystem migration. Option C is wrong because the correct command to install a new Junos image is 'request system software add' (not 'request system software add' — the actual command is 'request system software add' but the option incorrectly uses 'add' instead of 'add'; however, the primary issue is that the command alone does not guarantee a successful upgrade without following the correct version path). Option D is wrong because the device must reboot after the software installation to load the new kernel and packages; the system is not operational during the reboot process.

471
MCQhard

Refer to the exhibit. Why is the static route not active?

A.The OSPF route has a lower metric.
B.The static route's next-hop is not reachable.
C.The static route is not committed.
D.The static route has a higher preference than the OSPF route.
AnswerD

Static preference 15 is higher (less preferred) than OSPF preference 10, so OSPF is active.

Why this answer

Option C is correct because the static route has a preference of 15, which is higher than OSPF's preference of 10, making OSPF the active route. Option A is wrong because metric is not compared across protocols. Option B is wrong because the next-hop is reachable (via ge-0/0/0.0).

Option D is wrong because the route is present in the table, so it is committed.

472
MCQeasy

An administrator wants to see the differences between the candidate configuration and the active configuration. Which command should be used?

A.show | display set
B.run show configuration
C.show | compare
D.show configuration
AnswerC

Shows differences between candidate and active.

Why this answer

The 'show | compare' command displays the differences between the candidate configuration and the active (committed) configuration. This is the standard Junos method for reviewing uncommitted changes before committing them, as it outputs a diff-style output showing lines added, deleted, or modified.

Exam trap

The trap here is that candidates often confuse 'show | compare' with 'show configuration' or 'show | display set', thinking they all show differences, but only 'show | compare' provides the explicit diff output between candidate and active configurations.

How to eliminate wrong answers

Option A is wrong because 'show | display set' reformats the output of the 'show' command into 'set' commands, but does not compare configurations. Option B is wrong because 'run show configuration' is used to display the active configuration on the RE (Routing Engine) from the shell, not to compare candidate and active configurations. Option D is wrong because 'show configuration' displays the entire active configuration, not the differences between candidate and active.

473
MCQeasy

Which command displays the version of Junos OS currently running on the device?

A.show version
B.show system hardware
C.show system uptime
D.show system information
AnswerA

Displays Junos OS version.

Why this answer

The 'show version' command is the standard Junos CLI command that displays the Junos OS version currently running on the device, including the software release, build date, and the type of software (e.g., Junos 22.4R2.11). It is the direct equivalent of 'show version' in Cisco IOS and is the primary command for verifying the active software image.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'show version' to be the correct command, but Junos also uses 'show version' for the same purpose, while 'show system information' is a distractor that sounds plausible but is not a valid Junos command.

How to eliminate wrong answers

Option B is wrong because 'show system hardware' displays detailed hardware inventory (e.g., chassis, FPCs, PICs, serial numbers) but does not show the Junos OS version. Option C is wrong because 'show system uptime' shows how long the device has been running, the load averages, and the time since last reboot, but not the OS version. Option D is wrong because 'show system information' is not a valid Junos command; the correct command for general system information is 'show system info' (which shows hostname, model, serial number, etc.), but it does not display the Junos OS version.

474
MCQhard

A network engineer needs to verify the checksum of a downloaded Junos image before installation. Which command is used?

A.file checksum sha256 <filename>
B.compare <filename> original
C.request system software validate <filename>
D.show system software
AnswerA

Computes the SHA-256 checksum.

Why this answer

Option A is correct because the `file checksum sha256 <filename>` command computes the SHA-256 hash of the specified file, allowing the engineer to compare it against the published checksum from Juniper Networks to verify integrity and authenticity before installation. This ensures the image has not been corrupted or tampered with during download.

Exam trap

The trap here is that candidates confuse the `request system software validate` command, which performs a package validation, with a checksum verification, but it does not compute or display a cryptographic hash for external comparison.

How to eliminate wrong answers

Option B is wrong because `compare <filename> original` is not a valid Junos command; it is likely confused with the `file compare` command used to diff two files, not to verify checksums. Option C is wrong because `request system software validate <filename>` validates the software package's internal integrity and compatibility with the current system, but it does not compute or display a checksum for external verification against a published hash. Option D is wrong because `show system software` displays installed software packages and their versions, not a checksum verification function for a downloaded image.

475
Multi-Selecteasy

Which TWO statements about configuration storage in Junos are true?

Select 2 answers
A.The rescue configuration is stored in /config/rescue.conf.gz.
B.The rollback configurations are stored in /config/juniper.conf.0.gz, .1.gz, etc.
C.The active configuration is stored in /config/juniper.conf.gz.
D.The candidate configuration is stored in /config/.
E.The factory default configuration is stored in /etc/config/.
AnswersA, C

Rescue configuration is a special saved configuration.

Why this answer

Option A is correct because the rescue configuration is stored as a compressed file at /config/rescue.conf.gz on Junos devices. This configuration is saved using the 'request system configuration rescue save' command and can be loaded with 'rollback rescue' to recover from a configuration that prevents the device from booting properly.

Exam trap

The trap here is that candidates often confuse the numbering of rollback files (thinking .0.gz is a rollback instead of the active configuration) or assume the candidate configuration is stored persistently on disk rather than existing only in memory until committed.

476
Multi-Selecthard

Which TWO configuration statements are valid for defining a static route on a Junos device?

Select 2 answers
A.set routing-options static route 10.0.0.0/8 discard
B.set routing-options static route 10.0.0.0/8 reject-all
C.set routing-options static route 10.0.0.0/8 qualified-next-hop 192.168.1.1 preference 10
D.set routing-options static route 10.0.0.0/8 next-hop 192.168.1.1 metric 10
E.set routing-options static route 10.0.0.0/8 passive
AnswersA, C

Valid: discard is a valid next-hop action.

Why this answer

Valid static route configurations include next-hop (IP, interface), discard, reject, qualified-next-hop, next-table, etc. Invalid include metric, passive, and misspelled keywords.

477
MCQmedium

You configure an aggregate route for 172.16.0.0/16. What must exist for this aggregate to be active in the routing table?

A.A directly connected interface on that subnet
B.A static route to the aggregate prefix
C.A contributing route (more specific route within the aggregate range)
D.Nothing; the aggregate is always active once committed.
AnswerC

Aggregates are active only when a more specific route exists in the routing table.

Why this answer

The correct answer is A. An aggregate route requires at least one contributing route (a more specific route within the aggregate's range) to become active. Without a contributing route, the aggregate remains inactive.

Option B is not required, though a static route can serve as contributor. Option C is not required. Option D is false; a contributing route must exist.

