CCNA Operational Monitoring and Maintenance Questions

15 of 90 questions · Page 2/2 · Operational Monitoring and Maintenance · Answers revealed

76
Multi-Selectmedium

Which THREE operational commands are used to monitor interface statistics and status? (Select three.)

Select 3 answers
A.show interfaces terse
B.monitor interface
C.show interfaces
D.show log interfaces
E.show interfaces diagnostics
AnswersA, B, C

Shows a concise status of all interfaces.

Why this answer

Option A is correct because 'show interfaces terse' provides a concise summary of all interfaces, including their administrative and operational status (up/down) and protocol states, making it ideal for a quick health check. Option B is correct because 'monitor interface' is a real-time operational command that continuously displays interface statistics and status updates, useful for live traffic observation. Option C is correct because 'show interfaces' displays detailed interface statistics, including packet counts, errors, and operational status, which is the primary command for in-depth interface monitoring.

Exam trap

The trap here is that candidates may confuse 'show log interfaces' with the valid 'show log' command or mistakenly think 'show interfaces diagnostics' is a catch-all command, when in reality Junos requires specific sub-commands like 'show interfaces diagnostics optics' for optics monitoring.

77
MCQhard

During a maintenance window, an engineer plans to replace a line card. Which command sequence is most appropriate to gracefully deactivate the card before removal?

A.request chassis pic slot <slot> offline; request chassis fpc <slot> offline
B.delete interfaces fxp0
C.set interfaces <name> disable
D.request system reboot
AnswerA

Gracefully deactivates the PIC and FPC.

Why this answer

Option A is correct because the 'request chassis fpc <slot> offline' command gracefully deactivates the Flexible PIC Concentrator (FPC) by stopping traffic, closing sessions, and powering down the line card safely. The 'request chassis pic slot <slot> offline' command is used for individual PICs, but for a full line card (FPC), the FPC-level command is the appropriate sequence to ensure no traffic disruption or hardware damage during removal.

Exam trap

The trap here is that candidates may confuse PIC-level and FPC-level commands, thinking 'request chassis pic slot <slot> offline' alone is sufficient for a line card, when the FPC command is required to deactivate the entire card including all its PICs and power supply.

How to eliminate wrong answers

Option B is wrong because 'delete interfaces fxp0' removes the management Ethernet interface configuration, which would disrupt out-of-band management access but does not deactivate the line card or its traffic. Option C is wrong because 'set interfaces <name> disable' only administratively disables a specific interface, not the entire line card or its PICs, and does not gracefully power down the hardware. Option D is wrong because 'request system reboot' restarts the entire Junos OS, which is disruptive and unnecessary for a single line card replacement, and does not target the specific card for graceful deactivation.

78
MCQmedium

A network engineer notices that traffic to a critical server is being dropped intermittently. The server is reachable via a static route on the Juniper router. The engineer checks the routing table and sees the route is present. Which operational command should the engineer use next to isolate the issue?

A.show interfaces terse
B.show route 10.0.0.1
C.show arp
D.show route forwarding-table destination 10.0.0.1
AnswerD

Shows the forwarding table entry used by the PFE.

Why this answer

Option D is correct because the `show route forwarding-table destination 10.0.0.1` command displays the actual forwarding entry in the kernel's forwarding table (FIB). Even if the route is present in the routing table (RIB), a mismatch between the RIB and FIB can cause traffic drops. This command directly verifies whether the route has been installed into the forwarding table, isolating the issue to a possible hardware or kernel programming failure.

Exam trap

The trap here is that candidates assume a route present in the routing table guarantees it is being used for forwarding, but Junos separates control plane (RIB) from forwarding plane (FIB), so the FIB must be checked separately to identify programming failures.

