CCNA Junos OS Fundamentals Questions

75 of 90 questions · Page 1/2 · Junos OS Fundamentals · Answers revealed

1
MCQhard

An engineer suspects that a recent software upgrade caused a compatibility issue. Which command should be used to revert the Junos OS to the previous version?

A.rollback 0
B.request system software rollback
C.request system reboot
D.request system software delete jinstall-*.tgz
AnswerB

This command triggers a rollback to the previous software partition.

Why this answer

The 'request system software rollback' command is the correct method to revert the Junos OS to the previously installed version. This command triggers a reboot and loads the previous software set from the /altroot partition, effectively undoing the upgrade while preserving the configuration.

Exam trap

The trap here is confusing 'rollback' in the context of configuration management (rollback 0) with software version rollback, leading candidates to mistakenly choose option A.

How to eliminate wrong answers

Option A is wrong because 'rollback 0' reverts the candidate configuration to the most recently committed configuration, not the operating system software version. Option C is wrong because 'request system reboot' simply reboots the device without changing the software version. Option D is wrong because 'request system software delete' removes a software package from storage but does not activate a previous version; the device would still boot the current version unless a rollback is performed.

2
Drag & Dropmedium

Order the steps to configure a user account with a password in Junos.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

User accounts require a class (privilege level) and authentication method (e.g., plain-text-password).

3
MCQeasy

A network engineer needs to check the operational status of all interfaces on a Juniper device. Which command provides a summary of interface status including link state, protocol state, and error counters?

A.show interfaces
B.show configuration interfaces
C.show interfaces terse
D.show interface descriptions
AnswerC

This command displays interface status in a compact format.

Why this answer

Option C is correct because the 'show interfaces terse' command provides a concise summary of all interfaces, displaying the interface name, administrative status (Admin), link state (Link), protocol state (Proto), and a brief description. This command is specifically designed for a quick operational overview, including error counters in the full output when combined with other flags, but the terse output itself focuses on status and protocol state, which directly meets the engineer's requirement.

Exam trap

The trap here is that candidates often confuse 'show interfaces terse' with 'show interfaces' or 'show configuration interfaces', assuming that a summary of operational status requires the full verbose output or configuration view, but Junos specifically uses 'terse' for a compact operational summary.

How to eliminate wrong answers

Option A is wrong because 'show interfaces' displays detailed interface information including extensive configuration and statistics, but it does not provide a summary format; it shows each interface in a verbose block, which is not a concise summary of status and protocol state. Option B is wrong because 'show configuration interfaces' displays the configured interface settings from the candidate or active configuration, not the operational status, link state, or protocol state; it is a configuration command, not an operational status command. Option D is wrong because 'show interface descriptions' is not a valid Junos command; the correct command is 'show interfaces descriptions' (with an 's'), which shows interface descriptions but does not include link state, protocol state, or error counters.

4
Multi-Selectmedium

Which THREE actions can be performed in operational mode on a Junos device?

Select 3 answers
A.Commit configuration changes
B.Ping a remote host
C.Configure interface IP addresses
D.View system logs
E.Reboot the chassis
AnswersB, D, E

Ping is an operational command.

Why this answer

Operational mode in Junos is used for monitoring, troubleshooting, and managing the device, not for making configuration changes. The 'ping' command is a standard operational mode command that sends ICMP echo requests to a remote host to test network connectivity, making option B correct.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly think that configuration commands like 'commit' or 'set interface' can be executed in operational mode, but Junos strictly enforces the separation between operational and configuration modes.

5
MCQeasy

A network administrator needs to remove all configuration changes made since the last commit without affecting the current active configuration. Which command should be used?

A.rollback 1
B.deactivate
C.rollback 0
D.delete
AnswerC

rollback 0 reverts to the last committed configuration, discarding uncommitted changes.

Why this answer

The `rollback 0` command reverts the candidate configuration to the currently active committed configuration, discarding all uncommitted changes without affecting the active configuration. This is the correct way to undo all modifications made since the last commit while keeping the running configuration intact.

Exam trap

The trap here is confusing `rollback 0` with `rollback 1`; candidates often think rollback 1 reverts to the last committed state, but rollback 0 is the correct way to discard uncommitted changes while preserving the active configuration.

How to eliminate wrong answers

Option A is wrong because `rollback 1` reverts to the configuration from the previous commit, not the current active configuration, and would discard the last committed changes. Option B is wrong because `deactivate` only disables a specific configuration statement or hierarchy, it does not remove all uncommitted changes. Option D is wrong because `delete` removes specific configuration statements from the candidate configuration, but it does not revert all uncommitted changes in a single operation.

6
MCQeasy

A user needs to access the operational mode on a Junos device. What is the default prompt in operational mode?

A.user@host$
B.user@host%
C.user@host#
D.user@host>
AnswerD

The prompt ends with '>' in operational mode.

Why this answer

In Junos OS, the default prompt in operational mode is `user@host>`. The `>` character indicates that the device is ready to accept operational commands, such as `show` or `ping`, which do not alter the configuration. This is a fundamental distinction in Junos, where operational mode is for monitoring and troubleshooting, while configuration mode uses the `#` prompt.

Exam trap

The trap here is that candidates familiar with Cisco IOS may confuse the Junos operational mode prompt (`>`) with the Cisco user EXEC mode prompt (`>`), but Junos uses the `#` prompt only for configuration mode, not for privileged EXEC mode, leading to selection of option C.

How to eliminate wrong answers

Option A is wrong because `user@host$` is not a valid Junos prompt; the `$` character is commonly used in Unix/Linux shells but not in Junos. Option B is wrong because `user@host%` is also not a standard Junos prompt; the `%` character is sometimes used in other network OS prompts but not in Junos. Option C is wrong because `user@host#` is the prompt for configuration mode, not operational mode; in Junos, the `#` prompt indicates that the user is in configuration mode and can enter configuration commands.

7
MCQhard

A Juniper device is experiencing high CPU utilization due to a routing protocol process. The engineer suspects a specific BGP peer is causing the issue. Which operational command can be used to collect diagnostic information about the routing protocol processes?

A.show system processes extensive
B.request support information
C.show bgp summary
D.monitor traffic interface
AnswerA

Provides detailed process-level CPU and memory statistics, useful for diagnosing high CPU.

Why this answer

Option A is correct because 'show system processes extensive' displays detailed CPU and memory usage for each individual process, including routing protocol daemons like bgpd. This allows the engineer to identify which specific BGP peer or process is consuming excessive CPU resources, rather than just seeing aggregate routing protocol statistics.

Exam trap

The trap here is that candidates often pick 'show bgp summary' thinking it will show CPU usage per peer, but it only shows BGP session state and prefix counts, not process-level CPU metrics.

How to eliminate wrong answers

Option B is wrong because 'request support information' generates a comprehensive archive of system logs and configuration for offline analysis, but it does not provide real-time per-process CPU utilization data needed to pinpoint a specific BGP peer causing high CPU. Option C is wrong because 'show bgp summary' only shows BGP peer state, prefixes received, and uptime, not CPU usage per process or per peer. Option D is wrong because 'monitor traffic interface' captures live packet-level traffic on an interface, which is useful for debugging packet flows but does not reveal routing protocol process CPU consumption.

8
MCQmedium

A network administrator is configuring a new interface and wants to ensure that the interface is enabled and can pass traffic. Which configuration element is required?

A.set interfaces ge-0/0/0 enable
B.set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
C.set interfaces ge-0/0/0 unit 0 family inet
D.set interfaces ge-0/0/0 disable
AnswerB

Configuring an IP address on the interface implicitly enables it.

Why this answer

Option B is correct because in Junos, an interface is administratively enabled by default (no explicit 'enable' command is needed), but to pass traffic it requires a logical unit with a configured protocol family and an IP address. The command 'set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24' creates unit 0, assigns the IPv4 address, and implicitly enables the interface for traffic forwarding. Without an address under a family, the interface cannot pass IP traffic even if it is administratively up.

Exam trap

The trap here is that candidates familiar with Cisco IOS may expect an explicit 'no shutdown' command (or an 'enable' keyword) to bring an interface up, but Junos interfaces are enabled by default, and the critical missing piece is the IP address under the logical unit, not an administrative enable command.

How to eliminate wrong answers

Option A is wrong because Junos does not have an 'enable' knob at the interface level; interfaces are administratively enabled by default, and the correct way to disable them is with 'disable'. Option C is wrong because 'set interfaces ge-0/0/0 unit 0 family inet' only enables the IPv4 protocol family on the logical unit but does not assign an IP address, so the interface cannot pass traffic (no local route or ARP entry is generated). Option D is wrong because 'set interfaces ge-0/0/0 disable' explicitly disables the interface, preventing it from passing any traffic, which is the opposite of the requirement.

9
MCQmedium

A network engineer needs to upgrade Junos on an MX router with dual Routing Engines (RE0 and RE1). What is the recommended procedure to minimize downtime?

A.Upgrade the primary RE first, then the backup
B.Reboot both REs at the same time after copying the image
C.Upgrade the backup RE, perform a graceful switchover (RESTART ROUTING), then upgrade the former primary
D.Upgrade both REs simultaneously using the same image
AnswerC

This is the standard upgrade procedure for dual RE systems, minimizing traffic impact.

Why this answer

Option C is correct because it minimizes downtime by first upgrading the backup RE (RE1), then performing a graceful Routing Engine switchover (using the 'request chassis routing-engine master switch' command or equivalent), which causes the upgraded backup to become the new primary without disrupting traffic. After the switchover, the former primary (now the backup) can be upgraded and rebooted, ensuring that at least one RE is always processing traffic and routing protocols like BGP and OSPF maintain their adjacencies.

Exam trap

The trap here is that candidates assume upgrading the primary first is safer or more logical, but Junos requires upgrading the backup first and performing a graceful switchover to maintain control plane continuity and avoid traffic loss.

How to eliminate wrong answers

Option A is wrong because upgrading the primary RE first forces a reboot of the active RE, causing immediate traffic disruption and routing protocol convergence delays, which defeats the purpose of dual REs for high availability. Option B is wrong because rebooting both REs simultaneously removes all redundancy and causes a complete outage, as no RE is available to forward traffic or maintain routing state. Option D is wrong because upgrading both REs at the same time (even with the same image) requires simultaneous reboots, which again eliminates redundancy and leads to downtime; Junos does not support in-service software upgrade (ISSU) across both REs in parallel.

10
MCQeasy

A junior administrator wants to view the current active configuration on a Juniper device. Which operational mode command should be used?

A.show configuration | display set
B.show system services
C.show interfaces terse
D.show configuration
AnswerD

This command displays the current active configuration in hierarchy format.

Why this answer

The 'show configuration' command displays the current active configuration in the candidate configuration format, which is the configuration that is currently committed and running on the Juniper device. Option D is correct because it directly retrieves the active configuration from the /config/juniper.conf file, which is the authoritative source for the operational configuration.

Exam trap

The trap here is that candidates confuse the 'show configuration' command with the 'show | display set' pipe modifier, thinking the latter is a separate command to view the active configuration, when in fact it is just an output formatting option.

How to eliminate wrong answers

Option A is wrong because 'show configuration | display set' displays the configuration in a set-based format, which is a representation of the configuration but not the default active configuration view; it is a pipe modifier that changes the output format, not the command to view the active configuration. Option B is wrong because 'show system services' displays the status of system services like SSH, Telnet, or FTP, not the device's configuration. Option C is wrong because 'show interfaces terse' displays a summary of interface status and configuration, but it does not show the full active configuration of the device.