478
MCQeasy

An administrator needs to ensure that traffic from the 192.168.1.0/24 subnet is allowed to reach the internet through a Juniper SRX firewall. The SRX is configured with security policies. Which policy element is required to permit this traffic?

A.Source address
B.Application
C.Destination zone
D.Source zone
AnswerD

A security policy must specify a source zone to match incoming traffic.

Why this answer

In Juniper SRX security policies, the source zone is a mandatory element that defines the origin of the traffic. Since the traffic originates from the 192.168.1.0/24 subnet, the policy must specify the source zone (e.g., 'trust' or 'internal') to match the incoming traffic and permit it toward the internet (destination zone, e.g., 'untrust'). Without a source zone, the policy cannot be applied to the correct traffic flow.

Exam trap

The trap here is that candidates often focus on the source address (192.168.1.0/24) as the key element, but Juniper policies require a zone-based approach where the source zone is mandatory, not the source address, which is only an optional match condition.

How to eliminate wrong answers

Option A is wrong because a source address is not a required policy element; it is an optional match condition that can refine the policy, but the policy itself requires a source zone to define the traffic's origin. Option B is wrong because an application is optional in Juniper security policies; if omitted, the policy defaults to 'any' application, and it is not mandatory for permitting traffic. Option C is wrong because the destination zone is required for the policy to define where traffic is going, but the question asks which element is required to permit this traffic from the subnet; the source zone is equally required, and the destination zone alone cannot permit traffic without a source zone.

479
Multi-Selecthard

Which THREE of the following statements are true regarding Junos OS commit operations?

Select 3 answers
A.The 'commit check' command validates the candidate configuration without activating it.
B.The commit command activates the candidate configuration.
C.The 'commit confirmed' command automatically rolls back if not confirmed within the timeout.
D.You can run multiple commit scripts during a single commit operation.
E.The rollback command reverts to the current active configuration.
AnswersA, B, C

It checks syntax and semantics without applying.

Why this answer

Option A is correct because the 'commit check' command validates the candidate configuration for syntax and semantic errors without activating it. This allows an administrator to verify changes before making them active, preventing potential misconfigurations from disrupting network operations.

Exam trap

The trap here is that candidates often confuse 'rollback' with reverting to the current active configuration, when in fact 'rollback 0' refers to the current active configuration, and any other number refers to a previous committed configuration.

480
MCQhard

A service provider is migrating from a legacy core network to Juniper MX series routers. In the new design, each MX router runs OSPF as the IGP with a single backbone area 0 and multiple non-backbone areas for customer aggregation. The network uses route summarization at area border routers (ABRs) to reduce routing table size. During testing, engineers notice that some customer prefixes from area 1 are not being propagated to the backbone area, even though the ABR has a valid route to those prefixes and has been configured with 'area 1 range 192.168.0.0/16'. The ABR is an MX240 running Junos 21.4R1. The 'show ospf route' command on the ABR shows the individual customer prefixes (e.g., 192.168.1.0/24) in the OSPF routing table, but the summary route is not present in the backbone area's database. Additionally, 'show ospf database summary' on a backbone router does not show the summary LSA for 192.168.0.0/16. What is the most likely cause?

A.The summary LSA is being suppressed because the ABR is also advertising a type 5 external route for the same prefix.
B.The ABR has no interface in area 1 that matches the summary range; the 'area range' command requires a directly connected interface.
C.The 'area range' command only works after a routing process restart; a 'clear ospf database' is required to regenerate LSAs.
D.The individual prefixes from area 1 may not be installed in the inet.0 routing table on the ABR, possibly due to a missing OSPF adjacency or a route filter blocking them.
AnswerD

Without a valid inter-area route, the ABR cannot generate the summary.

Why this answer

Option D is correct because the 'area range' command requires an active inter-area route to exist in the routing table; if the ABR does not have a route to the individual prefixes in the inet.0 table (perhaps due to filtering or no OSPF adjacency), the summary is not generated. Option A is incorrect; the area range command itself works, but a restart is not required. Option B is incorrect; the area range does not need a matching interface; it summarizes routes learned from the area.

Option C is incorrect; the summary LSA is type 3, not type 5.

481
Multi-Selectmedium

Which THREE conditions must be met for a route to be considered active in the JunOS routing table? (Choose three.)

Select 3 answers
A.The route is the only route for the prefix
B.The route is from a trusted protocol
C.The route is preferred based on protocol preference
D.The route is installed in the forwarding table
E.The next-hop is reachable
AnswersC, D, E

Only the route with the lowest preference among all routes for the prefix is active.

Why this answer

A route is active if it is the best route (lowest preference), its next-hop is reachable, and it is installed in the forwarding table. Options A, B, and D are correct. Option C is incorrect because multiple routes can exist for the same prefix (only one active).

Option E is incorrect because 'trusted protocol' is not a condition.

482
MCQeasy

A medium-sized enterprise has its headquarters (HQ) and a remote branch office connected via a dedicated point-to-point link. The HQ router (Juniper MX) has interface ge-0/0/1 with IP 10.0.0.1/30 connected to the branch router (Juniper SRX) interface ge-0/0/0 with IP 10.0.0.2/30. The branch LAN is 192.168.2.0/24, and the HQ LAN is 10.0.1.0/24. The branch router has a default route pointing to 10.0.0.1. The HQ router has a static route for 192.168.2.0/24 with next-hop 10.0.0.2, but it was recently changed incorrectly to point to 10.0.0.10 due to a configuration error. Users at the branch report that they can access the internet via the HQ router but cannot reach the HQ LAN's file server at 10.0.1.100. From the HQ router, you can ping the branch router's interface IP (10.0.0.2) successfully, but you cannot ping any device in the branch LAN (192.168.2.0/24). You check the routing table on the HQ router and see that the static route for 192.168.2.0/24 points to 10.0.0.10. What is the most appropriate corrective action?

A.Add a static route on the branch router for 10.0.1.0/24 pointing to 10.0.0.1.
B.Remove the static route and rely on the default route on the branch router.
C.Enable proxy ARP on the HQ router's ge-0/0/1 interface.
D.Change the static route on the HQ router to point to 10.0.0.2.
AnswerD

Correct. This corrects the next-hop to the branch router's interface, enabling reachability to the branch LAN.

Why this answer

Option A is correct. The incorrect static route on the HQ router is pointing to a nonexistent next-hop (10.0.0.10), so traffic to the branch LAN is not forwarded. Changing the next-hop to 10.0.0.2 (the branch router's interface) restores the route.

Option B is unnecessary because the branch router's default route already covers the HQ LAN. Option C (proxy ARP) does not fix a routing table issue. Option D would remove the route entirely, breaking connectivity to the branch LAN.