How to eliminate wrong answers

Option A is wrong because `show interfaces terse` only displays interface status and configuration, not the routing or forwarding state for a specific destination. Option B is wrong because `show route 10.0.0.1` shows the route in the routing table (RIB), which the engineer already confirmed is present; it does not reveal whether the route is correctly programmed into the forwarding table (FIB). Option C is wrong because `show arp` displays the ARP cache for resolving next-hop MAC addresses, but the issue is about traffic being dropped despite a valid route, not about Layer 2 resolution failures.

79
MCQmedium

A network engineer notices that the device is not accepting any configuration changes. The engineer suspects the configuration database is locked. Which command can be used to confirm if the configuration is locked and by which session?

A.show system rollback compare
B.show system commit
C.show system configuration lock
D.show system database
AnswerC

Shows configuration lock information.

Why this answer

Option C is correct because the 'show system configuration lock' command displays information about any current configuration database locks, including the session ID, user, and time the lock was acquired. This directly confirms whether the configuration is locked and by which session, allowing the engineer to identify the blocking session.

Exam trap

The trap here is that candidates may confuse 'show system configuration lock' with other 'show system' commands like 'show system commit' or 'show system rollback', which serve different purposes and do not reveal lock information.

How to eliminate wrong answers

Option A is wrong because 'show system rollback compare' is used to compare configuration rollback snapshots, not to check for configuration locks. Option B is wrong because 'show system commit' displays the commit history and status, not information about active configuration locks. Option D is wrong because 'show system database' is not a valid Junos command; the correct command for database-related information is 'show system database' does not exist—the relevant command for lock information is 'show system configuration lock'.

80
MCQmedium

A BGP session is flapping. The engineer runs 'show log messages' and sees 'BGP recv Notification' with error code 'Cease'. What does this indicate?

A.The BGP table is full
B.The hold timer expired
C.The remote peer closed the connection
D.The interface went down
AnswerC

Cease notification means session terminated by peer.

Why this answer

A BGP Cease notification indicates that the remote peer has closed the BGP session, often due to an administrative shutdown, configuration change, or error condition on the peer. The 'BGP recv Notification' message means the local router received this notification from the peer, so the remote peer initiated the closure.

Exam trap

The trap here is that candidates often confuse 'Cease' with a hold timer expiration, but 'Cease' is a clean notification sent by the peer, while hold timer expiration is a local detection of a missed keepalive.

How to eliminate wrong answers

Option A is wrong because a full BGP table would typically cause a 'BGP recv Notification' with error code 'Resource' or 'Maximum Prefixes', not 'Cease'. Option B is wrong because a hold timer expiration results in a 'Hold Timer Expired' error code, not 'Cease'. Option D is wrong because an interface going down would cause a BGP session reset due to a TCP connection failure, not a clean 'Cease' notification.

81
MCQhard

Refer to the exhibit. A network engineer sees repeated 'PFE interrupt error' messages in the log for fpc0. What is the most likely impact and recommended action?

A.Remove and reinsert the PIC on FPC0 to reseat the connection.
B.Restart the PFE process using 'restart pfe' command.
C.Perform a software upgrade on the router to fix a known bug.
D.Replace the line card (FPC0) as it is experiencing hardware failures causing traffic loss.
AnswerD

The repeated PFE interrupts suggest hardware failure; replacement is needed.

Why this answer

The 'PFE interrupt error' message indicates a hardware-level failure on the Packet Forwarding Engine (PFE) of FPC0. Since the PFE is responsible for forwarding packets, such errors typically cause traffic loss or drops. The recommended action is to replace the line card (FPC0) because persistent PFE interrupt errors are symptomatic of a hardware fault that cannot be resolved by software resets or upgrades.

Exam trap

The trap here is that candidates confuse 'PFE interrupt error' with a software process issue and choose to restart the PFE process, but the repeated nature of the error points to a hardware fault requiring line card replacement.