11
Multi-Selecteasy

Which TWO statements describe correct methods to enter configuration mode? (Choose two.)

Select 2 answers
A.Type 'edit' at the operational mode prompt.
B.Type 'configure exclusive' at the operational mode prompt.
C.Type 'configure' at the operational mode prompt.
D.Type 'cli' at the operational mode prompt.
E.Type 'expert' at the operational mode prompt.
AnswersA, C

This command enters configuration mode.

Why this answer

Option A is correct because the 'edit' command at the operational mode prompt transitions the user into configuration mode, allowing changes to the candidate configuration. Option C is correct because the 'configure' command also enters configuration mode, with the default behavior being a shared session unless 'exclusive' or 'private' is specified. Both commands are standard methods to enter configuration mode in Junos OS.

Exam trap

The trap here is that candidates may confuse 'configure exclusive' as a distinct method to enter configuration mode, but the question asks for two correct statements, and 'configure exclusive' is a valid command; however, it is not listed as a correct option in this specific question, so it must be eliminated along with the clearly wrong options D and E.

12
MCQhard

A technician notices that the /var partition on a Junos device is 95% full. Which action will immediately free up disk space without affecting device operation?

A.Delete unused software packages using 'request system software delete'
B.Reboot the device
C.Remove the /var/log directory
D.Clear log files using 'clear log messages'
AnswerD

Clearing log files immediately frees space in /var with no impact on operations.

Why this answer

Option D is correct because the 'clear log messages' command immediately removes the contents of the active log files (e.g., messages, interactive-commands) without requiring a reboot or affecting running processes. This directly frees up space in /var/log, which is a primary consumer of the /var partition, while leaving the directory structure intact so logging continues normally.

Exam trap

The trap here is that candidates may think rebooting (Option B) clears all temporary files and logs, but Junos does not automatically delete persistent log files on reboot; only volatile /tmp is cleared, so /var remains full.

How to eliminate wrong answers

Option A is wrong because 'request system software delete' removes inactive software packages from /var/sw/pkg, but if the /var partition is 95% full due to log files, this action may not free significant space and could be unnecessary; also, it does not immediately address the most common cause of /var fullness. Option B is wrong because rebooting the device does not delete any files; it only clears temporary runtime data in /tmp and /var/tmp, but persistent log files in /var/log remain, so disk space is not freed. Option C is wrong because removing the /var/log directory would break logging functionality, cause loss of forensic data, and potentially disrupt system operations (e.g., syslogd may fail to start), which violates the requirement of not affecting device operation.

13
MCQhard

Refer to the exhibit. An administrator wants to ensure that log messages are stored even if the remote syslog server becomes unavailable. What additional configuration is required?

A.set system syslog archive world-readable
B.set system syslog host 10.10.10.1 facility-override
C.set system syslog rate-limit 1000
D.set system syslog file messages any any
AnswerD

C configures a local file for logging.

Why this answer

Option D is correct because configuring a local log file with `set system syslog file messages any any` ensures that log messages are stored locally on the device, even if the remote syslog server becomes unavailable. This provides a persistent local copy of logs that can be reviewed later, independent of the remote server's reachability.

Exam trap

The trap here is that candidates often confuse remote syslog configuration (host) with local logging (file), assuming that simply configuring a remote server is sufficient for all logging needs, but Junos requires an explicit local file to store logs locally when the remote server is unavailable.

How to eliminate wrong answers

Option A is wrong because `set system syslog archive world-readable` only changes file permissions on archived log files, not the ability to store logs locally when the remote server is down. Option B is wrong because `set system syslog host 10.10.10.1 facility-override` modifies the facility tag of messages sent to the remote server, but does not create any local storage. Option C is wrong because `set system syslog rate-limit 1000` controls the rate at which log messages are generated, not where they are stored, and does not address local logging.

14
Multi-Selecteasy

Which TWO statements correctly describe the function of the 'commit' command in Junos OS? (Choose two.)

Select 2 answers
A.It validates the candidate configuration for syntax errors.
B.It schedules the configuration to be applied at a later time.
C.It discards the candidate configuration after saving.
D.It saves the candidate configuration to the active configuration.
E.It automatically reboots the device to apply the changes.
AnswersA, D

Commit performs syntax validation before applying.

Why this answer

Option A is correct because the 'commit' command in Junos OS first validates the candidate configuration for syntax errors before applying it. If syntax errors are found, the commit fails and the candidate configuration is not applied, ensuring the device does not enter an inconsistent state. This validation step is a core part of Junos's transactional configuration model, where changes are staged in a candidate configuration and then committed atomically.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly think 'commit' requires a reboot (like 'write memory' followed by reload) or that it discards changes, whereas Junos applies changes dynamically and retains the candidate configuration for further editing.

15
MCQmedium

A company has multiple Juniper devices and wants to standardize configuration snapshots for backup and audit purposes. What is the best practice?

A.Run 'commit and-quit' to save the configuration to the flash
B.Use 'show configuration | save /var/tmp/config.txt' and then transfer the file via SCP to a backup server
C.Use the 'file archive' command to create a backup of the configuration
D.Use the 'show configuration | no-more' command and copy the output manually
AnswerB

This automates the backup and stores a retrievable file.

Why this answer

Option B is correct because it uses the 'show configuration | save' command to write the current active configuration to a file in /var/tmp, which can then be securely transferred via SCP to a backup server. This is the standard Junos method for creating a portable, text-based snapshot of the configuration for backup and audit purposes, as it preserves the exact configuration syntax and can be easily compared or restored.

Exam trap

The trap here is that candidates may confuse the 'commit and-quit' command (which commits and exits) with a backup mechanism, or assume that 'file archive' is the correct tool for capturing configuration output, when in fact Junos requires explicit piping of the configuration output to a file for reliable backups.

How to eliminate wrong answers

Option A is wrong because 'commit and-quit' is not a valid Junos command; the correct command is 'commit and-quit' (with a space) which commits the configuration and exits the configuration mode, but it does not save a separate snapshot file to flash—it only activates the candidate configuration. Option C is wrong because the 'file archive' command is used to compress or archive files, not to capture the active configuration; it operates on existing files, not on the output of a 'show' command. Option D is wrong because 'show configuration | no-more' only displays the configuration without paging, but it does not save the output to a file; manually copying the output is error-prone and not a scalable or auditable practice for standardized backups.

16
MCQmedium

Refer to the exhibit. The network administrator made a change that caused connectivity loss. They need to revert to the configuration before the most recent commit. Which command would accomplish this?

A.rollback 0
B.rollback 3
C.rollback 2
D.rollback 1
AnswerA

C reverts to config before last commit.

Why this answer

The correct answer is A, rollback 0. In Junos, the rollback command reverts the active configuration to a previously committed configuration file. The most recent commit is stored as rollback 0, so issuing 'rollback 0' restores the configuration that was active before the last commit, effectively undoing the change that caused connectivity loss.

Exam trap

The trap here is that candidates often confuse rollback 0 with the current active configuration, when in fact rollback 0 is the most recent commit, and rollback 1 is the configuration before that commit, so to revert the last change you need rollback 0, not rollback 1.

How to eliminate wrong answers

Option B (rollback 3) is wrong because rollback 3 refers to the configuration from three commits ago, not the most recent commit. Option C (rollback 2) is wrong because rollback 2 refers to the configuration from two commits ago. Option D (rollback 1) is wrong because rollback 1 refers to the configuration immediately before the last commit, which is the same as the current active configuration after the last commit, not the configuration before the most recent commit.

The key distinction is that rollback 0 is the most recent commit, while rollback 1 is the previous commit.

17
MCQmedium

A device is configured with multiple routing instances. An engineer needs to view the ARP table for a specific routing instance. Which command should be used?

A.show arp routing-instance <instance-name>
B.show arp
C.show arp instance <instance-name>
D.show route table <instance-name>.inet.0
AnswerC

B displays ARP for the specified instance.

Why this answer

Option C is correct because the `show arp instance <instance-name>` command is the Junos OS syntax to display the ARP table for a specific routing instance. In Junos, routing instances create separate forwarding tables, and the ARP cache is per-instance; this command targets the instance's ARP entries directly.

Exam trap

The trap here is that candidates often confuse the Junos command syntax with Cisco IOS, where `show arp vrf <name>` is used, leading them to incorrectly choose option A (`show arp routing-instance`) instead of the correct Junos syntax `show arp instance`.

How to eliminate wrong answers

Option A is wrong because `show arp routing-instance <instance-name>` is not a valid Junos command; the correct keyword is `instance`, not `routing-instance`. Option B is wrong because `show arp` displays the ARP table only for the default routing instance (inet.0), not for a specific non-default instance. Option D is wrong because `show route table <instance-name>.inet.0` shows the routing table, not the ARP table; ARP is a Layer 2 resolution mechanism, separate from the routing table.

18
MCQeasy

An engineer notices that a Juniper device is not saving configuration changes across reboots. What is the most likely cause?

A.The rescue configuration is not set.
B.The device is booting from factory-default configuration.
C.The candidate configuration was not committed.
D.The command 'request system reboot' was used instead of 'commit'.
AnswerC

Changes are only saved after a commit; otherwise they are lost on reboot.

Why this answer

In Junos OS, configuration changes are stored in a candidate configuration and only become active and persistent across reboots after a 'commit' operation. Without a commit, the changes remain in the candidate buffer and are discarded upon reboot, causing the device to revert to the last committed configuration.

Exam trap

The trap here is that candidates familiar with Cisco IOS may assume changes are saved automatically or with a 'copy running-config startup-config' equivalent, but Junos requires an explicit 'commit' to make changes persistent across reboots.

How to eliminate wrong answers

Option A is wrong because the rescue configuration is a separate, manually saved configuration used for recovery; its absence does not prevent normal configuration saves from persisting across reboots. Option B is wrong because booting from factory-default would require a specific action (e.g., 'request system zeroize' or loading factory-default), and the device normally boots from the last committed configuration, not factory-default. Option D is wrong because 'request system reboot' is a command to reboot the device, not a configuration command; it does not replace the need for 'commit' to save changes.

19
MCQhard

Refer to the exhibit. How many commits have been made on this device?

A.3
B.1
C.2
D.0
AnswerA

Three commits: IDs 0, 1, and 2.

Why this answer

The exhibit shows the output of the 'show system commit' command, which lists each commit made on the device. The output displays three entries, each with a unique commit number (0, 1, 2), indicating that three commits have been performed. Therefore, option A is correct.

Exam trap

The trap here is that candidates might misinterpret the commit IDs (0, 1, 2) as the number of commits, but they must remember that the count starts at 0, so the total number of commits is the highest ID plus one (3).

How to eliminate wrong answers

Option B is wrong because the output clearly shows three commit entries, not one; a single commit would show only one entry. Option C is wrong because there are three commits listed, not two; the commit numbers 0, 1, and 2 confirm three distinct commits. Option D is wrong because the output contains commit entries, proving that commits have been made; zero commits would result in an empty output or a message like 'No commits found.'

20
MCQmedium

A junior engineer is troubleshooting connectivity issues and wants to trace the path packets take to a remote destination. Which Junos command should be used?

A.monitor traffic
B.show route
C.traceroute
D.ping
AnswerC

Displays the route packets take to a destination, hop by hop.

Why this answer

Option C is correct because the 'traceroute' command in Junos is specifically designed to trace the path packets take to a remote destination by sending UDP probes with increasing TTL values and analyzing ICMP Time Exceeded messages from intermediate routers. This directly addresses the junior engineer's need to map the Layer 3 path and identify where connectivity failures occur.