483
MCQeasy

An engineer needs to view the current active configuration of a Junos device without making any changes. Which CLI mode should they use?

A.Operational mode
B.Privileged mode
C.Configuration mode
D.Exclusive configuration mode
AnswerA

Operational mode provides read-only access to configuration and operational commands.

Why this answer

Operational mode is the default CLI mode in Junos, used for monitoring, troubleshooting, and viewing the current active configuration without making any changes. Commands in this mode are read-only and do not modify the device's configuration. The active configuration is the one currently running on the device, and it can be viewed using commands like 'show configuration' in operational mode.

Exam trap

The trap here is that candidates familiar with Cisco IOS may confuse 'Privileged mode' (which allows viewing and some changes) with Junos operational mode, but Junos strictly separates read-only (operational) and read-write (configuration) modes.

How to eliminate wrong answers

Option B is wrong because 'Privileged mode' is a Cisco IOS term, not a Junos CLI mode; Junos uses operational mode for read-only access and configuration mode for changes. Option C is wrong because Configuration mode is used to modify the candidate configuration, not just view the active configuration; entering this mode allows changes to be made. Option D is wrong because Exclusive configuration mode is a variant of configuration mode that locks the configuration database to prevent other users from making changes, but it still allows modifications and is not for read-only viewing.

484
MCQeasy

A network engineer is troubleshooting connectivity between two hosts on the same VLAN connected to different Juniper EX switches. The MAC address table on each switch shows the correct MAC addresses for both hosts, but ping fails. What is the most likely cause?

A.The VLAN is not allowed on the trunk between the switches
B.The hosts are configured with IP addresses in different subnets
C.The ARP cache on the hosts is stale
D.Spanning Tree Protocol is blocking a port
AnswerA

If the VLAN is not allowed on the trunk, frames are dropped, even though MAC addresses are learned on access ports.

Why this answer

If both hosts are on the same VLAN and their MAC addresses are correctly learned on each switch, the issue is likely that the VLAN is not allowed on the trunk link connecting the switches. Without the VLAN being permitted on the trunk, frames from that VLAN will be dropped at the trunk interface, preventing Layer 2 communication between the hosts even though the MAC tables are correct.

Exam trap

The trap here is that candidates often assume MAC table correctness implies full Layer 2 connectivity, overlooking the trunk VLAN filtering mechanism that can drop frames even when MAC addresses are learned.

How to eliminate wrong answers

Option B is wrong because if the hosts were in different subnets, they would need a router to communicate, but the question specifies they are on the same VLAN, which implies the same subnet; ping failure due to subnet mismatch would be a Layer 3 issue, not a Layer 2 MAC table problem. Option C is wrong because a stale ARP cache would cause a Layer 3 issue (hosts would have incorrect IP-to-MAC mappings), but the MAC tables on the switches are correct, indicating that ARP resolution has succeeded; ping failure here is not due to ARP. Option D is wrong because Spanning Tree Protocol (STP) blocking a port would prevent MAC address learning on that port, but the question states the MAC address tables are correct, meaning STP is not blocking the relevant ports; STP blocking would also show the port in a blocking state in the STP topology.

485
MCQeasy

A user wants to see all available commands starting with 'show'. Which key should they press after typing 'show'?

A.Space
B.?
C.Tab
D.Ctrl-P
AnswerB

Displays context-sensitive help, listing all commands starting with 'show'.

Why this answer

In the Junos CLI, pressing the '?' key after typing a partial command like 'show' displays a list of all available commands or options that start with that string. This is the standard context-sensitive help feature in Junos, which is distinct from other CLI behaviors.

Exam trap

The trap here is that candidates familiar with Cisco IOS may expect the Tab key to list completions, but in Junos, Tab only auto-completes a unique command, while '?' is used to list all available options.

How to eliminate wrong answers

Option A is wrong because pressing the Space bar after 'show' would execute the command if it is complete, or cause an error if incomplete; it does not display available commands. Option C is wrong because the Tab key in Junos CLI performs command completion (auto-fills the command if unique), not listing all available options. Option D is wrong because Ctrl-P is a readline shortcut that recalls the previous command from the history buffer, not related to showing available commands.

486
MCQeasy

A junior engineer uses 'set system host-name R1' in configuration mode and exits without committing. After a reboot, the hostname reverts to the original. What step did the engineer miss?

A.They must use 'run set system host-name' instead.
B.They must save the configuration to a file.
C.They must reboot after setting the hostname.
D.They must commit the configuration with 'commit'.
AnswerD

Commit activates the candidate configuration, making it persist across reboots.

Why this answer

In Junos OS, configuration changes made in configuration mode are stored in a candidate configuration and do not take effect until explicitly committed using the 'commit' command. Rebooting without committing discards all uncommitted changes, causing the hostname to revert to its original value. Option D is correct because the engineer must issue 'commit' to activate the new hostname permanently.

Exam trap

The trap here is that candidates familiar with Cisco IOS may assume changes take effect immediately in configuration mode, but Junos requires an explicit 'commit' to activate changes, and rebooting does not save uncommitted changes.

How to eliminate wrong answers

Option A is wrong because 'run set system host-name' is not a valid command; 'run' executes operational-mode commands, while 'set system host-name' is a configuration-mode command. Option B is wrong because saving the configuration to a file (e.g., with 'save') is not required for activation; the candidate configuration is automatically stored in memory and only needs to be committed to become the active configuration. Option C is wrong because rebooting is unnecessary and does not commit changes; in fact, rebooting without committing discards uncommitted changes, which is the opposite of the desired outcome.

487
MCQmedium

Refer to the exhibit. The administrator has configured a default static route. However, the route does not appear in the routing table. Based on the output, what is the most likely issue?

A.The static route is not configured correctly; the prefix is missing.
B.The route is actually present and active in the routing table.
C.The route has been overwritten by a dynamic routing protocol.
D.The next-hop is unreachable because ge-0/0/0 is down.
AnswerB

The show route output confirms it is there.

Why this answer

Option B is correct because the exhibit shows the static route 0.0.0.0/0 with a next-hop of 10.0.0.1 in the routing table, indicated by the 'S' flag (static) and the active route marker '>'. The route is present and active, so the administrator's assumption that it does not appear is incorrect.

Exam trap

The trap here is that candidates may misinterpret the routing table output, thinking a static route is missing when it is actually present and active, often because they overlook the 'S' flag or the '>' indicator, or they assume the route is not shown because they expect a different format.

