CCNA Junos Os Fundamentals Questions

15 of 90 questions · Page 2/2 · Junos Os Fundamentals topic · Answers revealed

76
MCQmedium

You are a network administrator for a large enterprise. You have a Juniper SRX firewall that is used as the primary internet gateway. Users are reporting that they are unable to access certain external websites. You check the device and find that the security policies appear correct, and the routing is in place. You suspect that the issue might be related to the DNS resolution. You want to verify that the device can resolve DNS names and that the DNS server configuration is correct. Which command should you use to test DNS resolution from the Juniper device?

A.show system connections
B.ping <external website FQDN>
C.traceroute <external website FQDN>
D.show dns name-server
AnswerB

Pinging a hostname will trigger DNS resolution; if it fails, DNS may be misconfigured.

Why this answer

Option B is correct because the `ping` command with a fully qualified domain name (FQDN) forces the Juniper device to perform a DNS resolution before sending ICMP echo requests. If the device cannot resolve the FQDN, the ping will fail with a 'hostname not found' error, directly indicating a DNS configuration or reachability issue. This tests both the DNS server configuration and the device's ability to resolve names, which is essential for verifying DNS functionality.

Exam trap

The trap here is that candidates often confuse `show dns name-server` with a valid operational command, but Junos uses `show configuration system name-server` to view DNS server settings, and the `ping` command with an FQDN is the standard method to test live DNS resolution from the device.

How to eliminate wrong answers

Option A is wrong because `show system connections` displays active TCP/UDP connections and their states, not DNS resolution capabilities or configuration. Option C is wrong because `traceroute` with an FQDN also triggers DNS resolution, but it is designed to trace the path to the destination and is less direct for simply testing DNS resolution; a failed traceroute could be due to routing or firewall issues rather than DNS. Option D is wrong because `show dns name-server` is not a valid Junos command; the correct command to view DNS server configuration is `show configuration system name-server`.

77
MCQeasy

What is the default behavior when a user logs in to a Junos device and enters configuration mode?

A.The user must first commit before making changes.
B.The user can edit the candidate configuration.
C.The user can only view the configuration.
D.The user directly modifies the active configuration.
AnswerB

B is correct; candidate config is edited.

Why this answer

When a user enters configuration mode on a Junos device, they are placed into a private copy of the candidate configuration. This allows the user to make changes without affecting the active configuration until a commit operation is performed. Option B correctly describes this default behavior.

Exam trap

The trap here is that candidates familiar with Cisco IOS may assume changes are applied immediately (like in 'configure terminal'), but Junos requires an explicit commit to activate changes, and the candidate configuration is a separate, editable copy.

How to eliminate wrong answers

Option A is wrong because the user does not need to commit before making changes; they can edit the candidate configuration freely, and only a commit activates those changes. Option C is wrong because the user can edit the configuration in configuration mode, not just view it; viewing is the default in operational mode. Option D is wrong because Junos uses a separate candidate configuration; changes are not directly applied to the active configuration until explicitly committed.

78
MCQmedium

A Junos device fails to boot and enters the loader prompt. Which command should be used to boot the device into the Junos kernel from the loader prompt?

A.load kernel
B.boot device
C.boot
D.boot /kernel
AnswerD

This command boots the Junos kernel from the loader.

Why this answer

When a Junos device fails to boot and drops to the loader prompt (U-Boot or similar), the correct command to manually load the Junos kernel is 'boot /kernel'. This command instructs the bootloader to locate and execute the kernel file from the default filesystem path. Option D is correct because it specifies the full path to the kernel, which is required at the loader prompt to initiate the Junos OS boot process.

Exam trap

The trap here is that candidates familiar with generic bootloaders might assume 'boot' alone is sufficient, but Junos requires the explicit path '/kernel' at the loader prompt to bypass automatic boot attempts and force a manual kernel load.

How to eliminate wrong answers

Option A is wrong because 'load kernel' is not a valid command at the Junos loader prompt; the loader uses 'boot' to start execution, not 'load'. Option B is wrong because 'boot device' is not a standard command; the loader expects a path to a specific file, not a generic device reference. Option C is wrong because 'boot' alone is ambiguous and may attempt to boot from a default location, but it does not guarantee loading the Junos kernel from the correct path, especially if the boot device or file system is corrupted.