Exam trap

The trap here is that candidates often confuse 'ping' (which tests reachability) with 'traceroute' (which traces the path), leading them to select Option D when the question explicitly asks for path tracing rather than simple connectivity testing.

How to eliminate wrong answers

Option A is wrong because 'monitor traffic' is used for real-time packet capture and analysis on an interface, not for tracing the path to a remote destination. Option B is wrong because 'show route' displays the routing table entries on the local device, showing how the local router would forward packets, but it does not actively trace the path taken by packets across multiple hops. Option D is wrong because 'ping' tests reachability and measures round-trip time to a destination, but it does not provide hop-by-hop path information or identify intermediate routers.

21
MCQeasy

What is the primary function of the fxp0 interface on a Juniper device?

A.Internal routing
B.Management interface
C.Loopback testing
D.Data plane forwarding
AnswerB

B is correct; fxp0 is for management.

Why this answer

The fxp0 interface is a dedicated out-of-band management Ethernet port on Juniper devices, used exclusively for management traffic such as SSH, SNMP, and syslog. It is separate from the data plane and control plane forwarding interfaces, ensuring administrative access remains available even if the routing or forwarding planes are disrupted.

Exam trap

The trap here is confusing fxp0 with loopback (lo0) or internal RE interfaces, leading candidates to incorrectly select internal routing or loopback testing, when in fact fxp0 is solely for out-of-band management.

How to eliminate wrong answers

Option A is wrong because internal routing between REs or between RE and PFE uses the internal fxp1 or fxp2 interfaces, not fxp0. Option C is wrong because loopback testing is performed on the lo0 interface, which provides a stable IP address for the router and is used for protocols like OSPF and BGP, not for management access. Option D is wrong because data plane forwarding is handled by network interfaces (e.g., ge-, xe-, et-) and the Packet Forwarding Engine (PFE), while fxp0 is strictly an out-of-band management interface that does not participate in forwarding transit traffic.

22
Multi-Selecthard

Which THREE commands are valid in Junos operational mode? (Choose three.)

Select 3 answers
A.show interfaces terse
B.set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/24
C.commit and-quit
D.ping 10.0.0.1 count 5
E.request system software add /var/tmp/junos-install.tgz
AnswersA, D, E

This is an operational mode command.

Why this answer

Option A is correct because 'show interfaces terse' is a valid operational mode command that displays a concise summary of interface status and configuration. Operational mode in Junos is used for monitoring, troubleshooting, and viewing the current state of the device, and 'show' commands are the primary tools for this purpose.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly think 'set' commands are valid in operational mode, or that 'commit and-quit' is a valid shortcut, when in Junos, operational mode only supports 'show', 'ping', 'traceroute', 'request', and other monitoring commands, while configuration changes require explicit entry into configuration mode.

23
Multi-Selectmedium

Which TWO statements are correct regarding the Junos OS configuration hierarchy?

Select 2 answers
A.The 'commit check' command applies the candidate configuration to the active configuration.
B.The 'load replace' command merges a configuration file into the candidate configuration.
C.The 'show | compare' command displays differences between the candidate and active configurations.
D.The 'rollback 0' command reverts the candidate configuration to the previous state.
E.The 'set' command is used to modify the candidate configuration.
AnswersC, E

'show | compare' shows how the candidate configuration differs from the active.

Why this answer

Option A is correct because the 'set' command modifies candidate configuration. Option D is correct because the 'show | compare' command displays differences between candidate and active. Option B is wrong because 'commit check' only validates syntax, it does not apply changes.

Option C is wrong because 'rollback 0' reverts to the most recently committed configuration, not the candidate. Option E is wrong because 'load replace' replaces the entire candidate configuration, not merges.

24
Multi-Selecthard

Which THREE commands are valid Junos operational mode commands for monitoring network diagnostics? (Choose three.)

Select 3 answers
A.traceroute
B.show configuration
C.monitor traffic
D.request system reboot
E.ping
AnswersA, C, E

Valid operational command for tracing packet paths.

Why this answer

Option A is correct because the 'traceroute' command in Junos operational mode sends a series of UDP packets with increasing TTL values to discover the path a packet takes to a destination, which is a standard network diagnostic tool. It is a valid operational mode command used for monitoring network connectivity and path analysis.

Exam trap

The trap here is that candidates often confuse operational mode commands with configuration or system administration commands, assuming any command that shows information is diagnostic, but Junos strictly separates operational (monitoring/diagnostic) commands from configuration and system control commands.

25
MCQhard

Refer to the exhibit. A security analyst sees repeated login failures from 10.0.0.2 for user1. Which Junos feature can be used to automatically block further login attempts from that IP?

A.Configure SSH to accept only public key authentication for user1.
B.Disable the user1 account.
C.Set the 'session-limit' for user1 to prevent multiple login attempts.
D.Apply a firewall filter to the loopback interface that polices SSH traffic.
AnswerD

A firewall filter with a policer can rate-limit SSH attempts from a source IP, effectively blocking after excessive failures.

Why this answer

Option D is correct because applying a firewall filter to the loopback interface (lo0) that polices SSH traffic can automatically block further login attempts from a specific IP address, such as 10.0.0.2. The loopback interface is the termination point for all control-plane traffic on a Junos device, including SSH sessions. By configuring a firewall filter with a policer that limits the rate of SSH packets from a source IP, excessive login failures can trigger the policer to drop subsequent packets, effectively blocking the attacker without manual intervention.

Exam trap

The trap here is that candidates often confuse control-plane policing (applied to lo0) with data-plane firewall filters applied to interfaces like ge-0/0/0, or mistakenly think that session limits or disabling accounts are automated responses to brute-force attacks.

How to eliminate wrong answers

Option A is wrong because configuring SSH to accept only public key authentication for user1 does not automatically block repeated login failures from 10.0.0.2; it only changes the authentication method, and failed public key attempts could still occur. Option B is wrong because disabling the user1 account is a manual, static action that does not automatically respond to repeated login failures from a specific IP; it also prevents legitimate access for that user. Option C is wrong because the 'session-limit' for user1 limits the number of concurrent sessions, not the rate of login attempts; it does not block repeated failed logins from a single IP address.

26
MCQeasy

A junior network administrator is setting up a Juniper MX router for the first time. After powering on the device, the administrator notices that the LED on the front panel blinks amber and the device does not complete the boot process. The console displays messages reporting file system errors. The administrator has no previous configuration changes and the device was shipped with factory defaults. Which action should the administrator take to resolve the boot issue?

A.Boot into single-user mode and run file system checks.
B.Perform a password recovery procedure to gain access.
C.Use the 'request system software add' command from the boot loader.
D.Reinstall the Junos OS using a USB flash drive with the software image.
AnswerA

Single-user mode allows access to the shell for maintenance tasks such as fsck to repair filesystem errors.

Why this answer

The amber blinking LED and file system errors indicate a corrupted file system, which is common on factory-default devices if the flash memory was not properly initialized. Booting into single-user mode (option A) allows the administrator to run 'fsck' (file system check) to repair the root file system without loading the full Junos OS, which is the standard recovery procedure for such boot failures.

Exam trap

The trap here is that candidates may confuse a boot failure due to file system corruption with a password issue or a need to reinstall the OS, but the amber LED and file system error messages point directly to a corrupted file system that can be repaired with fsck in single-user mode.

How to eliminate wrong answers

Option B is wrong because password recovery is used to reset login credentials, not to repair file system corruption; the device cannot boot, so password recovery is irrelevant. Option C is wrong because 'request system software add' is a Junos CLI command that requires a fully booted system, not the boot loader; the boot loader does not support this command. Option D is wrong because reinstalling Junos OS from a USB is a more drastic step that should only be taken if file system checks fail; it is not the first-line action for file system errors on a factory-default device.

27
Multi-Selecthard

Which TWO commands are used to install and remove software packages on a Junos device?

Select 2 answers
A.request system software delete
B.request system software rollback
C.show system software
D.request system reboot
E.request system software add
AnswersA, E

This command removes an installed software package.

Why this answer

The `request system software add` command is used to install a new software package on a Junos device, while `request system software delete` is used to remove an installed software package. These are the two primary operational mode commands for software lifecycle management in Junos OS.

Exam trap

The trap here is that candidates confuse `request system software rollback` with a removal command, but it actually reverts to a previous version without deleting the current package from the system.

28
MCQmedium

A network administrator makes several changes to the configuration but decides to discard all uncommitted changes and start fresh. Which command should be used to revert the candidate configuration back to the current active configuration?

A.load override
B.rollback 0
C.commit check
D.rollback 1
AnswerB

rollback 0 discards uncommitted changes and sets the candidate configuration to match the current committed configuration.

Why this answer

The 'rollback 0' command reverts the candidate configuration to the currently active configuration, discarding all uncommitted changes. This is because Junos maintains a rollback database of the last 50 committed configurations, with index 0 always representing the active configuration. Using 'rollback 0' effectively resets the candidate configuration to match the active one, allowing the administrator to start fresh without affecting the running system.

Exam trap

The trap here is that candidates often confuse 'rollback 0' with 'rollback 1', mistakenly thinking that 'rollback 1' discards uncommitted changes, when in fact 'rollback 1' reverts to the previous committed configuration, which would undo the last commit and potentially cause service disruption.

How to eliminate wrong answers

Option A is wrong because 'load override' replaces the entire candidate configuration with the contents of a specified file, not with the current active configuration; it does not discard uncommitted changes by reverting to the active config. Option C is wrong because 'commit check' validates the syntax and semantics of the candidate configuration without committing it, and does not discard any changes. Option D is wrong because 'rollback 1' reverts to the previous committed configuration (the one before the most recent commit), not to the current active configuration; this would discard the last committed changes, not just uncommitted ones.

29
MCQmedium

You are a network engineer at a company that operates a pair of Juniper SRX firewalls in an active/passive cluster (Chassis Cluster). The cluster has been running Junos 15.1X49-D100 for over a year. Management has mandated an upgrade to a newer version to address security vulnerabilities. You follow the recommended upgrade procedure and successfully upgrade the primary node (node0) first, then failover to make node0 the backup, and upgrade the new primary (node1). After the upgrade, both nodes have the same version and appear to be in the cluster, but you notice that the backup node (node0) is stuck in 'ineligible' state and does not synchronize configuration changes. What is the most likely cause?

A.The cluster control link is down or misconfigured on the backup node
B.The backup node has not been configured with 'commit synchronize'
C.The 'set chassis cluster reth-count' statement is missing on the backup node
D.The 'monitor interface' configuration is causing a mis-match between nodes
AnswerA

An ineligible node typically indicates that the control link is not operational, preventing heartbeat exchange.

Why this answer

The backup node being stuck in 'ineligible' state after a chassis cluster upgrade indicates that the cluster control link (control port) is not functioning correctly. In a Juniper SRX active/passive cluster, the control link is used for heartbeat and cluster state synchronization; if it is down or misconfigured on the backup node, the node cannot participate in the cluster election process and remains ineligible. This is a common issue after upgrades if the control link interfaces are not properly re-established or if the cable is faulty.

Exam trap

The trap here is that candidates often confuse 'ineligible' state with configuration synchronization issues, leading them to choose 'commit synchronize' or other configuration-related options, when the root cause is actually a physical or logical connectivity problem on the control link.

How to eliminate wrong answers

Option B is wrong because 'commit synchronize' is a configuration command that ensures changes are automatically synchronized from the primary to the backup node, but it does not affect the node's eligibility state; the backup node can still be eligible without it. Option C is wrong because the 'set chassis cluster reth-count' statement defines the number of redundant Ethernet interfaces and is required for cluster operation, but its absence would cause a different issue (e.g., reth interfaces not working), not specifically the backup node being stuck in 'ineligible' state. Option D is wrong because 'monitor interface' configuration is used for interface monitoring to trigger failover, and a mismatch between nodes would cause a different problem (e.g., false failovers), not the backup node being stuck in 'ineligible' state.