How to eliminate wrong answers

Option A is wrong because the static route is configured with the correct prefix 0.0.0.0/0, which is the default route, and it appears in the routing table. Option C is wrong because there is no evidence of a dynamic routing protocol overwriting the route; the static route is still present with its 'S' flag, and no other protocol's route to 0.0.0.0/0 is shown. Option D is wrong because the next-hop 10.0.0.1 is reachable via interface ge-0/0/0, which is listed as 'up' in the routing table output (the interface name appears without a 'down' indicator), and the route is active.

488
MCQhard

Tom is a junior network engineer who recently joined a service provider. He is tasked with configuring a new BGP session on an MX240 router to peer with a customer. He accesses the router via SSH and enters configuration mode using the `configure` command. He then navigates to `edit protocols bgp` and begins configuring. He sets the local AS number, adds a group named 'CUSTOMER-A', and specifies the peer IP address 192.0.2.2. After completing the configuration, he attempts to commit by typing `commit`. The system returns a syntax error and indicates that the configuration is invalid. Tom is unsure what went wrong and wants to identify the error before making any changes. What should Tom do next?

A.Issue the `commit check` command to validate the candidate configuration syntax.
B.Issue the `show | compare` command to see the differences from the previous committed configuration.
C.Issue the `run show configuration protocols bgp` command to display the current active configuration.
D.Issue the `edit protocols bgp` command again to re-enter the hierarchy and review the settings.
AnswerA

This command checks the syntax of the candidate configuration and reports errors.

Why this answer

Option B is correct because `commit check` validates the candidate configuration syntax without committing, and will point out the specific error. Option A only shows changes but does not check syntax. Option C displays the active (committed) configuration, not the candidate.

Option D simply re-enters the hierarchy, which does not help identify the error.

489
MCQeasy

An engineer needs to check the last time the configuration was changed. Which command provides this information?

A.show system commit
B.show configuration | display set
C.show system alarms
D.show system uptime
AnswerA

Displays commit log with timestamps.

Why this answer

The 'show system commit' command displays the commit history, including the date, time, and user for each configuration change. This allows the engineer to see exactly when the last configuration was committed, which is the definitive way to determine the last time the configuration was changed.

Exam trap

The trap here is that candidates often confuse 'show configuration' (which shows the current config) with a command that shows when the config was last changed, but only 'show system commit' provides the timestamp of the last commit.

How to eliminate wrong answers

Option B is wrong because 'show configuration | display set' shows the current active configuration in set format, but it does not include any timestamp or commit history to indicate when the configuration was last changed. Option C is wrong because 'show system alarms' displays active system alarms (such as hardware or software issues), not configuration change timestamps. Option D is wrong because 'show system uptime' shows how long the device has been running and the time since the last reboot, but it does not provide any information about configuration commit times.

490
Multi-Selecteasy

Which two statements are true about static routes on Juniper devices? (Choose two.)

Select 2 answers
A.A static route with a next-hop of an IP address requires that the next-hop be reachable.
B.Static routes can be configured with a qualified-next-hop to provide conditional routing.
C.A static route with a next-hop of an interface will be active even if the interface is down.
D.A static route with a preference of 10 is preferred over a static route with a preference of 5.
E.Static routes cannot be used for load balancing.
AnswersA, B

The route becomes active only if the next-hop is reachable in the routing table.

Why this answer

Options B and E are correct. Option A is false because a static route with a next-hop of an interface is not active if the interface is down. Option C is false because static routes can be used for load balancing.

Option D is false because a lower preference number indicates a more preferred route.

491
MCQhard

An engineer needs to load a full configuration from a text file onto a Junos device, replacing the entire candidate configuration. Which command should be used?

A.load set /path/to/config.txt
B.load override /path/to/config.txt
C.load patch /path/to/config.txt
D.load merge /path/to/config.txt
AnswerB

Replaces entire candidate configuration with file contents.

Why this answer

The 'load override' command replaces the entire candidate configuration with the contents of the specified text file, discarding any existing candidate changes. This is the correct choice because the engineer explicitly needs to replace the full configuration, not merge or patch it.

Exam trap

The trap here is that candidates often confuse 'load override' with 'load merge' because both load a file, but only 'load override' discards the existing candidate configuration, while 'load merge' preserves it and can cause configuration conflicts or residual settings.

How to eliminate wrong answers

Option A is wrong because 'load set' is not a valid Junos command; the correct syntax for loading a set-based configuration is 'load set terminal' or 'load set filename', but 'load set /path/to/config.txt' is not standard and would fail. Option C is wrong because 'load patch' applies only incremental changes (diffs) to the candidate configuration, not a full replacement. Option D is wrong because 'load merge' combines the text file with the existing candidate configuration, potentially retaining old settings and not achieving a full replacement.

492
MCQhard

Refer to the exhibit. An administrator wants to remove the address 10.0.0.2/24 from unit 0. Which configuration mode command achieves this without affecting other configuration?

A.delete interfaces ge-0/0/1 unit 0
B.delete interfaces ge-0/0/1 unit 0 family inet address
C.delete interfaces ge-0/0/1 unit 0 family inet address 10.0.0.2/24
D.delete interfaces ge-0/0/1 unit 1 family inet address 10.0.0.2/24
AnswerC

Removes only the specified address.

Why this answer

Option C is correct because the command `delete interfaces ge-0/0/1 unit 0 family inet address 10.0.0.2/24` specifically removes only the IPv4 address 10.0.0.2/24 from the logical unit 0, leaving all other configuration (such as other addresses, VLAN tagging, or protocol families) intact. In Junos, addresses are hierarchical under `family inet address`, and deleting a specific address entry does not affect sibling addresses or the unit itself.

Exam trap

The trap here is that candidates often confuse deleting the entire unit or address family with deleting a single address, leading them to choose options that remove more configuration than intended, which is a common mistake in Junos hierarchical configuration management.

How to eliminate wrong answers

Option A is wrong because `delete interfaces ge-0/0/1 unit 0` removes the entire logical unit 0, including all its addresses, protocol families, and any other configuration (e.g., VLAN ID, filters), which is too broad. Option B is wrong because `delete interfaces ge-0/0/1 unit 0 family inet address` removes all IPv4 addresses under unit 0, not just the specific 10.0.0.2/24, potentially deleting other configured addresses. Option D is wrong because it targets unit 1 instead of unit 0, so it would not affect the address on unit 0 at all; it either does nothing or modifies the wrong interface unit.