How to eliminate wrong answers

Option A is wrong because removing and reinserting the PIC (Physical Interface Card) addresses issues at the PIC level, not the PFE on the FPC; PFE interrupt errors originate from the FPC's forwarding engine, not the PIC. Option B is wrong because restarting the PFE process ('restart pfe') is a temporary software reset that may clear transient errors but does not fix underlying hardware failures; repeated errors indicate a persistent hardware issue. Option C is wrong because while software upgrades can fix known bugs, 'PFE interrupt error' messages are typically hardware-related, and a software upgrade would not resolve a physical fault on the line card.

82
MCQmedium

Refer to the exhibit. A network administrator notices intermittent connectivity issues. Based on the log messages, what is the most likely cause?

A.The ISIS protocol has a configuration error that prevents adjacency.
B.The interface ge-0/0/0 is experiencing a physical layer issue causing it to flap.
C.An SNMP trap is causing a loop in the network.
D.The router's MIB is corrupted causing false logs.
AnswerB

The logs show a link down followed by a rapid recovery, consistent with a physical layer problem like a bad cable or SFP.

Why this answer

The log shows rapid down/up events (flapping) on interface ge-0/0/0. This pattern typically indicates a physical layer problem such as a faulty cable or transceiver. Option B is plausible but the traps are symptoms, not the cause.

Option C is less likely because the adjacency recovers quickly. Option D is unsupported by the logs.

83
MCQhard

An administrator suspects that an interface is flapping but the router is remote and the connection is intermittent. The administrator wants to monitor the interface status without maintaining an SSH session. Which approach should be used?

A.Configure event-options to trigger on interface down and send syslog
B.Use 'monitor interface ge-0/0/0' and rely on terminal persistence
C.Use 'monitor start' to capture logs
D.Schedule a cron job to run 'show interfaces ge-0/0/0' every minute and log output
AnswerA

Logs events remotely without requiring an active SSH session.

Why this answer

Option A is correct because Junos event-options allows you to define an event policy that triggers on a specific event, such as an interface down transition, and then executes an action like sending a syslog message. This enables asynchronous monitoring without requiring an active SSH session, making it ideal for intermittent connectivity scenarios.

Exam trap

The trap here is that candidates confuse real-time monitoring commands like 'monitor interface' with persistent event-driven monitoring, assuming that terminal persistence or log capture can substitute for an event-based solution that works without an active session.

How to eliminate wrong answers

Option B is wrong because 'monitor interface' is a real-time CLI command that requires an active SSH session to display continuous output; it does not persist after the session ends. Option C is wrong because 'monitor start' is used to capture log file output in real time, but it also requires an active SSH session and does not trigger on specific events like interface flapping. Option D is wrong because scheduling a cron job on a remote router is not a native Junos feature; Junos does not support cron, and the approach would require an external management server, not a solution directly on the device.

84
MCQhard

Refer to the exhibit. Based on the log messages, what is the most likely cause of the interface flapping?

A.Faulty SFP module
B.MTU mismatch
C.Duplicate IP address
D.Spanning tree topology change
AnswerA

Rapid link up/down events (flapping) are often caused by physical layer issues such as a faulty SFP, loose cable, or bad fiber. This pattern is characteristic of hardware failure.

Why this answer

The log messages show repeated link up/down events (interface flapping). In Junos, interface flapping is most commonly caused by a faulty SFP module, as physical layer issues like degraded optics or loose connections trigger continuous link transitions. The logs typically show 'link up' followed by 'link down' without any protocol-level errors, pointing to a hardware fault rather than configuration mismatches.

Exam trap

The trap here is that candidates often attribute interface flapping to higher-layer issues like MTU or IP conflicts, but Junos logs physical link transitions (up/down) are almost always due to Layer 1 problems such as faulty optics, cables, or hardware, not configuration mismatches.

How to eliminate wrong answers

Option B is wrong because an MTU mismatch causes packet fragmentation or drops but does not cause the physical link state to toggle; it would generate error counters or ICMP messages, not interface up/down events. Option C is wrong because a duplicate IP address results in address conflict logs and connectivity issues, not physical interface flapping; Junos would log 'Duplicate IP address detected' or ARP-related errors. Option D is wrong because spanning tree topology changes affect forwarding state (blocking/forwarding) but do not cause the interface itself to go up/down; STP events would show 'STP topology change' in logs, not link state transitions.