30
MCQmedium

An engineer wants to roll back to the previous configuration without losing the current candidate changes. Which command should be used?

A.rollback 1
B.delete
C.rollback 0
D.commit check
AnswerA

A discards candidate and reverts to previous commit.

Why this answer

The `rollback 1` command reverts the candidate configuration to the most recently committed configuration (the previous commit), while preserving any uncommitted changes in the candidate configuration. This allows the engineer to undo the last commit without discarding current edits, which is exactly what the scenario requires.

Exam trap

The trap here is that candidates confuse `rollback 0` (revert to last committed config, discarding uncommitted changes) with `rollback 1` (revert to previous committed config while preserving uncommitted changes), or they mistakenly think `delete` can undo a commit.

How to eliminate wrong answers

Option B is wrong because `delete` removes configuration statements from the candidate configuration, not from the committed configuration, and it does not perform a rollback to a previous state. Option C is wrong because `rollback 0` reverts the candidate configuration to the currently active committed configuration, which would discard any uncommitted changes the engineer wants to keep. Option D is wrong because `commit check` only validates the syntax and semantics of the candidate configuration without committing it; it does not roll back to any previous configuration.

31
MCQeasy

An engineer wants to view the current active configuration file that the device is using. Which command displays this information?

A.show configuration candidates
B.show system commit
C.show configuration
D.show configuration | display set
AnswerC

This displays the active committed configuration.

Why this answer

Option C is correct because the 'show configuration' command displays the current active configuration that the device is using, which is the committed configuration stored in /config/juniper.conf.gz. This command reads the active configuration file directly from the file system, showing the exact operational configuration that Junos applies to the device.

Exam trap

The trap here is that candidates may confuse 'show configuration' with 'show configuration | display set' or think 'show system commit' shows the active config, when in fact it only shows commit history, not the current running configuration.

How to eliminate wrong answers

Option A is wrong because 'show configuration candidates' is not a valid Junos command; the correct command to view candidate configuration is 'show configuration' without any modifier, or 'show | compare' to see changes. Option B is wrong because 'show system commit' displays the commit history log, including timestamps and user information, not the active configuration file itself. Option D is wrong because 'show configuration | display set' is a pipe modifier that reformats the output into set commands, but it still shows the active configuration; however, the question asks for the command that displays the active configuration file, and the base command is 'show configuration', not the piped variant.

32
MCQeasy

An engineer needs to view the current active configuration on a Juniper device. Which command will display the configuration that is currently running?

A.show chassis hardware
B.show interfaces terse
C.show configuration
D.show system commit
AnswerC

Displays the current active configuration (or candidate if uncommitted changes exist).

Why this answer

The 'show configuration' command displays the current active configuration that is committed and running on a Juniper device. Unlike Cisco's 'show running-config', Junos uses a commit model where the candidate configuration is activated only after a 'commit' operation, and 'show configuration' shows that committed, active configuration.

Exam trap

Juniper Networks often tests the 'show running-config' equivalent, and the trap here is that candidates familiar with Cisco may mistakenly choose 'show system commit' (thinking it shows the running config) or 'show interfaces terse' (confusing interface status with the full configuration).

How to eliminate wrong answers

Option A is wrong because 'show chassis hardware' displays physical hardware inventory details (e.g., serial numbers, part numbers, firmware versions), not the running configuration. Option B is wrong because 'show interfaces terse' shows a summary of interface status and configuration (like IP addresses and administrative state), but not the full active configuration. Option D is wrong because 'show system commit' lists the commit history (timestamps, log messages, and rollback IDs), not the current running configuration.

33
MCQhard

Based on the exhibit, the interface appears to be up and has an IP address, but the 'monitor traffic' output shows no packets. What is the most likely cause?

A.The interface is not in promiscuous mode, and 'monitor traffic' requires that mode to capture packets.
B.The interface is administratively down.
C.The interface is an unnumbered Ethernet interface.
D.A firewall filter is blocking all inbound traffic.
AnswerA

By default, Junos captures only packets destined to the router; for all packets, interface must be in promiscuous mode.

Why this answer

Option B is correct because the interface is in forwarding mode, and 'monitor traffic' only captures packets when the interface is in promiscuous mode. Option A is wrong because the interface is administratively up. Option C is wrong because there is no firewall filter configured in the exhibit.

Option D is wrong because the interface has an IP address and is not unnumbered.

34
Multi-Selectmedium

Which TWO statements about the Junos commit model are true?

Select 2 answers
A.A commit makes the candidate configuration the active configuration.
B.The commit command is used to discard changes.
C.The rollback command can be used to revert to a previous configuration.
D.A commit validation is performed automatically before commit.
E.Multiple candidates can be active simultaneously.
AnswersA, C

A is true.

Why this answer

Option A is correct because the Junos commit model uses a two-phase process: changes are made to the candidate configuration, and the `commit` command activates that candidate configuration as the new active configuration. This ensures that changes are not applied until explicitly committed, providing a safe and predictable way to modify the device's operational state.

Exam trap

The trap here is confusing the `commit` command with discarding changes (Option B) or assuming automatic validation (Option D), which are common misconceptions from other vendor CLI behaviors like Cisco IOS where `write memory` saves immediately and validation is often implicit.

35
Multi-Selectmedium

Which TWO statements are true regarding Junos configuration groups?

Select 2 answers
A.Configuration groups never override existing settings.
B.Configuration groups are applied using the apply-groups statement.
C.Configuration groups are only useful for interface configuration.
D.Configuration groups are applied automatically to all hierarchies.
E.Configuration groups are applied in the order they are listed in apply-groups.
AnswersB, E

B is true.

Why this answer

Option B is correct because the `apply-groups` statement is the explicit mechanism used to reference and apply a configuration group to a specific hierarchy or the entire configuration. Without `apply-groups`, the group definition has no effect.

Exam trap

The trap here is that candidates often assume configuration groups automatically apply to all hierarchies or that they cannot override existing settings, but in reality, groups are explicitly applied and follow a strict precedence order where later groups can override earlier ones.

36
MCQmedium

An administrator wants to ensure that if a network interface fails, the routing protocol process automatically restarts. Which Junos feature should be configured?

A.auto-restart
B.Nonstop Routing (NSR)
C.Bidirectional Forwarding Detection (BFD)
D.Graceful Restart
AnswerA

The 'auto-restart' configuration under routing options automatically restarts the routing protocol process if it fails.

Why this answer

Option A is correct because the 'auto-restart' feature in Junos automatically restarts the routing protocol process (e.g., rpd) if it detects that the interface associated with the protocol has failed. This ensures high availability by recovering the routing process without manual intervention, specifically targeting the scenario described in the question.

Exam trap

The trap here is that candidates often confuse 'auto-restart' with Graceful Restart or NSR, assuming any 'restart' feature handles interface failures, but auto-restart is specifically for restarting the routing process, not preserving state during switchover or forwarding during restart.

How to eliminate wrong answers

Option B is wrong because Nonstop Routing (NSR) is designed to preserve routing state during a graceful Routing Engine switchover, not to restart the routing protocol process upon interface failure. Option C is wrong because Bidirectional Forwarding Detection (BFD) provides fast failure detection for forwarding path issues, but it does not trigger a restart of the routing protocol process. Option D is wrong because Graceful Restart allows a router to continue forwarding packets while its routing protocol process restarts, but it is a cooperative mechanism with neighbors, not a feature that automatically restarts the process upon interface failure.

37
MCQmedium

An engineer needs to copy a configuration from one device to another. Which command should be used to export the current active configuration in a mergeable format?

A.show configuration | display inheritance
B.show configuration | display json
C.show configuration | display set
D.show configuration | save /var/tmp/config.txt
AnswerC

A outputs set commands suitable for merging.

Why this answer

Option C is correct because the 'show configuration | display set' command outputs the current active configuration as a series of 'set' commands, which can be directly copied and applied to another Junos device using 'load set terminal' or 'load merge'. This format is specifically designed for merging configurations, as it represents the configuration in a flat, non-hierarchical structure that Junos can parse incrementally.

Exam trap

The trap here is that candidates often confuse 'display set' with 'display inheritance' or 'display json', thinking any output format can be used for merging, but only 'display set' produces a flat, mergeable command sequence that Junos can load directly.

How to eliminate wrong answers

Option A is wrong because 'show configuration | display inheritance' shows inherited configuration values (e.g., from groups or interfaces) but does not output the configuration in a mergeable format; it is used for troubleshooting inheritance, not for exporting configurations. Option B is wrong because 'show configuration | display json' outputs the configuration in JSON format, which is human-readable and useful for automation but is not directly mergeable into Junos via the CLI; Junos does not support loading JSON configuration directly. Option D is wrong because 'show configuration | save /var/tmp/config.txt' saves the configuration in the default hierarchical (set or curly-brace) format to a file, but the output is not inherently in a mergeable 'set' format unless combined with 'display set'; the 'save' command alone does not transform the output.

38
Multi-Selecthard

Which THREE steps are typically part of a Junos OS upgrade process?

Select 3 answers
A.Remove the previous image.
B.Add the image using the request system software add command.
C.Commit the configuration.
D.Validate the new image.
E.Reboot the device.
AnswersB, D, E

B is required.

Why this answer

The `request system software add` command is the correct method to initiate a Junos OS upgrade because it stages the new image on the device, performing integrity checks and preparing the system for the next boot. This command is the standard Junos CLI operation for adding a software package, making option B a core step in the upgrade process.

Exam trap

The trap here is that candidates mistakenly think you must delete the old image (option A) or commit the configuration (option C) as part of the upgrade, but Junos handles image management automatically and the commit is unrelated to the software installation process.

39
MCQeasy

Which Junos CLI mode allows a user to view the configuration and execute operational commands, but not make configuration changes?

A.Operational mode
B.Monitor mode
C.Enable mode
D.Configuration mode
AnswerA

Operational mode allows viewing configuration and running operational commands without the ability to modify the configuration.

Why this answer

In Junos OS, Operational mode (indicated by the `>` prompt) allows users to execute operational commands (e.g., `show`, `ping`, `traceroute`) and view the active configuration using `show configuration`, but it does not permit any changes to the configuration. Configuration changes require entering Configuration mode (indicated by the `#` prompt) via the `configure` command. This separation enforces a strict two-tier access model, ensuring that operational tasks do not inadvertently alter the device's configuration.

Exam trap

The trap here is that candidates familiar with Cisco IOS may confuse 'Enable mode' (which grants configuration privileges in Cisco) with Junos's Operational mode, not realizing that Junos uses a completely different two-tier model where Operational mode is read-only and Configuration mode is required for any changes.

How to eliminate wrong answers

Option B (Monitor mode) is wrong because Junos does not have a 'Monitor mode'; this term is a distractor that might be confused with Cisco's monitor mode for software upgrades or with the `monitor` operational command used for real-time interface traffic viewing. Option C (Enable mode) is wrong because 'Enable mode' is a Cisco IOS concept that provides privileged access for configuration changes; Junos uses a different paradigm with distinct Operational and Configuration modes. Option D (Configuration mode) is wrong because this mode (indicated by the `#` prompt) is specifically designed for making configuration changes, not for viewing the configuration or executing operational commands without the ability to modify settings.

40
MCQmedium

A technician is troubleshooting a device that has an inconsistent configuration. They need to revert to the configuration that was committed exactly two commits ago. Which command sequence accomplishes this?