493
MCQhard

You are a network administrator for a large service provider. You have a Juniper MX960 that serves as a core router. The router uses a configuration with many apply-groups to streamline management. Recently, you added a new apply-group for interface-specific policies. After committing, several interfaces stopped passing traffic due to incorrect policy application. You need to quickly revert to the previous configuration without losing other valid changes made by other engineers in the same commit. The previous configuration is stored as rollback 1. However, rollback 1 contains configuration that does not include the new apply-group but also includes other valid changes from the last commit. You want to restore the configuration to exactly the state before the last commit (the rollback 1 state). Which command should you use?

A.rollback 0 and commit check
B.load override rollback 1 and commit
C.rollback 0 and then commit
D.request system configuration rescue save and then load rescue
AnswerB

This replaces the candidate with rollback 1, then commits it.

Why this answer

Option B is correct because 'load override rollback 1' replaces the entire candidate configuration with the exact contents of rollback 1, which is the state before the last commit. This allows you to revert the problematic apply-group change while preserving all other valid changes that were part of that same rollback snapshot. A subsequent 'commit' then activates this configuration, effectively undoing only the last commit without affecting earlier valid changes.

Exam trap

The trap here is confusing 'rollback 0' (the current active configuration) with 'rollback 1' (the previous configuration), leading candidates to choose options that simply re-commit the current state instead of reverting to the prior one.

How to eliminate wrong answers

Option A is wrong because 'rollback 0' refers to the current active configuration, and 'commit check' only validates syntax without applying changes; this does not revert to a previous state. Option C is wrong because 'rollback 0' followed by 'commit' would re-commit the current configuration, which still contains the problematic apply-group, so no reversion occurs. Option D is wrong because 'request system configuration rescue save' saves the current configuration as a rescue configuration, and 'load rescue' loads that same current configuration; this does not revert to rollback 1 and may overwrite any existing rescue configuration.

494
MCQeasy

What is the default preference value of a directly connected (direct) route in JunOS?

A.10
B.170
C.0
D.100
AnswerC

Direct routes have a preference of 0.

Why this answer

In JunOS, directly connected routes have a default preference value of 0, which is the highest possible preference (lowest numerical value). This ensures that directly connected routes are always preferred over routes learned from any dynamic routing protocol, as they represent interfaces that are directly reachable on the local device.

Exam trap

The trap here is that Cisco uses a default administrative distance of 0 for directly connected routes as well, but candidates often confuse JunOS preference values with Cisco administrative distances, leading them to incorrectly select 10 (OSPF) or 100 (static) as the default for direct routes.

How to eliminate wrong answers

Option A is wrong because 10 is the default preference for OSPF internal routes in JunOS, not for directly connected routes. Option B is wrong because 170 is the default preference for BGP routes (both EBGP and IBGP) in JunOS, not for directly connected routes. Option D is wrong because 100 is the default preference for static routes in JunOS, not for directly connected routes.

495
MCQeasy

A network administrator configures a default route using 'set routing-options static route 0.0.0.0/0 next-hop 10.0.0.1 preference 10' and later enables OSPF which also advertises a default route with default preference 150. Which route becomes active in the routing table?

A.Neither route becomes active due to conflicting protocols
B.Both routes are active for ECMP load balancing
C.Static route to 0.0.0.0/0 with next-hop 10.0.0.1
D.OSPF route to 0.0.0.0/0
AnswerC

Static route has lower preference (10) and becomes active.

Why this answer

The static route with preference 10 is preferred over the OSPF route with preference 150 because JunOS selects the route with the lowest preference value. Option A is correct. Option B is incorrect because higher preference is less preferred.

Option C is incorrect because ECMP requires equal cost routes, not different preference. Option D is incorrect because the static route is valid.

496
MCQmedium

You are a network engineer responsible for a Juniper MX240 router in a data center. The router is running Junos 18.2R1 and you need to upgrade it to 19.1R2 to fix a critical security vulnerability. You establish an SSH session to the router and enter configuration mode to prepare the upgrade. While in configuration mode, you notice that the candidate configuration contains several uncommitted changes from a previous engineer that attempted to modify BGP settings but introduced a syntax error. The candidate configuration fails any commit operation due to this error. The currently active configuration is stable and the router is handling production traffic. The upgrade process requires you to change the boot media and specify the new image. Which action should you take to clear the candidate configuration and proceed with the upgrade?

A.Reboot the router to clear the candidate configuration and then start the upgrade.
B.Execute the 'rollback 0' command to discard the candidate and replace it with the active configuration, then proceed with the upgrade commands.
C.Run the 'load override terminal' command and paste the active configuration from memory, then commit and upgrade.
D.Use the 'commit force' command to override the syntax error and commit the candidate, then perform the upgrade.
AnswerB

This clears the problematic candidate while preserving the active config.

Why this answer

Option B is correct because the 'rollback 0' command discards all uncommitted changes in the candidate configuration and replaces it with the active, committed configuration. This clears the syntax error without affecting the running router, allowing you to proceed with the upgrade commands (e.g., 'request system software add') without a reboot or forced commit.

Exam trap

The trap here is that candidates may think a reboot is needed to clear uncommitted changes (Option A) or that 'commit force' can bypass syntax errors (Option D), when in fact Junos provides a dedicated 'rollback' command to safely discard the candidate configuration without impacting the active state.

How to eliminate wrong answers

Option A is wrong because rebooting the router would disrupt production traffic and is unnecessary; the candidate configuration is not stored in active memory that requires a reboot to clear. Option C is wrong because 'load override terminal' is used to load a configuration from a terminal session, not to discard the candidate; it would require manually pasting the active config, which is error-prone and redundant when 'rollback 0' exists. Option D is wrong because 'commit force' does not override syntax errors; it only bypasses certain validation warnings (e.g., missing root password), and a syntax error in the candidate will still cause the commit to fail.

497
MCQmedium

An administrator is troubleshooting an interface and wants to see real-time packet statistics. Which command should they use?

A.traceoptions
B.show interfaces statistics
C.show interfaces extensive
D.monitor interface
AnswerD

monitor interface displays real-time interface statistics.

Why this answer

The 'monitor interface' command in Junos provides real-time, continuously updated packet statistics for a specified interface, making it the correct choice for live troubleshooting. Unlike static commands, it refreshes statistics every second until interrupted, allowing the administrator to observe traffic patterns as they occur.

Exam trap

The trap here is that candidates often confuse 'show interfaces statistics' (a static snapshot) with real-time monitoring, failing to recognize that only 'monitor interface' provides live, continuously updated data.

How to eliminate wrong answers

Option A is wrong because 'traceoptions' is used for debugging control-plane protocols (e.g., OSPF, BGP) by logging events to a file, not for viewing real-time interface packet statistics. Option B is wrong because 'show interfaces statistics' displays a static snapshot of cumulative packet counts at the moment the command is issued, not real-time updates. Option C is wrong because 'show interfaces extensive' provides detailed static output including errors and queue information, but it does not refresh automatically or show live statistics.