85
MCQeasy

Which command displays the version of Junos OS currently running on the device?

A.show version
B.show system hardware
C.show system uptime
D.show system information
AnswerA

Displays Junos OS version.

Why this answer

The 'show version' command is the standard Junos CLI command that displays the Junos OS version currently running on the device, including the software release, build date, and the type of software (e.g., Junos 22.4R2.11). It is the direct equivalent of 'show version' in Cisco IOS and is the primary command for verifying the active software image.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'show version' to be the correct command, but Junos also uses 'show version' for the same purpose, while 'show system information' is a distractor that sounds plausible but is not a valid Junos command.

How to eliminate wrong answers

Option B is wrong because 'show system hardware' displays detailed hardware inventory (e.g., chassis, FPCs, PICs, serial numbers) but does not show the Junos OS version. Option C is wrong because 'show system uptime' shows how long the device has been running, the load averages, and the time since last reboot, but not the OS version. Option D is wrong because 'show system information' is not a valid Junos command; the correct command for general system information is 'show system info' (which shows hostname, model, serial number, etc.), but it does not display the Junos OS version.

86
MCQhard

A network engineer needs to verify the checksum of a downloaded Junos image before installation. Which command is used?

A.file checksum sha256 <filename>
B.compare <filename> original
C.request system software validate <filename>
D.show system software
AnswerA

Computes the SHA-256 checksum.

Why this answer

Option A is correct because the `file checksum sha256 <filename>` command computes the SHA-256 hash of the specified file, allowing the engineer to compare it against the published checksum from Juniper Networks to verify integrity and authenticity before installation. This ensures the image has not been corrupted or tampered with during download.

Exam trap

The trap here is that candidates confuse the `request system software validate` command, which performs a package validation, with a checksum verification, but it does not compute or display a cryptographic hash for external comparison.

How to eliminate wrong answers

Option B is wrong because `compare <filename> original` is not a valid Junos command; it is likely confused with the `file compare` command used to diff two files, not to verify checksums. Option C is wrong because `request system software validate <filename>` validates the software package's internal integrity and compatibility with the current system, but it does not compute or display a checksum for external verification against a published hash. Option D is wrong because `show system software` displays installed software packages and their versions, not a checksum verification function for a downloaded image.

87
MCQeasy

An engineer needs to check the last time the configuration was changed. Which command provides this information?

A.show system commit
B.show configuration | display set
C.show system alarms
D.show system uptime
AnswerA

Displays commit log with timestamps.

Why this answer

The 'show system commit' command displays the commit history, including the date, time, and user for each configuration change. This allows the engineer to see exactly when the last configuration was committed, which is the definitive way to determine the last time the configuration was changed.

Exam trap

The trap here is that candidates often confuse 'show configuration' (which shows the current config) with a command that shows when the config was last changed, but only 'show system commit' provides the timestamp of the last commit.

How to eliminate wrong answers

Option B is wrong because 'show configuration | display set' shows the current active configuration in set format, but it does not include any timestamp or commit history to indicate when the configuration was last changed. Option C is wrong because 'show system alarms' displays active system alarms (such as hardware or software issues), not configuration change timestamps. Option D is wrong because 'show system uptime' shows how long the device has been running and the time since the last reboot, but it does not provide any information about configuration commit times.

88
MCQeasy

Refer to the exhibit. Which route will be used to forward traffic to 192.168.1.0/24?

A.Neither route is valid
B.The route via 10.0.0.1 because it was learned later
C.Both routes are used for load balancing
D.The route via 10.0.0.2 because it has a lower metric
AnswerD

OSPF selects the route with the lowest metric.