A.rollback 2
B.rollback 2 followed by commit
C.commit confirmed 2
D.rollback 3
AnswerB

rollback 2 loads the candidate from the second previous commit; commit activates it.

Why this answer

Option B is correct because the `rollback 2` command reverts the candidate configuration to the state it was in two commits ago, but the change is not applied until a `commit` is issued. This two-step sequence (rollback followed by commit) is required to make the reverted configuration active. Without the commit, the device continues running the current active configuration.

Exam trap

The trap here is that candidates often assume `rollback 2` alone immediately reverts the active configuration, forgetting that Junos requires an explicit `commit` to apply candidate changes.

How to eliminate wrong answers

Option A is wrong because `rollback 2` alone only loads the configuration from two commits ago into the candidate configuration; it does not commit it, so the device continues to operate with the current active configuration. Option C is wrong because `commit confirmed 2` is used to automatically roll back after 2 minutes if not confirmed, not to revert to a configuration from two commits ago. Option D is wrong because `rollback 3` reverts to the configuration from three commits ago, not two commits ago.

41
MCQeasy

Which command saves the current operational state information to a file that can be provided to Juniper support for troubleshooting?

A.request support information
B.monitor traffic
C.show system information
D.file copy
AnswerA

This command gathers operational data into a file for support.

Why this answer

The 'request support information' command collects a comprehensive snapshot of the current operational state, including configuration, logs, routing tables, and interface statistics, and packages it into a file (e.g., /var/tmp/support-info-date-time.tgz) that can be directly provided to Juniper support for troubleshooting. This is the standard Junos method for gathering diagnostic data.

Exam trap

The trap here is that candidates may confuse 'show system information' with a support data collection tool, not realizing it only displays a brief summary and does not generate a comprehensive, saveable file for support.

How to eliminate wrong answers

Option B is wrong because 'monitor traffic' is used for real-time packet capture and display, not for saving a static snapshot of operational state to a file. Option C is wrong because 'show system information' displays basic system details like uptime and model but does not save the output to a file or collect the comprehensive data set needed for support. Option D is wrong because 'file copy' is a generic command for copying files between locations and does not generate or collect operational state information.

42
MCQeasy

Which command displays the current hostname of a Junos device?

A.show system host-name
B.show chassis hardware
C.show configuration system host-name
D.show system uptime
AnswerA

This command shows the configured hostname.

Why this answer

The command 'show system host-name' is the correct operational mode command to display the current hostname configured on a Junos device. It retrieves the hostname from the active configuration and displays it in the output, confirming the device's identity on the network.

Exam trap

The trap here is that candidates confuse 'show configuration system host-name' (which shows the configuration stanza) with the operational command 'show system host-name', leading them to choose the configuration-oriented option instead of the direct operational display command.

How to eliminate wrong answers

Option B is wrong because 'show chassis hardware' displays hardware components such as chassis, backplane, and FRUs (e.g., RE, FPC, PIC), not the hostname. Option C is wrong because 'show configuration system host-name' displays the hostname configuration statement from the candidate or active configuration, but it is a configuration mode command (or requires '| display set' in operational mode) and does not directly show the current operational hostname in a single-line output like 'show system host-name'. Option D is wrong because 'show system uptime' displays system uptime, load averages, and time since last reboot, not the hostname.

43
MCQhard

During a network traffic storm, a Juniper EX switch's CPU utilization spikes to 100%. Which command would best help identify the cause?

A.monitor traffic interface ge-0/0/0
B.show spanning-tree bridge
C.show ethernet-switching table
D.show interfaces extensive ge-0/0/0
AnswerA

This command captures packets on an interface, helping identify the type and source of the storm.

Why this answer

Option A is correct because the 'monitor traffic interface' command captures live packet headers on the specified interface, allowing you to see the type and source of traffic causing the CPU spike. During a traffic storm (e.g., broadcast storm), this command reveals excessive broadcast, multicast, or unknown unicast frames, which are typically the root cause of high CPU utilization on Juniper EX switches.

Exam trap

The trap here is that candidates often confuse 'show interfaces extensive' (which shows error counters like CRC errors or giants) with the ability to see live traffic, but it only provides historical statistics, not the packet-level detail needed to pinpoint the storm's source.

How to eliminate wrong answers

Option B is wrong because 'show spanning-tree bridge' displays STP bridge parameters and port roles, which help diagnose Layer 2 loops but not the specific traffic types or sources causing a CPU storm. Option C is wrong because 'show ethernet-switching table' shows MAC address entries and their associated interfaces, which is useful for verifying forwarding tables but does not reveal real-time traffic patterns or packet contents. Option D is wrong because 'show interfaces extensive' provides detailed interface statistics and errors, but it does not capture live packet data; it only shows counters and historical data, not the actual traffic causing the CPU spike.

44
MCQeasy

An administrator needs to quickly revert all uncommitted configuration changes and return the device to the last committed configuration. Which command accomplishes this?

A.rollback 0
B.delete configuration
C.load override
D.rollback 1
AnswerA

Reverts the candidate configuration to the last committed configuration.

Why this answer

The command 'rollback 0' reverts all uncommitted configuration changes and returns the device to the last committed configuration. In Junos, the rollback command uses a numeric argument to specify which previous configuration to load, with 0 always referring to the most recently committed configuration. This effectively discards any pending changes in the candidate configuration without requiring a commit.

Exam trap

The trap here is that candidates often confuse 'rollback 0' with 'rollback 1', mistakenly thinking rollback 1 reverts to the last committed configuration, when in fact rollback 0 is the correct index for the most recent commit, and rollback 1 refers to the configuration before that.

How to eliminate wrong answers

Option B is wrong because 'delete configuration' is not a valid Junos command; the correct approach to remove all configuration is to use 'delete' within configuration mode on specific hierarchies or use 'load override terminal' with an empty configuration, not a single command. Option C is wrong because 'load override' replaces the entire candidate configuration with a specified file or terminal input, but it does not automatically revert to the last committed configuration; it requires an explicit source (e.g., a file) and does not default to rollback 0. Option D is wrong because 'rollback 1' reverts to the configuration that was committed before the most recent commit (i.e., the previous committed configuration), not the last committed one, so it would not discard uncommitted changes if the candidate has not been committed.

45
Matchingmedium

Match each Junos file system directory to its content.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Configuration files

Log files

Temporary files

Runtime state files

Alternate root filesystem for backup

Why these pairings

These are key directories in the Junos file system.

46
MCQeasy

A company wants to implement best practice for password recovery on Juniper devices to avoid service disruption. Which of the following is the recommended method?

A.Perform a factory reset to default configuration
B.Boot the device into single-user mode from the console and reset the root password
C.Use SNMP to modify the password field in the configuration
D.Contact JTAC to remotely reset the password
AnswerB

This is the standard Juniper password recovery procedure, allowing password reset without affecting configuration.

Why this answer

Option B is correct because booting the device into single-user mode from the console is the standard, secure method for password recovery on Juniper devices. This process allows an administrator with physical console access to reset the root password without affecting the running configuration or causing service disruption, as the device boots with a minimal kernel and does not load the full configuration.

Exam trap

The trap here is that candidates may confuse Juniper's single-user mode recovery with Cisco's password recovery process, which often involves a configuration register change and may require a factory reset; Juniper's method is designed to preserve the configuration, while Cisco's recovery can sometimes erase the startup configuration if not done carefully.

How to eliminate wrong answers

Option A is wrong because performing a factory reset to default configuration erases all configuration data, causing complete service disruption and loss of custom settings, which is not a best practice for password recovery. Option C is wrong because SNMP is a monitoring and management protocol that does not provide a mechanism to modify password fields in the Junos configuration; it is read-only for security purposes and cannot be used for password changes. Option D is wrong because contacting JTAC to remotely reset the password is not a standard or recommended procedure; JTAC does not have direct access to reset passwords, and this would require a support contract and potentially cause delays, not to mention that remote password reset is not a supported feature.

47
MCQmedium

Refer to the exhibit. Which log file will contain messages about authorization events?

A.messages
B.Both messages and interactive-commands
C.Neither
D.interactive-commands
AnswerA

The 'authorization info' statement means authorization events with priority info and above are logged to messages.

Why this answer

In Junos, the 'messages' log file (typically /var/log/messages) records system log messages, including authorization events such as user login failures, privilege escalation attempts, and configuration changes. Authorization events are generated by the system's authentication, authorization, and accounting (AAA) framework and are logged at the 'info' severity level by default, which is captured in the messages file. The 'interactive-commands' log file specifically records CLI commands entered by users, not authorization events.

Exam trap

The trap here is that candidates confuse 'interactive-commands' (which logs CLI commands) with authorization logging, assuming that because commands require authorization, the log file would contain authorization events, but Junos separates command logging from authorization event logging.

How to eliminate wrong answers

Option B is wrong because 'interactive-commands' logs only the actual CLI commands typed by users, not authorization events; authorization events are separate and appear in 'messages'. Option C is wrong because authorization events are indeed logged in Junos, specifically in the 'messages' file, so 'Neither' is incorrect. Option D is wrong because 'interactive-commands' does not contain authorization messages; it is dedicated to recording user-entered commands for auditing purposes.

48
MCQhard

Refer to the exhibit. An administrator notices repeated failed login attempts. What should be configured to mitigate this attack?

A.Set login retry limit
B.Configure a firewall filter to block the source IP
C.Disable SSH
D.Change the root password
AnswerB

B directly blocks the attacker IP.

Why this answer

A firewall filter can block traffic from the source IP address of the repeated failed login attempts, preventing further access from that host. This is a direct and immediate mitigation against an ongoing brute-force attack, as it stops the attacker's traffic at the network layer before it reaches the SSH or login service.

Exam trap

The trap here is that candidates often confuse mitigation (stopping an ongoing attack) with prevention (hardening against future attacks), leading them to choose retry limits or password changes instead of the immediate IP-blocking solution.

How to eliminate wrong answers

Option A is wrong because setting a login retry limit only restricts the number of failed attempts per session, but it does not block the source IP; an attacker can simply open new sessions and continue. Option C is wrong because disabling SSH would prevent all remote access, including legitimate administrative access, which is an overly drastic and unnecessary measure. Option D is wrong because changing the root password does not stop the attacker from continuing to try new passwords; it only invalidates the current password, but the attack persists.

49
Multi-Selectmedium

Which TWO statements are true about the Junos file system? (Choose two.)

Select 2 answers
A.The /config directory contains configuration files.
B.The /var/tmp directory is used for temporary storage.
C.The /altroot directory is a backup root filesystem.
D.The /kernel directory contains the operating system kernel.
E.The root directory (/) is a RAM disk.
AnswersA, B

/config stores the active and candidate configuration files.

Why this answer

Option A is correct because the /config directory in the Junos file system stores the active and backup configuration files, including juniper.conf and juniper.conf.gz. These files are critical for device operation and are loaded during the boot process.

Exam trap

The trap here is that candidates may confuse the /altroot directory with a backup root filesystem, when in fact it is used for alternate root images during software upgrades, not a persistent backup.

50
Multi-Selecthard

Which THREE statements are true about commit operations in Junos OS?

Select 3 answers
A.The 'commit confirmed' command immediately discards changes if not confirmed.
B.Multiple users can make configuration changes simultaneously, but only one can commit at a time.
C.The 'commit check' command validates the configuration syntax without activating it.
D.The 'commit confirmed' command allows a rollback to the previous configuration if not confirmed within the timeout period.
E.The 'commit' command always requires 'commit synchronize' when using dual Routing Engines.
AnswersB, C, D

Junos uses a lock to serialize commits.