79
MCQmedium

Your data center uses Juniper QFX5110 switches as leaf nodes in a Virtual Chassis Fabric (VCF) topology with QFX5100 as spine nodes. You are adding a new QFX5110 leaf node to the fabric. The new switch is physically connected to all spine nodes as per the cabling guidelines. However, after powering on the new switch, it does not automatically join the fabric. The existing fabric shows the new switch's member ID as 8, but it remains in 'standalone' state. The VCF has been operational for several months without issues. You check the configuration on the existing VC and notice that the 'virtual-chassis' configuration does not include the new member. What is the most likely reason the new switch does not join?

A.The new switch is running a different version of Junos that is not compatible with the fabric
B.The new switch does not have the same virtual-chassis ID configured as the existing fabric
C.The new switch is only connected to one spine node, and VCF requires full mesh connections to all spines
D.The new switch has 'set virtual-chassis no-split-detection' enabled, preventing it from joining
AnswerB

The virtual chassis ID must be the same across all members; otherwise, they cannot form a VCF.

Why this answer

In a Virtual Chassis Fabric (VCF), all member switches must share the same virtual-chassis ID to be recognized as part of the same fabric. The existing fabric has a configured virtual-chassis ID, but the new QFX5110, by default, has a different or no virtual-chassis ID set. Without a matching virtual-chassis ID, the new switch cannot join the fabric and remains in 'standalone' state, even though it is physically connected and assigned a member ID.

Exam trap

The trap here is that candidates may assume a switch with a member ID assigned has successfully joined the fabric, but in VCF, member ID assignment happens early in the discovery process and does not guarantee full integration—the switch must also have a matching virtual-chassis ID to move out of 'standalone' state.

How to eliminate wrong answers

Option A is wrong because Junos supports mixed software versions in a VCF only if they are within the same major release train and compatible; the question states the fabric has been operational for months, and version incompatibility would typically cause a different error (e.g., 'version mismatch') rather than a 'standalone' state with a member ID assigned. Option C is wrong because VCF does not require full mesh connections to all spines; the cabling guidelines for VCF typically require each leaf to be connected to at least two spines for redundancy, but a single connection would not prevent the switch from joining—it would still join and then potentially have forwarding issues. Option D is wrong because 'set virtual-chassis no-split-detection' is a feature used to disable split-brain detection in a Virtual Chassis (not VCF) and is not relevant to a new switch joining a VCF; it does not prevent a switch from joining the fabric.

80
MCQmedium

Refer to the exhibit. An administrator wants to see authentication-related logs like SSH logins. In the current configuration, which log file contains this information?

A.utmp
B.interactive-commands
C.security
D.messages
AnswerB

The authorization facility logs authentication events to the interactive-commands file.

Why this answer

Option B is correct because the 'interactive-commands' log file is specifically designed to capture user-executed commands, including authentication-related events such as SSH login attempts and command execution. In Junos, this log is enabled by default and records all interactive CLI commands, which includes the authentication phase of SSH sessions.

Exam trap

The trap here is that candidates often confuse 'interactive-commands' with 'messages' or 'security' logs, assuming authentication events are always in the security log, but Junos specifically segregates CLI and authentication logs into the interactive-commands file.

How to eliminate wrong answers

Option A is wrong because utmp is a Unix-style file that tracks currently logged-in users, not historical authentication logs; Junos does not use utmp for persistent logging of SSH logins. Option C is wrong because the 'security' log file is used for security-related events like firewall filters, NAT, and IPsec, not for authentication or SSH login logs. Option D is wrong because the 'messages' log file contains general system messages (e.g., kernel, interface, and daemon events) but does not specifically capture interactive command or authentication logs.

81
MCQmedium

A network operator needs to backup the current configuration to a file on the local flash. Which command accomplishes this?

A.request system configuration rescue save
B.save /var/tmp/backup.conf
C.commit and-quit
D.show configuration | save /var/tmp/backup.conf
AnswerB

The 'save' command in configuration mode writes the current configuration to the specified file.

Why this answer

Option B is correct because the `save` command in operational mode writes the current active configuration to a specified file path, such as `/var/tmp/backup.conf`. This directly meets the requirement to backup the configuration to a file on local flash without affecting the candidate configuration or committing changes.