Why this answer

The route via 10.0.0.2 is correct because Junos uses the route preference (administrative distance) to select the best route when multiple routes to the same destination exist. OSPF has a default preference of 10, while static routes have a default preference of 5, but here the static route via 10.0.0.2 has a metric of 0 (lower than OSPF's metric of 2), and since both are active, the lower metric does not override preference; however, the exhibit shows the static route is preferred because it has a lower preference value (5 vs 10), making it the active route in the routing table.

Exam trap

The trap here is that candidates often focus on the metric (cost) values shown in the output and assume the lower metric always wins, forgetting that Junos first compares route preference (administrative distance) before considering metric.

How to eliminate wrong answers

Option A is wrong because both routes are valid (active) in the routing table, as shown by the 'Active' flag in the output. Option B is wrong because Junos does not use learning time as a tiebreaker; route selection is based on preference and then metric, not chronological order. Option C is wrong because load balancing only occurs when multiple routes have equal preference and equal metric; here the static route has preference 5 and metric 0, while the OSPF route has preference 10 and metric 2, so they are not equal.

89
Multi-Selectmedium

Which two events typically trigger a change to the routing table? (Choose two.)

Select 2 answers
A.Interface state change
B.System uptime
C.Log file rotation
D.BGP neighbor reset
E.Configuration commit
AnswersA, D

Directly triggers routing table updates.

Why this answer

An interface state change (up/down) directly affects the reachability of directly connected networks, causing Junos to add or remove the corresponding routes from the routing table. Similarly, a BGP neighbor reset tears down and re-establishes the TCP session, which triggers the withdrawal and re-advertisement of all BGP routes, thus modifying the routing table.

Exam trap

The trap here is that candidates often confuse a configuration commit with an automatic routing table change, but a commit only activates the configuration; it does not directly modify the routing table unless the configuration itself triggers a protocol event or interface change.

90
MCQeasy

You are a junior network engineer tasked with upgrading the Junos OS on a pair of EX3400 switches that are in a Virtual Chassis. You have downloaded the new software image to the primary switch. Before performing the upgrade, you must verify the image's integrity and check the current version. Which sequence of commands should you use?

A.Run 'show system uptime' and then 'request system software add /var/tmp/junos-new.tgz'.
B.Run 'show system software' and then 'request system software add validate'.
C.Run 'show version' and then 'request system software validate /var/tmp/junos-new.tgz'.
D.Run 'show configuration system software' and then 'file checksum sha256 /var/tmp/junos-new.tgz'.
AnswerC

Validates image integrity and shows current version.

Why this answer

Option C is correct because 'show version' displays the current Junos OS version running on the switch, which is necessary to confirm the starting point before an upgrade. Then 'request system software validate /var/tmp/junos-new.tgz' performs a checksum verification and package integrity check on the image file without installing it, ensuring the image is not corrupted. This sequence directly addresses the two tasks: verifying the image's integrity and checking the current version.

Exam trap

The trap here is that candidates confuse 'show system software' (a non-existent command) with 'show version', or think that 'file checksum sha256' alone is sufficient for integrity verification, missing the fact that Junos requires the full 'request system software validate' command to perform a comprehensive package check before installation.

How to eliminate wrong answers

Option A is wrong because 'show system uptime' shows how long the switch has been running, not the current software version, and 'request system software add /var/tmp/junos-new.tgz' immediately installs the image without any integrity validation. Option B is wrong because 'show system software' is not a valid Junos command (the correct command is 'show version' or 'show system software information'), and 'request system software add validate' is syntactically incorrect—the correct syntax is 'request system software validate <filename>'. Option D is wrong because 'show configuration system software' displays the software-related configuration (e.g., licenses), not the current running version, and while 'file checksum sha256' does verify integrity, it only checks the hash and does not perform the full package validation that 'request system software validate' does, nor does it check the current version.

← PreviousPage 2 of 2 · 90 questions total

Ready to test yourself?

Try a timed practice session using only Operational Monitoring and Maintenance questions.