Why this answer

Option B is correct because Junos OS allows multiple users to enter configuration mode and make changes simultaneously, but the commit operation is serialized: only one user can commit at a time. This prevents conflicting changes from being applied concurrently, ensuring configuration consistency.

Exam trap

The trap here is confusing 'commit confirmed' with an immediate discard of changes, when in fact it temporarily activates the configuration and only rolls back if the confirmation is not received within the timeout period.

51
Multi-Selecteasy

Which TWO statements about the Junos OS configuration hierarchy are correct? (Choose two.)

Select 2 answers
A.All configuration is stored in a flat file with line numbers
B.The hierarchy is stored in multiple configuration files that are merged at boot
C.Configuration is organized in a hierarchical structure with levels
D.Configuration values are inherited from the root level automatically
E.Each level can contain one or more statements or values
AnswersC, E

Junos uses a tree-like hierarchy, e.g., protocols > bgp > group > neighbor.

Why this answer

Option C is correct because the Junos OS configuration is organized in a hierarchical structure, resembling a tree with defined levels (e.g., [edit interfaces], [edit protocols ospf]). This hierarchy allows for logical grouping of configuration statements, making it easier to manage and navigate. The structure is enforced by the Junos CLI and the configuration database, which uses a set-based model rather than a flat file.

Exam trap

The trap here is that candidates often confuse Junos's hierarchical structure with Cisco IOS's flat or modular configuration approach, leading them to incorrectly assume that Junos uses multiple merged files or automatic root-level inheritance.

52
MCQhard

During a maintenance window, an engineer needs to apply a series of configuration changes that are stored in a text file. Which command sequence should be used to load and apply the changes from the file?

A.request system configuration rescue save
B.load override /var/tmp/changes.txt; commit
C.configure; load patch /var/tmp/changes.txt; commit
D.configure; load merge /var/tmp/changes.txt; commit
AnswerD

Loads the configuration changes from the file without overwriting existing configuration, then commits.

Why this answer

Option D is correct because the engineer needs to enter configuration mode (configure) and then use the 'load merge' command to merge the contents of the text file into the candidate configuration without replacing the entire configuration. The 'commit' command then activates the changes. This is the standard Junos workflow for applying incremental changes from a file.

Exam trap

The trap here is that candidates often confuse 'load merge' with 'load override' or 'load patch', not realizing that 'load merge' is the correct command for applying incremental changes from a standard configuration text file, while 'load override' wipes the entire configuration and 'load patch' requires a specific diff format.

How to eliminate wrong answers

Option A is wrong because 'request system configuration rescue save' saves the current active configuration as a rescue configuration, not loads changes from a file. Option B is wrong because 'load override' replaces the entire candidate configuration with the contents of the file, which would discard all existing configuration not in the file, and the command sequence does not include entering configuration mode ('configure'). Option C is wrong because 'load patch' is used to apply a patch file (a diff between two configurations), not a standard text file of configuration changes; it would likely fail or produce unintended results if the file is not in patch format.

53
MCQhard

Based on the exhibit, what is the most likely impact on the router?

A.Routing protocol adjacencies will be lost, causing routing instability.
B.The CPU will be overloaded due to the kernel messages.
C.The router will stop forwarding packets immediately.
D.The router will reboot automatically.
AnswerA

The rpd process is killed, so dynamic routing protocols will fail.

Why this answer

The exhibit shows kernel messages indicating a hardware or software fault (e.g., a FPC crash or PIC restart). In Junos, such critical events cause the Packet Forwarding Engine (PFE) to reset, which tears down all routing protocol adjacencies (OSPF, BGP, IS-IS) because the control plane loses communication with the forwarding plane. This leads to route withdrawal and routing instability until the adjacencies are re-established.

Exam trap

The trap here is that candidates assume kernel messages always cause a full reboot or immediate forwarding stop, but Junos is designed to isolate failures to specific components (like FPCs) rather than crashing the entire router.

How to eliminate wrong answers

Option B is wrong because kernel messages are logged as part of normal fault handling and do not inherently overload the CPU; Junos prioritizes control plane stability. Option C is wrong because the router continues to forward packets using the last known forwarding table until the PFE restarts, and even then, forwarding may resume after the restart without a full stop. Option D is wrong because Junos does not automatically reboot on kernel messages; it isolates the faulty component (e.g., FPC restart) to maintain overall system availability.

54
MCQhard

An administrator notices that after committing a configuration change on a Juniper MX router, the device loses connectivity to the management network. The management interface is part of a dedicated management routing instance. Which of the following is the most likely cause?

A.A firewall filter was applied to the management interface that blocks all traffic
B.NTP was configured with an incorrect server address
C.A syslog server was configured that is unreachable
D.The routing instance for the management interface was accidentally removed
AnswerD

If the management interface's routing instance is removed, the interface loses its route to the management network, causing connectivity loss.

Why this answer

The management interface is part of a dedicated management routing instance (often named mgmt_junos). If this routing instance is accidentally removed during a commit, the management interface loses its routing context and becomes unreachable, causing loss of connectivity to the management network. This is a common misconfiguration when an administrator modifies routing instance configurations without realizing the management interface depends on it.

Exam trap

The trap here is that candidates often assume a firewall filter or service configuration (like NTP or syslog) is the cause, but the real issue is the removal of the routing instance that provides the logical separation for the management interface.

How to eliminate wrong answers

Option A is wrong because applying a firewall filter that blocks all traffic to the management interface would cause immediate loss of connectivity, but the question states the issue occurs after committing a configuration change, and the most likely cause is a structural change to the routing instance rather than a filter. Option B is wrong because configuring NTP with an incorrect server address would not cause loss of management connectivity; it would only prevent time synchronization. Option C is wrong because configuring an unreachable syslog server would only affect logging, not the management interface's ability to communicate on the network.

55
MCQmedium

Based on the exhibit, what is the most likely reason for the ping failure?

A.A firewall filter is blocking ICMP traffic.
B.The interface is disabled at the unit level.
C.The neighbor device is not configured or is unreachable.
D.The interface is administratively down.
AnswerC

The ping fails, likely because the neighbor is not configured or there is no route to 10.0.0.2.

Why this answer

The ping failure is most likely due to the neighbor device not being configured or unreachable because the output shows the interface is up (Physical link is Up) and the unit is enabled (Unit 0 is enabled), but there is no neighbor discovery or ARP entry. Without a valid next-hop or neighbor reachability, ICMP echo requests cannot be forwarded, resulting in ping failure.

Exam trap

The trap here is that candidates often assume a ping failure is due to an interface being down or a firewall filter, but the exhibit clearly shows the interface is up and enabled, so the issue must be at the network layer with neighbor unreachability.

How to eliminate wrong answers

Option A is wrong because there is no evidence of a firewall filter blocking ICMP traffic; the output does not show any applied filter or statistics indicating dropped packets. Option B is wrong because the interface is not disabled at the unit level; the output explicitly states 'Unit 0 is enabled' and shows an IP address configured. Option D is wrong because the interface is not administratively down; the output shows 'Physical link is Up' and 'Interface is up', indicating no administrative shutdown.

56
MCQeasy

A network engineer is configuring a new Juniper MX router to replace an existing core router. The engineer has applied several configuration changes and wants to ensure that the new configuration can be tested safely. If the test fails (e.g., loss of management connectivity), the router should automatically revert to the previous configuration after a 5-minute period. The engineer performs a commit confirmed with a timeout of 5 minutes. After 4 minutes, the engineer verifies that the change is successful and wants to make it permanent. Which action should the engineer take to ensure the configuration persists?

A.Issue the 'rollback 0' command, then commit.
B.Issue the 'commit confirmed 5' command again to reset the timer.
C.Issue the 'request system reboot' command to reload the router.
D.Issue a standard 'commit' command to confirm the configuration.
AnswerD

A standard commit makes the candidate configuration permanent and cancels the commit confirmed timer.

Why this answer

Option C is correct because issuing 'commit check' does not make the configuration permanent; it only validates syntax. The engineer must explicitly commit the candidate configuration to confirm it. Option A is wrong because 'rollback 0' reverts to the previous configuration, undoing the change.

Option B is wrong because 'request system reboot' would interrupt operations and is unnecessary. Option D is wrong because 'commit confirmed' with a new timeout would restart the timer but does not finalize; a standard commit is needed.

57
MCQhard

You are administering a Juniper MX240 router that provides connectivity to multiple customer sites. The router uses BGP to exchange routes with two upstream ISPs. Recently, you applied a new firewall filter to the loopback interface to restrict management access. After committing the configuration, you can no longer establish SSH sessions to the router from the management network. You are currently connected via console. The loopback filter is still applied. You suspect the filter is blocking SSH traffic from the management network. What should you do to restore SSH access without losing the other filter rules?

A.Roll back to the previous configuration using 'rollback 0' and commit.
B.Add a new term at the end of the filter that accepts SSH traffic from any source.
C.Add a new term at the beginning of the filter that accepts SSH traffic from the management network, then reorder the terms so that this term is evaluated first.
D.Delete the firewall filter from the loopback interface and commit.
AnswerC

This ensures SSH from the management network is accepted before any deny rules are evaluated.

Why this answer

Option C is correct because firewall filters in Junos are evaluated in order, and adding a term at the beginning that explicitly accepts SSH traffic from the management network ensures that the SSH packets are permitted before any subsequent deny terms are evaluated. This preserves all existing filter rules while restoring SSH access. The 'insert' command or reordering terms is necessary to place the new term first, as the default behavior appends new terms to the end of the filter.

Exam trap

The trap here is that candidates assume adding a permit rule anywhere in the filter will work, but they forget that Junos filters are order-dependent and that new terms are appended to the end by default, which may be after a deny term that blocks the traffic.

How to eliminate wrong answers

Option A is wrong because 'rollback 0' rolls back to the most recently committed configuration, which would remove the entire firewall filter and any other recent changes, not just the problematic rule. Option B is wrong because adding a term at the end of the filter that accepts SSH from any source would still be evaluated after any existing deny terms that might block SSH traffic, so it would not restore access. Option D is wrong because deleting the entire firewall filter from the loopback interface removes all security restrictions, not just the one blocking SSH, which violates the requirement to keep other filter rules.

58
MCQhard

A technician needs to upgrade the Junos OS on a device that is part of a redundant cluster. Which approach minimizes traffic disruption?

A.Use 'request system software add' on both nodes at the same time.
B.Upgrade both nodes simultaneously to reduce maintenance time.
C.Upgrade one node at a time, ensuring the cluster remains redundant.
D.Use the 'commit synchronize' command to keep configurations in sync after upgrade.
AnswerC

This maintains traffic flow by failing over to the upgraded node.

Why this answer

Option C is correct because upgrading one node at a time in a redundant cluster ensures that at least one node remains active to handle traffic while the other is being upgraded. This approach maintains cluster redundancy and minimizes traffic disruption, as the active node continues forwarding traffic using the gratuitous ARP or VRRP mechanisms, and the upgraded node rejoins the cluster after reboot.

Exam trap

The trap here is that candidates might think simultaneous upgrades are efficient or that 'commit synchronize' is related to software upgrades, but Junos requires sequential node upgrades in a cluster to maintain redundancy and avoid traffic loss.

How to eliminate wrong answers

Option A is wrong because using 'request system software add' on both nodes simultaneously would cause both nodes to reboot at the same time, resulting in a complete traffic outage for the cluster. Option B is wrong because upgrading both nodes simultaneously reduces maintenance time but causes a total loss of redundancy and traffic disruption, which is not acceptable for minimizing disruption. Option D is wrong because 'commit synchronize' is used to synchronize configuration changes between nodes, not to manage software upgrades; it does not address the upgrade process or traffic disruption.