498
MCQhard

You are a network engineer for a large enterprise deploying a new data center using a spine-and-leaf architecture with Juniper QFX5100 switches. The underlay network uses OSPF for loopback reachability, and the overlay uses EBGP for EVPN. The leaf switches are configured as VTEPs (Virtual Tunnel Endpoints). One of the leaf switches, leaf-03, cannot establish OSPF adjacency with its spine switch, spine-01. The interfaces are up/up and the IP addresses are correctly configured. 'show ospf neighbor' on leaf-03 returns nothing. 'show ospf interface' shows the interface is in state DOWN. Both switches are configured with the same OSPF area (0.0.0.0) and the same hello interval (10 seconds). The MTU on both sides is 1500. Authentication is not configured. The spine switch has multiple OSPF neighbors from other leaves. The network is in production and other leaf switches are working fine. What is the most likely cause of the problem?

A.The OSPF network type is not consistent between the two switches.
B.The interface MTU is misconfigured on one side.
C.OSPF is disabled on the interface at the leaf switch.
D.Duplicate router ID on leaf-03 and spine-01.
AnswerC

If OSPF is not enabled on the interface, the OSPF interface state will be down.

Why this answer

Option B is correct because if the OSPF interface is down on leaf-03 but up/up at Layer 1, the most likely cause is that OSPF is disabled on that interface, or there is an OSPF passive interface configuration. Option A is wrong - router ID duplication would cause both to have issues, but other leaves are fine. Option C is wrong - if network type mismatch, the interface would still be up but adjacency would not form, but the interface state would be up (not down).

Option D is wrong - MTU mismatch would be at L3, but interface state would be up with adjacency failing.

499
Multi-Selecteasy

Which THREE modes can be used to enter configuration mode in Junos? (Choose three.)

Select 3 answers
A.configure static
B.configure private
C.configure shared
D.configure dynamic
E.configure exclusive
AnswersB, C, E

Creates a private copy of the candidate configuration.

Why this answer

Option B is correct because 'configure private' creates a private configuration session that isolates candidate changes from other users, allowing multiple users to stage changes simultaneously without interference. This mode is one of the three standard configuration modes in Junos, alongside exclusive and shared.

Exam trap

The trap here is that candidates may confuse Junos configuration modes with Cisco IOS configuration modes (like 'configure terminal' or 'configure memory'), leading them to select non-existent options like 'configure static' or 'configure dynamic'.

500
MCQeasy

Which operational command displays the system's current time and date?

A.show system time
B.show system uptime
C.show system inventory
D.show system processes
AnswerB

A includes current time and date.

Why this answer

The correct command to display the system's current time and date in Junos is 'show system uptime'. This command outputs the current time and date, along with how long the system has been running (uptime), the number of users, and the load averages. It is the standard operational command for checking the system clock on Juniper devices.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'show clock' or 'show time' to work, but Junos uses 'show system uptime' for time/date, and 'show system time' is not a valid command, leading to confusion between similar-sounding options.

How to eliminate wrong answers

Option A is wrong because 'show system time' is not a valid Junos operational command; the correct command for time and date is 'show system uptime'. Option C is wrong because 'show system inventory' displays hardware component details (e.g., serial numbers, part numbers, and version information), not the system time. Option D is wrong because 'show system processes' lists active processes and their resource usage (similar to 'ps' in Unix), not the current time and date.

501
MCQmedium

Refer to the exhibit. A host connected to ge-0/0/1 cannot reach a host connected to ge-0/0/2 even though both are in VLAN10. What is the most likely cause?

A.VLAN10 is not defined in the global VLAN configuration.
B.The hosts are configured with IP addresses on different subnets.
C.An IRB interface for VLAN10 is not configured.
D.The interface ge-0/0/2 is configured as a trunk port.
AnswerB

They can't communicate at Layer 2? Actually Layer 2 doesn't care about IP. So this is tricky. Actually within same VLAN, IP subnet must match for Layer 3, but Layer 2 should work. However if hosts are on different subnets, they need a router. But the question says 'cannot reach' - likely they try to ping. If on different subnets, they need default gateway. So the most likely cause is they are on different subnets and no gateway. Alternatively, the switch might have port security. But given typical JNCIA, this is plausible.

Why this answer

Option B is correct because for two hosts in the same VLAN to communicate at Layer 2, they must be in the same IP subnet. If the hosts are configured with IP addresses on different subnets, they will attempt to route traffic through a default gateway rather than sending ARP requests directly, causing communication failure even though they are in the same broadcast domain.

Exam trap

The trap here is that candidates often assume VLAN membership alone guarantees IP connectivity, overlooking the fundamental requirement that hosts must share the same IP subnet for direct Layer 2 communication.

How to eliminate wrong answers

Option A is wrong because VLAN10 does not need to be globally defined in the VLAN configuration for it to function; VLANs can be created dynamically on trunk ports or by simply assigning interfaces to a VLAN ID. Option C is wrong because an IRB (Integrated Routing and Bridging) interface is only required for Layer 3 routing between VLANs or for the VLAN to have an IP address for management; hosts within the same VLAN can communicate at Layer 2 without any IRB. Option D is wrong because if ge-0/0/2 were configured as a trunk port, it could still carry VLAN10 traffic as long as VLAN10 is allowed on that trunk; the trunk configuration alone does not prevent communication between hosts in the same VLAN.

502
MCQmedium

A network operations team has received a new Juniper router to replace an existing legacy router. The team needs to apply a baseline configuration that includes system settings, interfaces, and security policies. The configuration is provided as a text file containing Junos configuration hierarchy syntax (e.g., 'system { host-name... }'). The engineer connects to the console and sees the prompt 'root@%'. What is the most efficient way to apply the configuration?

A.Use the 'load set' command to load a set of configuration commands.
B.Use FTP to transfer the file and then commit.
C.Enter configuration mode and manually type each command.
D.Use the 'load merge' command to merge the configuration file.
AnswerD

This reads a hierarchy-format file and merges it into the candidate configuration.

Why this answer

Option D is correct because the engineer is at the shell prompt (root@%), not in configuration mode. The 'load merge' command is used within configuration mode to merge a configuration file (in Junos hierarchy syntax) into the candidate configuration, which is the most efficient way to apply a pre-written baseline configuration without manual typing or complex file transfers.

Exam trap

The trap here is that candidates may confuse the shell prompt (root@%) with the configuration mode prompt (root@#) and attempt to use 'load merge' directly at the shell, which fails; they must first enter configuration mode with 'configure' or 'edit' before loading the file.