Exam trap

The trap here is that candidates confuse `save` (operational mode, writes active config to a file) with `show configuration | save` (which also works but is a pipe-based method that can introduce subtle differences in file format, and Juniper exams expect the direct `save` command as the standard approach).

How to eliminate wrong answers

Option A is wrong because `request system configuration rescue save` saves the current active configuration as the rescue configuration, not to an arbitrary file path like `/var/tmp/backup.conf`. Option C is wrong because `commit and-quit` commits the candidate configuration and exits configuration mode, but does not save a backup copy to a file. Option D is wrong because `show configuration | save /var/tmp/backup.conf` saves the output of `show configuration` (which displays the active configuration) to a file, but this is a pipe to `save` that writes the text output, not a direct configuration backup command; it works but is less standard and can include formatting artifacts, whereas `save` is the proper operational-mode command for this task.

82
MCQhard

Your enterprise network uses Juniper EX4300 switches in a collapsed core design with RSTP (802.1w) as the Layer 2 loop prevention protocol. You add a new EX2300 switch to an access closet and connect it to two different core switches using two uplink interfaces configured in an LACP LAG. After connecting the new switch, you notice intermittent connectivity issues across the entire network, with some devices reporting temporary packet loss. The issue occurs sporadically, especially during configuration changes or when links flap. You suspect the problem is related to RSTP. Upon investigation, you see that the new switch's uplink interfaces are both in the forwarding state, but occasionally one of them transitions to blocking and then back to forwarding. What is the most likely cause of the intermittent issues?

A.The LACP system priority is set too low on the new switch, causing it to lose LACP negotiations
B.The LAG is not recognized as a single logical link by RSTP, causing RSTP to see two separate links and create a loop
C.The uplink interfaces are configured as alternate ports instead of root ports
D.The new switch has a different root bridge priority, causing it to become the root and disrupting topology
AnswerB

RSTP should treat a LAG as one link, but if the LAG is not configured correctly (e.g., missing 'lacp' or 'aggregate' statements), RSTP can see separate links and cause a loop, leading to intermittent blocking.

Why this answer

B is correct because RSTP (802.1w) treats each physical interface in a LAG as a separate link unless the LAG is explicitly configured as a logical interface (ae interface) on Junos. When the two uplinks are not bundled into a single ae interface, RSTP sees two separate links between the new switch and the core, creating a loop. This causes RSTP to block one of the links to break the loop, and when the link flaps or configuration changes occur, the port transitions between blocking and forwarding, leading to intermittent packet loss across the network.

Exam trap

The trap here is that candidates assume LACP automatically bundles interfaces into a single logical link for all Layer 2 protocols, but RSTP operates at the port level and requires the ae interface to treat the LAG as one link; without it, RSTP sees multiple links and blocks one, causing intermittent connectivity.

How to eliminate wrong answers

Option A is wrong because LACP system priority affects which switch controls the LAG during negotiation, but it does not cause RSTP to see separate links; even with correct LACP negotiation, if the interfaces are not configured as a logical ae interface, RSTP still treats them as individual links. Option C is wrong because alternate ports are a normal RSTP role for backup paths and do not inherently cause intermittent issues; the problem is that RSTP is actively blocking one of the LAG member links to prevent a loop, not that the ports are in an alternate role. Option D is wrong because a different root bridge priority would cause a new root election, but the question states the new switch's uplinks are both in forwarding state initially, and the issue is specifically related to RSTP blocking one link due to loop detection, not a root bridge change.

83
MCQeasy

Which command is used to view the terminal history of commands entered by the user?

A.show system commit
B.show cli history
C.show configuration
D.show log messages
AnswerB

This shows the history of CLI commands in the current session.

Why this answer

The 'show cli history' command displays the list of previously entered CLI commands in the current session, allowing users to recall and re-execute them. This is a Junos-specific command that provides a terminal history feature, distinct from the commit history or system logs.

Exam trap

The trap here is that candidates often confuse 'show system commit' (which shows configuration commit history) with 'show cli history' (which shows the terminal command history), as both involve 'history' but serve entirely different purposes.