59
MCQeasy

Refer to the exhibit. An engineer wants to verify that static routes for 10.0.1.0/24 and 10.0.2.0/24 are present in the routing table. Based on the output, which statement is true?

A.Both routes are active and have the same preference value.
B.Both routes have a preference of 0.
C.Only the 10.0.1.0/24 route is active.
D.Both routes use the same next-hop IP address.
AnswerA

Both are active (marked with '*') and have preference 5.

Why this answer

The output shows both 10.0.1.0/24 and 10.0.2.0/24 as static routes with a preference of 5. Since the preference value is the same and both are listed as active (the 'A' flag is present in the routing table), both routes are installed and active in the forwarding table. In Junos, a static route's default preference is 5, and any route with a lower preference is preferred; here both have equal preference, so they coexist as active routes.

Exam trap

The trap here is that candidates may assume a static route always has a preference of 0 (like a connected route) or that only one static route can be active per destination, but Junos allows multiple static routes with equal preference to be active simultaneously if they have different prefixes.

How to eliminate wrong answers

Option B is wrong because the preference shown in the output is 5, not 0; a preference of 0 is reserved for directly connected routes in Junos. Option C is wrong because the output clearly shows both 10.0.1.0/24 and 10.0.2.0/24 with the 'A' (active) flag, indicating both are active. Option D is wrong because the next-hop IP addresses differ: 10.0.1.0/24 uses 192.168.1.1 and 10.0.2.0/24 uses 192.168.2.1, as seen in the exhibit.

60
Multi-Selecteasy

Which TWO statements are true about the Junos OS boot process?

Select 2 answers
A.The routing engine initializes after the kernel loads.
B.The forwarding engine is initialized before the kernel.
C.The configuration is loaded from /config before the kernel starts.
D.The boot loader loads the kernel from the boot device.
E.The kernel mounts the root file system.
AnswersD, E

This is the first step in the boot process.

Why this answer

Option D is correct because the boot loader (such as U-Boot or GRUB) is responsible for loading the Junos OS kernel from the boot device (e.g., compact flash or hard disk) into memory. This is the first step in the boot sequence after the hardware POST completes. Option E is correct because after the kernel is loaded, it mounts the root file system from the boot device to access essential system files and directories before initializing processes.

Exam trap

The trap here is that candidates often confuse the order of initialization, mistakenly thinking the forwarding engine or configuration loading occurs earlier in the boot process than it actually does, due to a misunderstanding of the separation between control and forwarding planes in Junos.

61
MCQmedium

A network engineer notices that a Junos device is not forwarding traffic for a specific subnet. The routing table shows the route for that subnet, but traffic is still not being forwarded. Which command should the engineer use to verify whether the firewall filter is dropping the traffic?

A.show interfaces terse
B.show firewall filter counter
C.show firewall filter
D.show firewall filter log
AnswerD

This command displays logs of packets that match filter terms with log/syslog actions, helping identify drops.

Why this answer

Option D is correct because the 'show firewall filter log' command displays the log entries generated by firewall filter terms that have a 'log' action configured. When traffic is not being forwarded despite a valid route, a firewall filter may be silently dropping packets; this command reveals which packets matched the filter and whether they were logged, helping to identify drops.

Exam trap

The trap here is that candidates often confuse 'show firewall filter' (which shows configuration) with 'show firewall filter log' (which shows actual packet logs), or they assume counters alone can identify drops without realizing counters only show matches, not the specific action taken.

How to eliminate wrong answers

Option A is wrong because 'show interfaces terse' displays interface status and configuration, not firewall filter counters or logs, so it cannot show whether a filter is dropping traffic. Option B is wrong because 'show firewall filter counter' shows packet and byte counts for filter terms with a 'counter' action, but it does not show log entries or detailed packet information; it only indicates that packets matched, not whether they were dropped or logged. Option C is wrong because 'show firewall filter' displays the filter configuration (terms, actions, match conditions), not real-time packet matching or drop statistics, so it cannot verify if traffic is being dropped.

62
MCQeasy

What is the purpose of the 'commit confirmed' command in Junos OS?

A.It compares the candidate configuration with the active configuration
B.It allows the administrator to test a configuration change with automatic rollback if confirmation is not received
C.It permanently saves the candidate configuration to the startup configuration
D.It confirms that a previous commit was successful
AnswerB

This is the primary use: to safely apply changes and revert if connectivity is lost.

Why this answer

The 'commit confirmed' command in Junos OS applies a candidate configuration change and starts a confirmation timer (default 10 minutes). If the administrator does not issue a 'commit' command before the timer expires, the system automatically rolls back to the previous active configuration. This allows safe testing of changes, especially over remote connections, preventing lockout if the change breaks connectivity.

Exam trap

The trap here is that candidates confuse 'commit confirmed' with a simple confirmation prompt or a verification step, when in fact it is a timed rollback mechanism designed to prevent lockout during remote configuration changes.

How to eliminate wrong answers

Option A is wrong because comparing the candidate configuration with the active configuration is done using the 'show | compare' command or 'show configuration | compare', not 'commit confirmed'. Option C is wrong because permanently saving the candidate configuration to the startup configuration is achieved with 'commit' (or 'commit and-quit'), not 'commit confirmed'; the 'commit confirmed' command applies the change temporarily and requires a subsequent 'commit' to make it permanent. Option D is wrong because confirming a previous commit was successful is not a function of 'commit confirmed'; the system logs commit success or failure in the event log, and 'show system commit' displays the commit history, but 'commit confirmed' is used to test a change with automatic rollback, not to verify a past commit.

63
MCQmedium

Refer to the exhibit. An operator tries to ping 192.168.1.2 from this router and fails. The router can ping itself (192.168.1.1). What is the most likely cause?

A.Reverse path forwarding (RPF) check is dropping the echo request.
B.The remote host is not reachable or is not responding to ARP requests.
C.The interface is administratively down.
D.Proxy ARP is not configured on the interface.
AnswerB

Ping failing to a host on the same subnet suggests ARP resolution failure or remote host down.

Why this answer

The router can ping its own interface (192.168.1.1), confirming that the interface is up and IP is configured correctly. The failure to ping 192.168.1.2 indicates that the router cannot reach the remote host, most likely because the host is down, not connected, or not responding to ARP requests. ARP resolution is required for the router to map the destination IP to a MAC address on the local subnet; without a successful ARP reply, the router cannot send the echo request.

Exam trap

The trap here is that candidates may confuse a local connectivity issue (like a down interface or RPF) with a remote host unreachability, but the ability to ping the local interface proves the interface is operational and the problem lies with the destination host or its ARP response.

How to eliminate wrong answers

Option A is wrong because reverse path forwarding (RPF) checks are used in multicast or unicast RPF (uRPF) scenarios to verify the source address of incoming packets, not to drop locally generated echo requests. Option C is wrong because if the interface were administratively down, the router would not be able to ping its own address (192.168.1.1). Option D is wrong because Proxy ARP is used to allow a router to respond to ARP requests on behalf of hosts on another subnet; it is not required for a router to ping a host on the same directly connected subnet.

64
MCQeasy

Refer to the exhibit. Which filesystem should the administrator investigate to free up disk space?

A./config
B./ (root)
C./dev
D./var
AnswerD

/var is at 97% usage, closest to capacity.

Why this answer

The /var filesystem on Junos devices stores system logs, core dumps, and temporary files. When disk space is low, /var is the most common culprit because it contains rotating log files (e.g., messages, interactive-commands) and crash data that can accumulate rapidly. The administrator should investigate /var to free up space by clearing old logs or core files.

Exam trap

The trap here is that candidates often assume the root filesystem (/) is the primary space consumer, but Junos intentionally segregates dynamic data into /var, making it the correct target for disk space recovery.

How to eliminate wrong answers

Option A is wrong because /config is a dedicated partition for the active and backup configuration files (e.g., juniper.conf.gz), which are small and rarely cause disk space issues. Option B is wrong because / (root) contains the Junos kernel and base system files, which are static and do not grow significantly over time. Option C is wrong because /dev is a virtual filesystem for device nodes and does not consume persistent disk space.

65
MCQhard

What happens when a user issues the 'request system reboot' command without any options?

A.The device reboots after the current commit.
B.The device reboots immediately.
C.The device prompts for confirmation.
D.The device schedules a reboot in 5 minutes.
AnswerC

B is correct; user must confirm reboot.

Why this answer

When a user issues the 'request system reboot' command without any options, Junos OS prompts for confirmation before proceeding. This is a safety mechanism to prevent accidental reboots, as the command does not automatically reboot the device immediately or schedule a delayed reboot by default.

Exam trap

The trap here is that candidates often assume 'request system reboot' behaves like a typical Linux 'reboot' command (immediate execution), but Junos requires explicit confirmation or the 'now' option to proceed without a prompt.

How to eliminate wrong answers

Option A is wrong because the 'request system reboot' command does not wait for a commit; it reboots the device immediately after confirmation, and the current configuration is already active. Option B is wrong because the command does not reboot immediately; it first prompts the user for confirmation to avoid unintended disruptions. Option D is wrong because the command does not schedule a reboot in 5 minutes; that behavior requires the 'at' or 'in' option (e.g., 'request system reboot at 12:00' or 'request system reboot in 5').

66
MCQmedium

A network engineer is troubleshooting connectivity between two VLANs on the same Juniper EX switch. Hosts in VLAN 100 cannot ping hosts in VLAN 200. The switch has an IRB interface configured for each VLAN. Which configuration is most likely missing?

A.Spanning Tree Protocol is not enabled on the switch
B.The switchport mode is set to access instead of trunk
C.The IRB interfaces are not assigned to the same routing instance
D.DHCP relay is not configured on the IRB interfaces
AnswerC

IRB interfaces must be in the same routing instance with routing between them enabled; default instance works, but if they are in different instances, routing fails.

Why this answer

For hosts in different VLANs to communicate through an EX switch, the IRB interfaces must belong to the same routing instance to enable inter-VLAN routing. By default, each IRB is placed in the default routing instance (inet.0), but if they are assigned to separate routing instances, no route exists between them, breaking Layer 3 forwarding. Option C directly addresses this missing configuration.

Exam trap

The trap here is that candidates confuse Layer 2 issues (like trunking or STP) with Layer 3 routing, assuming VLAN-to-VLAN ping failures must be caused by a missing trunk or STP misconfiguration, when the actual missing piece is the routing instance assignment for the IRB interfaces.

How to eliminate wrong answers

Option A is wrong because Spanning Tree Protocol (STP) prevents Layer 2 loops and does not affect Layer 3 connectivity between VLANs; inter-VLAN routing relies on IRB interfaces and routing instances, not STP. Option B is wrong because switchport mode (access vs. trunk) applies to Layer 2 port-to-VLAN assignment, not to IRB interfaces; IRBs are Layer 3 logical interfaces and do not use switchport mode. Option D is wrong because DHCP relay is only needed when hosts require dynamic IP addresses from a remote DHCP server; it is not required for static IP-based ping tests between VLANs.

67
Multi-Selectmedium

Which TWO statements are true about the Junos OS candidate configuration model? (Choose two.)

Select 2 answers
A.Each change is applied incrementally to the active configuration.
B.The candidate configuration is stored in a separate file from the active configuration.
C.After a commit, the candidate configuration is automatically discarded.
D.The candidate configuration can be modified without affecting the active configuration.
E.Multiple users can edit the candidate configuration simultaneously.
AnswersD, E

Changes are made to the candidate configuration and only affect the device after commit.