How to eliminate wrong answers

Option A is wrong because 'load set' is used to load a file containing 'set' commands (flat format), not the hierarchical configuration syntax provided; using it on a hierarchy file would cause syntax errors. Option B is wrong because FTP transfer is unnecessary and inefficient; Junos supports loading configuration files directly from local storage or via SCP/HTTP, and FTP adds security risks and extra steps. Option C is wrong because manually typing each command is time-consuming and error-prone, defeating the purpose of having a pre-written configuration file.

503
MCQeasy

Refer to the exhibit. Which route will be used to forward traffic to 192.168.1.0/24?

A.Neither route is valid
B.The route via 10.0.0.1 because it was learned later
C.Both routes are used for load balancing
D.The route via 10.0.0.2 because it has a lower metric
AnswerD

OSPF selects the route with the lowest metric.

Why this answer

The route via 10.0.0.2 is correct because Junos uses the route preference (administrative distance) to select the best route when multiple routes to the same destination exist. OSPF has a default preference of 10, while static routes have a default preference of 5, but here the static route via 10.0.0.2 has a metric of 0 (lower than OSPF's metric of 2), and since both are active, the lower metric does not override preference; however, the exhibit shows the static route is preferred because it has a lower preference value (5 vs 10), making it the active route in the routing table.

Exam trap

The trap here is that candidates often focus on the metric (cost) values shown in the output and assume the lower metric always wins, forgetting that Junos first compares route preference (administrative distance) before considering metric.

How to eliminate wrong answers

Option A is wrong because both routes are valid (active) in the routing table, as shown by the 'Active' flag in the output. Option B is wrong because Junos does not use learning time as a tiebreaker; route selection is based on preference and then metric, not chronological order. Option C is wrong because load balancing only occurs when multiple routes have equal preference and equal metric; here the static route has preference 5 and metric 0, while the OSPF route has preference 10 and metric 2, so they are not equal.

504
Multi-Selectmedium

Which THREE statements are true regarding static routes in Junos?

Select 3 answers
A.A static route can have a next-hop of a directly connected interface.
B.Static routes require OSPF to be enabled on the router.
C.Static routes automatically generate ICMP redirect messages.
D.A static route can be configured to discard traffic.
E.The default preference for a static route is 5.
AnswersA, D, E

Static routes can use a next-hop of an interface, e.g., 'set route 0.0.0.0/0 next-hop ge-0/0/0.0'.

Why this answer

A static route can have a next-hop of a directly connected interface, meaning the router will consider the destination as directly reachable out that interface without needing an explicit IP next-hop. This is valid in Junos and is often used for point-to-point links or when the next-hop address is not required.

Exam trap

The trap here is that candidates may confuse the default preference of static routes in Junos (5) with Cisco's default administrative distance (1), leading them to incorrectly reject option E or assume static routes require a dynamic protocol like OSPF.

505
MCQhard

While troubleshooting a routing loop, an administrator captures traffic on an interface and sees packets with TTL=1 being forwarded. This indicates a potential misconfiguration. Which command can be used to verify whether the interface is configured with 'no-ttl-propagate'?

A.show interfaces ge-0/0/0 detail
B.show configuration interfaces ge-0/0/0
C.monitor traffic interface ge-0/0/0
D.show route forwarding-table
AnswerA

Displays TTL propagate flags under the interface details.

Why this answer

The 'no-ttl-propagate' configuration is applied at the interface level to prevent TTL decrement for certain protocols like MPLS. To verify this setting, you must check the interface configuration details, which are displayed by 'show interfaces ge-0/0/0 detail'. This command shows all interface properties, including any TTL propagation settings, whereas the configuration-only view may omit operational defaults.

Exam trap

The trap here is that candidates often assume 'show configuration interfaces' will reveal all active settings, but Junos hides default or inherited parameters unless explicitly configured, making 'show interfaces detail' necessary to see operational TTL propagation behavior.

How to eliminate wrong answers

Option B is wrong because 'show configuration interfaces ge-0/0/0' displays only the explicit configuration statements; if 'no-ttl-propagate' is not explicitly configured, it will not appear, even if the default behavior is active. Option C is wrong because 'monitor traffic interface ge-0/0/0' captures live packet headers but does not display interface configuration parameters like TTL propagation settings. Option D is wrong because 'show route forwarding-table' shows the forwarding table entries and next-hop information, not interface-level protocol options such as TTL propagation.

506
Multi-Selectmedium

Which TWO statements are true regarding the Junos OS commit model?

Select 2 answers
A.Configuration changes are activated immediately upon entering the 'set' command.
B.The 'commit check' command activates the candidate configuration if syntax is valid.
C.Multiple users can make changes simultaneously in configure private mode.
D.The 'commit confirmed' command automatically commits changes permanently.
E.The 'commit' command activates the candidate configuration.
AnswersC, E

Private mode allows multiple users to have their own candidate configurations.

Why this answer

Option C is correct because Junos OS allows multiple users to enter configure private mode, where each user has an independent candidate configuration. This prevents conflicts and allows simultaneous edits without interfering with each other's changes. Option E is correct because the 'commit' command activates the candidate configuration, making it the active configuration on the device.

Exam trap

The trap here is that candidates often confuse 'commit check' with actually activating the configuration, or assume that 'set' commands take effect immediately as in some other network operating systems like Cisco IOS, where changes are applied in real time unless using configuration sessions.

507
Multi-Selectmedium

Which two events typically trigger a change to the routing table? (Choose two.)

Select 2 answers
A.Interface state change
B.System uptime
C.Log file rotation
D.BGP neighbor reset
E.Configuration commit
AnswersA, D

Directly triggers routing table updates.

Why this answer

An interface state change (up/down) directly affects the reachability of directly connected networks, causing Junos to add or remove the corresponding routes from the routing table. Similarly, a BGP neighbor reset tears down and re-establishes the TCP session, which triggers the withdrawal and re-advertisement of all BGP routes, thus modifying the routing table.

Exam trap

The trap here is that candidates often confuse a configuration commit with an automatic routing table change, but a commit only activates the configuration; it does not directly modify the routing table unless the configuration itself triggers a protocol event or interface change.

508
Multi-Selecteasy

Which TWO statements about ARP are correct? (Select two.)

Select 2 answers
A.ARP request is sent to the broadcast MAC address
B.ARP request is sent to a multicast MAC address
C.ARP reply is sent to the broadcast MAC address
D.ARP is used for both IPv4 and IPv6
E.ARP reply is sent directly to the requesting host's MAC address
AnswersA, E

ARP requests are broadcast to all hosts in the subnet.