How to eliminate wrong answers

Option A is wrong because 'show system commit' displays the commit history (list of configuration changes committed), not the terminal command history. Option C is wrong because 'show configuration' displays the current active configuration, not the CLI command history. Option D is wrong because 'show log messages' displays system log messages (syslog entries), not the user's command history.

84
Multi-Selecthard

Which THREE statements about the Junos OS file system are true? (Choose three.)

Select 3 answers
A.The /etc directory contains all log files
B.The /altroot directory is used for user-uploaded files
C.The active configuration is stored in the /config directory
D.Log files are typically stored in /var/log
E.The file system is UNIX-like with directories such as /, /var, /config
AnswersC, D, E

The file juniper.conf.gz is in /config.

Why this answer

Option C is correct because the active configuration in Junos OS is stored as a file named `junos.conf` in the `/config` directory. This file is used by the system to load the running configuration at boot time, and it is distinct from the candidate configuration stored in `/var/db/config`.

Exam trap

The trap here is that candidates confuse the `/etc` directory (which stores system configs, not logs) with the standard Linux convention, or they mistakenly think `/altroot` is for user files instead of its actual purpose as a backup root filesystem.

85
Multi-Selectmedium

Which two statements correctly describe Junos OS login classes? (Choose two.)

Select 2 answers
A.They allow users to enter only operational mode.
B.They are defined under the [edit system login class] hierarchy.
C.They are automatically assigned to all users by default.
D.They can restrict access to configuration mode.
E.They cannot be modified after creation.
AnswersB, D

Login classes are configured under the 'system login class' hierarchy.

Why this answer

Option B is correct because Junos OS login classes are defined under the [edit system login class] hierarchy in the configuration. This hierarchy allows administrators to create custom classes that specify the permissions and access levels for users, such as read-only or superuser access.

Exam trap

The trap here is that candidates often confuse login classes with user accounts, assuming classes are automatically applied or immutable, when in fact they are manually assigned and fully configurable.

86
MCQhard

You are a network engineer at a service provider. You have a Juniper MX router that serves as a BGP route reflector for a large number of customer routes. Recently, the router has been experiencing high CPU utilization, and the BGP process (rpd) is consuming excessive memory. You suspect that the router is receiving too many routes from a specific BGP peer, causing the routing table to grow beyond the available memory. You need to diagnose the issue without affecting production traffic. Which course of action should you take?

A.Immediately shut down all BGP peers to stop the influx of routes.
B.Configure a prefix limit on all BGP peers.
C.Use the 'show route summary' command to check the routing table size and memory usage.
D.Use the 'show bgp summary' command to check the number of prefixes per peer.
AnswerC

This command provides a high-level view of route counts and memory usage, helping to identify if the routing table is oversized.

Why this answer

Option C is correct because the 'show route summary' command provides a high-level overview of the routing table size, including the total number of routes and the memory utilization of the routing table. This allows the engineer to quickly assess whether the routing table has grown beyond available memory without disrupting production traffic, which is the primary goal of the diagnosis.

Exam trap

The trap here is that candidates may confuse 'show bgp summary' (which shows prefix counts per peer) with 'show route summary' (which shows total routing table size and memory usage), and incorrectly assume that checking prefix counts alone is sufficient to diagnose memory exhaustion.

How to eliminate wrong answers

Option A is wrong because immediately shutting down all BGP peers would cause a complete loss of routing information and disrupt production traffic, which violates the requirement to not affect production traffic. Option B is wrong because configuring a prefix limit on all BGP peers is a reactive mitigation step that would change the router's configuration and potentially drop legitimate routes, not a diagnostic action to identify the source of the problem. Option D is wrong because while 'show bgp summary' shows the number of prefixes per peer, it does not provide memory usage details or the total routing table size, which are necessary to confirm that memory exhaustion is the root cause.

87
MCQhard

An organization plans to upgrade Junos from version 18.1R3 to 19.1R1. The device currently runs on 18.1R3. Which statement is true regarding the upgrade process?

A.The upgrade can be performed directly from 18.1R3 to 19.1R1 using a single junos-install package.
B.The device should be upgraded incrementally through each maintenance release before reaching 19.1R1.
C.The command 'request system software add' is used to install the new image.
D.The device will remain operational during the upgrade process without a reboot.
AnswerB

Juniper recommends sequential upgrades to avoid incompatibilities.