Why this answer

Option D is correct because the Junos OS candidate configuration model allows modifications to be made to a separate candidate configuration file without affecting the active configuration currently running on the device. This ensures that changes can be staged, reviewed, and validated before being committed, providing a safe and non-disruptive way to manage configuration changes.

Exam trap

The trap here is that Cisco engineers often confuse Junos's candidate model with Cisco IOS's running-config/startup-config model, where changes are applied immediately to the running configuration and saved separately, leading them to incorrectly assume that Junos also applies changes incrementally or that the candidate is a separate file.

68
MCQeasy

You are a network administrator for a service provider that uses Juniper MX series routers to provide MPLS VPN services to customers. Management has requested that you implement a secure out-of-band management (OOBM) solution for all MX routers to ensure that management traffic is isolated from the production network, reducing the risk of unauthorized access and management plane attacks. You are tasked with designing the OOBM solution using a dedicated management interface (me0) and a separate management routing instance. Which of the following best practices should you follow?

A.Place me0 in the inet.0 routing table and rely on static routes
B.Enable VLAN tagging on me0 to separate management traffic into different subnets
C.Configure the me0 interface in the default routing instance with a simple ACL
D.Create a dedicated routing instance for management, assign me0 to it, and apply a firewall filter to restrict access
AnswerD

This isolates management traffic and allows granular control.

Why this answer

Option D is correct because it follows Juniper's best practice for OOBM: creating a dedicated management routing instance (e.g., mgmt_junos) and assigning the me0 interface to it. This ensures management traffic is completely isolated from the production routing table (inet.0), preventing management plane attacks and unauthorized access. Applying a firewall filter on the me0 interface further restricts access to only authorized management hosts, aligning with security hardening guidelines.

Exam trap

The trap here is that candidates assume VLAN tagging (Option B) is a valid method for separating management traffic on any interface, but the me0 interface on Juniper MX routers does not support VLAN tagging as it is a dedicated Layer 3 out-of-band port, not a trunk port.

How to eliminate wrong answers

Option A is wrong because placing me0 in the inet.0 routing table mixes management traffic with production traffic, defeating the purpose of OOBM isolation and exposing the management plane to potential attacks. Option B is wrong because VLAN tagging on me0 is not supported; the me0 interface is a dedicated out-of-band management port that operates at Layer 3 and does not support subinterfaces or VLAN tagging. Option C is wrong because keeping me0 in the default routing instance (inet.0) does not isolate management traffic; a simple ACL is insufficient for full isolation, and the default instance is shared with production routes, violating OOBM principles.

69
MCQmedium

Refer to the exhibit. How many next hops are configured for the 192.168.1.0/24 route?

A.0
B.3
C.1
D.2
AnswerD

The route has two next hops: 10.0.0.1 and 10.0.0.2.

Why this answer

The correct answer is D because the route 192.168.1.0/24 has two next hops configured: one via 10.0.0.2 and another via 10.0.0.3. This is a case of equal-cost multipath (ECMP) routing, where Junos installs multiple next hops for the same prefix to load-balance traffic across multiple paths.

Exam trap

The trap here is that candidates often count the number of lines in the output rather than the distinct next-hop addresses, leading them to mistakenly select 3 (if they count a local interface line) or 1 (if they only see the first next hop).

How to eliminate wrong answers

Option A is wrong because the route exists and has next hops, not zero. Option B is wrong because only two next hops are present, not three; the exhibit shows exactly two next-hop addresses. Option C is wrong because the route has two next hops, not one; a single next hop would indicate a single path, but the exhibit clearly shows two.

70
MCQeasy

Which command shows the operational status of all interfaces in a brief format?

A.show interfaces terse
B.show interfaces statistics
C.show interfaces detail
D.show configuration interfaces
AnswerA

A is correct as it shows brief operational status.

Why this answer

The 'show interfaces terse' command displays a brief, one-line summary of each interface, including its administrative status (up/down), link status, protocol status, and configured IP addresses. This is the correct command for a concise overview of all interfaces' operational state, as specified in the Junos OS documentation.

Exam trap

The trap here is that candidates often confuse 'show interfaces terse' with 'show interfaces brief' (which does not exist in Junos) or assume 'show configuration interfaces' shows operational status, when it only shows configuration data.

How to eliminate wrong answers

Option B is wrong because 'show interfaces statistics' displays detailed packet and byte counters for each interface, not a brief operational status summary. Option C is wrong because 'show interfaces detail' provides extensive configuration and operational details for each interface, including hardware information and error counters, which is verbose rather than brief. Option D is wrong because 'show configuration interfaces' displays the configured interface settings from the candidate or active configuration, not the real-time operational status of the interfaces.

71
MCQmedium

An administrator needs to grant a user read-only access to the device via SSH. Which configuration should be applied?

A.set system login user admin class operator
B.set system login user guest class read-only
C.set system login user readonly class super-user
D.set system login user guest class operator
AnswerB

This creates a user 'guest' with read-only privileges.

Why this answer

Option B is correct because the 'read-only' class in Junos provides exactly the required level of access: users can view configuration and operational data but cannot make any changes. The 'set system login user guest class read-only' command assigns the predefined 'read-only' login class to the user 'guest', which permits SSH login with read-only privileges. This matches the administrator's requirement precisely.

Exam trap

The trap here is that candidates often confuse the 'operator' class with read-only access, not realizing that 'operator' permits operational mode changes (e.g., clearing logs or rebooting), whereas only the 'read-only' class truly restricts all modifications.

How to eliminate wrong answers

Option A is wrong because the 'operator' class provides read-write access to operational commands but does not allow configuration changes; however, it is not read-only, as it permits operational mode commands like 'request' and 'clear', which modify system state. Option C is wrong because the 'super-user' class grants full read-write access to all configuration and operational commands, which is the opposite of read-only. Option D is wrong because the 'operator' class, as noted, allows operational commands that can alter system state, making it more permissive than read-only.

72
MCQhard

A network engineer made several configuration changes on a Juniper QFX switch to implement new VLANs. After committing the changes, the engineer realized that the new configuration caused a critical loss of connectivity to the management network. The engineer needs to revert to the previous configuration that was working. The switch is still accessible via the console port, and the engineer has privilege level access. The previous configuration was committed two commits ago, and the current active configuration is the problematic one. Which action should the engineer take to restore the previous working configuration?

A.Use 'load override /config/juniper.conf.1.gz' followed by 'commit'.
B.Use 'delete system' to remove all configuration and then commit.
C.Execute 'rollback 0' followed by 'commit'.
D.Execute 'rollback 1' followed by 'commit'.
AnswerD

Rollback 1 reverts to the configuration that was committed before the current one, which is the working configuration. Commit activates it.

Why this answer

Option D is correct because the 'rollback 1' command reverts the candidate configuration to the configuration that was active one commit prior to the current active configuration. Since the engineer needs to go back two commits from the current state, and the current active configuration is the problematic one, 'rollback 1' retrieves the configuration from the previous commit (the working one). After the rollback, a 'commit' makes that configuration active, restoring connectivity.

Exam trap

The trap here is confusing the rollback numbering: candidates often think 'rollback 0' reverts to a previous configuration, but it actually refers to the current active configuration, while 'rollback 1' is needed to go back one commit (the previous working state).

How to eliminate wrong answers

Option A is wrong because '/config/juniper.conf.1.gz' is the backup of the configuration that was active one commit ago, but using 'load override' loads that file into the candidate configuration without automatically applying it; however, the correct rollback command is simpler and more appropriate, and 'juniper.conf.1.gz' corresponds to the configuration before the last commit, not two commits ago. Option B is wrong because 'delete system' removes all system configuration, which would cause a complete loss of management access and is an irreversible destructive action, not a targeted rollback. Option C is wrong because 'rollback 0' reverts to the current active configuration (the problematic one), which does nothing to restore the previous working configuration.

73
MCQmedium

A Junos device has multiple configuration files saved. Which command shows the available rollback configurations?

A.show system configuration
B.show system rollback
C.show configuration | display rollback
D.show system commit
AnswerD

B shows commit history with rollback IDs.

Why this answer

Option D is correct because the 'show system commit' command displays a list of all committed configuration revisions, including their commit IDs and timestamps, which are used to roll back to a previous configuration. The rollback feature in Junos relies on these stored commit files, and the command explicitly shows the available rollback points.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect a 'show rollback' command to list available rollbacks, but Junos uses 'show system commit' for this purpose, and 'show system rollback' only shows the content of a specific rollback when given an ID.

How to eliminate wrong answers

Option A is wrong because 'show system configuration' is not a valid Junos command; the correct command to view the current active configuration is 'show configuration'. Option B is wrong because 'show system rollback' is not a valid command; the correct command to view a specific rollback configuration is 'show system rollback <id>', but it does not list available rollback configurations. Option C is wrong because 'show configuration | display rollback' is not a valid syntax; the correct way to view a specific rollback configuration is 'show configuration rollback <id>', and the 'display rollback' option is used with 'show system commit' to show the configuration differences, not to list available rollbacks.

74
MCQhard

A Juniper device fails to boot and stops at the 'loader>' prompt. What is the most likely cause of this issue?

A.Bad boot device or missing kernel
B.Corrupted configuration file
C.Hardware failure of the power supply
D.Missing root password
AnswerA

If the boot device is missing or the kernel file is corrupted, the boot loader cannot proceed, resulting in the loader prompt.

Why this answer

When a Juniper device stops at the 'loader>' prompt, it indicates that the boot process has failed to locate or load the kernel (juniper-kernel) from the boot device (e.g., internal flash, USB, or hard disk). This is typically caused by a corrupted boot device, missing kernel image, or incorrect boot device selection in the boot loader (UBoot or CFE). The loader prompt is a low-level environment used for recovery, not a sign of configuration or authentication issues.

Exam trap

The trap here is that candidates confuse a boot loader failure (loader prompt) with a configuration or authentication issue, assuming that any boot problem is due to a corrupted config or password, when in fact the loader prompt specifically indicates a missing or inaccessible kernel.

How to eliminate wrong answers

Option B is wrong because a corrupted configuration file would cause the device to boot but fail to load the configuration, resulting in the 'amnesiac' state or a request to enter recovery mode, not a stop at the 'loader>' prompt. Option C is wrong because a power supply failure would prevent the device from powering on at all, not allow it to reach the boot loader stage. Option D is wrong because a missing root password does not affect the boot process; it only prevents login after the system has fully booted, and recovery can be performed via the console or root password recovery procedure.

75
MCQmedium

A network engineer is configuring a new Juniper device and needs to ensure that the configuration is saved persistently across reboots. Which command should be used?

A.save
B.request system reboot
C.show configuration
D.commit
AnswerD

Commits the candidate configuration to the active configuration, ensuring persistence across reboots.

Why this answer

The `commit` command activates the candidate configuration and saves it to the active configuration database, ensuring it persists across reboots. Without a commit, any changes made in candidate mode are lost when the device restarts.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly think `save` or `write memory` is the equivalent command, but Junos requires an explicit `commit` to persist changes.

How to eliminate wrong answers

Option A is wrong because `save` is not a valid Junos CLI command; the correct command to write configuration to a file is `save configuration <filename>`, but it does not activate or persist the configuration across reboots. Option B is wrong because `request system reboot` triggers a system restart but does not save any uncommitted configuration changes; any unsaved candidate configuration would be discarded. Option C is wrong because `show configuration` only displays the current active configuration; it does not save or persist any changes.

Page 1 of 2 · 90 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Junos OS Fundamentals questions.