Why this answer

Option A is correct because an ARP request is sent as a broadcast frame to the destination MAC address FF:FF:FF:FF:FF:FF, ensuring all hosts on the local network segment receive it. This allows the host with the target IP address to respond. Option E is correct because the ARP reply is unicast directly to the requesting host's MAC address, which was learned from the source hardware address field in the ARP request.

Exam trap

The trap here is that candidates often confuse ARP with IPv6 Neighbor Discovery, mistakenly thinking ARP works for both IPv4 and IPv6, or they assume ARP replies are broadcast because ARP requests are broadcast.

509
Multi-Selectmedium

Which TWO commands can be used to save the current Junos configuration to a file on the local flash drive? (Choose two.)

Select 2 answers
A.file copy /config/juniper.conf.gz /config/backup.conf
B.request system configuration rescue save
C.copy flash:juniper.conf.gz /config/backup.conf
D.show configuration | save /config/backup.conf
E.save /config/backup.conf
AnswersD, E

This operational mode command saves the active configuration to the specified file.

Why this answer

Option D is correct because the 'show configuration | save' command pipes the current active configuration (from the candidate or active configuration) directly to a file, allowing you to save it to a specified path like /config/backup.conf on the local flash drive. This is a standard method for exporting the running configuration to a file in Junos.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly choose option C ('copy flash:...') because it resembles the Cisco command for copying files, but Junos uses different syntax and filesystem references, and options D and E are the correct Junos-specific commands for saving the current configuration to a file.

510
Drag & Dropmedium

Order the steps to configure a VLAN on an EX Series switch running Junos.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

VLANs are created under 'vlans' hierarchy, then interfaces are assigned as access ports. Commit and verify.

511
MCQeasy

You are a junior network engineer tasked with upgrading the Junos OS on a pair of EX3400 switches that are in a Virtual Chassis. You have downloaded the new software image to the primary switch. Before performing the upgrade, you must verify the image's integrity and check the current version. Which sequence of commands should you use?

A.Run 'show system uptime' and then 'request system software add /var/tmp/junos-new.tgz'.
B.Run 'show system software' and then 'request system software add validate'.
C.Run 'show version' and then 'request system software validate /var/tmp/junos-new.tgz'.
D.Run 'show configuration system software' and then 'file checksum sha256 /var/tmp/junos-new.tgz'.
AnswerC

Validates image integrity and shows current version.

Why this answer

Option C is correct because 'show version' displays the current Junos OS version running on the switch, which is necessary to confirm the starting point before an upgrade. Then 'request system software validate /var/tmp/junos-new.tgz' performs a checksum verification and package integrity check on the image file without installing it, ensuring the image is not corrupted. This sequence directly addresses the two tasks: verifying the image's integrity and checking the current version.

Exam trap

The trap here is that candidates confuse 'show system software' (a non-existent command) with 'show version', or think that 'file checksum sha256' alone is sufficient for integrity verification, missing the fact that Junos requires the full 'request system software validate' command to perform a comprehensive package check before installation.

How to eliminate wrong answers

Option A is wrong because 'show system uptime' shows how long the switch has been running, not the current software version, and 'request system software add /var/tmp/junos-new.tgz' immediately installs the image without any integrity validation. Option B is wrong because 'show system software' is not a valid Junos command (the correct command is 'show version' or 'show system software information'), and 'request system software add validate' is syntactically incorrect—the correct syntax is 'request system software validate <filename>'. Option D is wrong because 'show configuration system software' displays the software-related configuration (e.g., licenses), not the current running version, and while 'file checksum sha256' does verify integrity, it only checks the hash and does not perform the full package validation that 'request system software validate' does, nor does it check the current version.

512
Multi-Selecthard

Which TWO statements correctly describe the behavior of the 'commit confirmed' command in Junos?

Select 2 answers
A.The confirmation timeout can be modified by specifying a number of minutes.
B.The default confirmation timeout is 5 minutes.
C.It requires a reboot to revert to the previous configuration.
D.It activates the configuration and schedules an automatic rollback unless confirmed.
E.It stages the configuration in the candidate configuration but does not apply it until confirmed.
AnswersA, D

Correct: The timeout can be set from 1 to 65535 minutes.

Why this answer

Option A is correct because the `commit confirmed` command in Junos accepts an optional numeric argument (in minutes) to override the default confirmation timeout. For example, `commit confirmed 10` sets a 10-minute window during which the administrator must issue a `commit` to make the changes permanent; otherwise, the system automatically rolls back to the previous active configuration.

Exam trap

The trap here is that candidates often confuse the default timeout with Cisco's 5-minute default for `configure confirm` or mistakenly think the configuration is only staged and not applied until confirmed, whereas Junos immediately activates it and schedules an automatic rollback.

513
Multi-Selectmedium

Which THREE pipe modifiers can be used to filter command output? (Choose three.)

Select 3 answers
A.no-more
B.count
C.display set
D.match
E.except
AnswersB, D, E

Counts the number of lines in the output.

Why this answer

Option B is correct because the 'count' pipe modifier in Junos counts the number of lines in the command output, effectively filtering by providing a numeric summary rather than displaying the actual lines. This is a valid pipe modifier used to filter or transform command output in the Junos CLI.

Exam trap

The trap here is that candidates often confuse pipe modifiers that change display behavior (like 'no-more' or 'display set') with those that actually filter the output content, leading them to select 'no-more' as a filtering modifier when it only controls pagination.

514
MCQmedium

An engineer is troubleshooting a connectivity issue and wants to see real-time interface traffic statistics. Which command provides continuous updates?

A.show interface statistics
B.monitor interface traffic
C.monitor start messages
D.show interfaces extensive
AnswerB

Continuously updates interface traffic statistics.

Why this answer

The `monitor interface traffic` command in Junos OS provides a real-time, continuously updating display of interface traffic statistics, making it the correct choice for live monitoring. Unlike static commands that show a single snapshot, this command refreshes the output at a default interval (typically 1 second) until the user interrupts it with Ctrl+C.

Exam trap

The trap here is that candidates often confuse `monitor interface traffic` with `show interface statistics`, assuming both provide live updates, but only the `monitor` command offers continuous real-time output in Junos OS.

How to eliminate wrong answers

Option A is wrong because `show interface statistics` displays a static snapshot of interface counters at the moment the command is executed, not continuous updates. Option C is wrong because `monitor start messages` is used to monitor system log messages in real time, not interface traffic statistics. Option D is wrong because `show interfaces extensive` provides a detailed static output of interface configuration and statistics, but does not offer continuous, live updates.

Page 6

Page 7 of 7

All pages