Why this answer

Option B is correct because Junos OS requires an incremental upgrade path when the target release is more than one major version ahead. Since 18.1R3 and 19.1R1 are separated by a major version boundary, the device must first be upgraded to an intermediate release (e.g., 18.2 or 18.4) before applying the 19.1R1 image. Skipping major versions can cause incompatibilities in the file system or configuration database.

Exam trap

The trap here is that candidates assume Junos upgrades are always direct like some other network OS, but Junos strictly enforces major version stepping to prevent database corruption and ensure compatibility.

How to eliminate wrong answers

Option A is wrong because a direct upgrade from 18.1R3 to 19.1R1 using a single junos-install package is not supported; Junos requires stepping through intermediate major releases to ensure proper database and filesystem migration. Option C is wrong because the correct command to install a new Junos image is 'request system software add' (not 'request system software add' — the actual command is 'request system software add' but the option incorrectly uses 'add' instead of 'add'; however, the primary issue is that the command alone does not guarantee a successful upgrade without following the correct version path). Option D is wrong because the device must reboot after the software installation to load the new kernel and packages; the system is not operational during the reboot process.

88
Multi-Selecthard

Which THREE of the following statements are true regarding Junos OS commit operations?

Select 3 answers
A.The 'commit check' command validates the candidate configuration without activating it.
B.The commit command activates the candidate configuration.
C.The 'commit confirmed' command automatically rolls back if not confirmed within the timeout.
D.You can run multiple commit scripts during a single commit operation.
E.The rollback command reverts to the current active configuration.
AnswersA, B, C

It checks syntax and semantics without applying.

Why this answer

Option A is correct because the 'commit check' command validates the candidate configuration for syntax and semantic errors without activating it. This allows an administrator to verify changes before making them active, preventing potential misconfigurations from disrupting network operations.

Exam trap

The trap here is that candidates often confuse 'rollback' with reverting to the current active configuration, when in fact 'rollback 0' refers to the current active configuration, and any other number refers to a previous committed configuration.

89
MCQeasy

Which operational command displays the system's current time and date?

A.show system time
B.show system uptime
C.show system inventory
D.show system processes
AnswerB

A includes current time and date.

Why this answer

The correct command to display the system's current time and date in Junos is 'show system uptime'. This command outputs the current time and date, along with how long the system has been running (uptime), the number of users, and the load averages. It is the standard operational command for checking the system clock on Juniper devices.

Exam trap

The trap here is that candidates familiar with Cisco IOS might expect 'show clock' or 'show time' to work, but Junos uses 'show system uptime' for time/date, and 'show system time' is not a valid command, leading to confusion between similar-sounding options.

How to eliminate wrong answers

Option A is wrong because 'show system time' is not a valid Junos operational command; the correct command for time and date is 'show system uptime'. Option C is wrong because 'show system inventory' displays hardware component details (e.g., serial numbers, part numbers, and version information), not the system time. Option D is wrong because 'show system processes' lists active processes and their resource usage (similar to 'ps' in Unix), not the current time and date.

90
Multi-Selectmedium

Which TWO commands can be used to save the current Junos configuration to a file on the local flash drive? (Choose two.)

Select 2 answers
A.file copy /config/juniper.conf.gz /config/backup.conf
B.request system configuration rescue save
C.copy flash:juniper.conf.gz /config/backup.conf
D.show configuration | save /config/backup.conf
E.save /config/backup.conf
AnswersD, E

This operational mode command saves the active configuration to the specified file.

Why this answer

Option D is correct because the 'show configuration | save' command pipes the current active configuration (from the candidate or active configuration) directly to a file, allowing you to save it to a specified path like /config/backup.conf on the local flash drive. This is a standard method for exporting the running configuration to a file in Junos.

Exam trap

The trap here is that candidates familiar with Cisco IOS may mistakenly choose option C ('copy flash:...') because it resembles the Cisco command for copying files, but Junos uses different syntax and filesystem references, and options D and E are the correct Junos-specific commands for saving the current configuration to a file.

← PreviousPage 2 of 2 · 90 questions total

Ready to test yourself?

Try a timed practice session using only Junos Os Fundamentals questions.