[2023年11月] 無料お試しJuniper JN0-351問題集PDFは必ずベストの問題集オプションを使おう [Q33-Q55]

[2023年11月] 無料お試しJuniper JN0-351問題集PDFは必ずベストの問題集オプションを使おう

JN0-351試験資料Juniper学習ガイド

質問 # 33
An update to your organization's network security requirements document requires management traffic to be isolated in a non-default routing-instance. You want to implement this requirement on your Junos-based devices.
Which two commands enable this behavior? (Choose two.)

A. set routing-instances mgmt_junos interface em1
B. set system management-instance
C. set routing-instances mgmtjunoa interface ge-0/0/0.0
D. set routing-instances mgmt_junos

正解：B、D

解説：
Explanation
To isolate management traffic in a non-default routing-instance on Junos-based devices, you can use the set system management-instance and set routing-instances mgmt_junos commands12.
set system management-instance: This command associates the management interface (usually named fxp0 or em0 for Junos OS, or re0:mgmt-* or re1:mgmt-* for Junos OS Evolved) with the non-default virtual routing and forwarding (VRF) instance1. After you configure the non-default management VRF instance, management traffic no longer has to share a routing table with other control traffic or protocol traffic1.
set routing-instances mgmt_junos: This command creates a new routing instance named mgmt_junos. The name of the dedicated management VRF instance is reserved and hardcoded as mgmt_junos; you cannot configure any other routing instance by the name mgmt_junos1.
Therefore, options C and D are correct. Options A and B are not correct because they attempt to assign an interface to the mgmt_junos routing instance, which is not necessary for isolating management traffic1.

質問 # 34
What is a purpose of using a spanning tree protocol?

A. to tunnel Ethernet frames
B. to route IP packets
C. to eliminate broadcast storms
D. to look up MAC addresses

正解：C

解説：
A broadcast storm is a network condition where a large number of broadcast packets are sent and received by multiple devices, causing congestion and performance degradation1. A broadcast storm can occur when there are loops in the network topology, meaning that there are multiple paths between two devices2.
A spanning tree protocol is a network protocol that prevents loops from being formed when switches or bridges are interconnected via multiple paths. It does this by creating a logical tree structure that spans all the devices in the network, and disabling or blocking the links that are not part of the tree, leaving a single active path between any two devices3.
By eliminating loops, a spanning tree protocol also eliminates broadcast storms, as broadcast packets will not be forwarded endlessly along the looped paths. Instead, broadcast packets will be sent only along the tree structure, reaching each device once and avoiding congestion3.

質問 # 35
Which two statements are true about the default VLAN on Juniper switches? (Choose two.)

A. The default VLAN ID is not assigned to any interface.
B. The default VLAN ID is not visible.
C. The default VLAN ID can be changed.
D. The default VLAN is set to a VLAN ID of 1 by default

正解：C、D

解説：
Explanation
On Juniper switches, the default VLAN is set to a VLAN ID of 1 by default12. This means that all interfaces on the switch are members of VLAN 1 until they are specifically assigned to another VLAN12. Therefore, option A is correct.
The default VLAN ID can be changed12. This allows network administrators to configure the switch to use a different VLAN as the default, if necessary12. Therefore, option D is correct.

質問 # 36
Which statement is correct about graceful Routing Engine switchover (GRES)?

A. The PFE restarts and the kernel and interface information is lost.
B. GRES has a helper mode and a restarting mode.
C. When combined with NSR, routing is preserved and the new master RE does not restart rpd.
D. With no other high availability features enabled, routing is preserved and the new master RE does not restart rpd.

正解：C

解説：
Explanation
The Graceful Routing Engine Switchover (GRES) feature in Junos OS enables a router with redundant Routing Engines to continue forwarding packets, even if one Routing Engine fails1. GRES preserves interface and kernel information, ensuring that traffic is not interrupted1. However, GRES does not preserve the control plane1.
To preserve routing during a switchover, GRES must be combined with either Graceful Restart protocol extensions or Nonstop Active Routing (NSR)1. When GRES is combined with NSR, nearly 75 percent of line rate worth of traffic per Packet Forwarding Engine remains uninterrupted during GRES1. Any updates to the primary Routing Engine are replicated to the backup Routing Engine as soon as they occur1.
Therefore, when GRES is combined with NSR, routing is preserved and the new master RE does not restart rpd1.

質問 # 37
Which statement is correct about controlling the routes installed by a RIB group?

A. An export policy is applied to the RIB group.
B. A firewall filter must be configured to install routes in the RIB groups.
C. Only routes in the last table are installed.
D. An import policy is applied to the RIB group.

正解：D

解説：
Explanation
A RIB group is a configuration that allows a routing protocol to install routes into multiple routing tables in Junos OS. A RIB group consists of an import-rib statement,which specifies the source routing table, and an export-rib statement, which specifies the destination routing table or group. A RIB group can also include an import-policy statement, which specifies one or more policies to control which routes are imported into the destination routing table or group1.
An import policy is a policy statement that defines the criteria for accepting or rejecting routes from the source routing table. An import policy can also modify the attributes of the imported routes, such as preference, metric, or community. An import policy can be applied to a RIB group by using the import-policy statement under the [edit routing-options rib-groups] hierarchy level1.
Therefore, option A is correct, because an import policy is applied to the RIB group to control which routes are installed in the destination routing table or group. Option B is incorrect, because all routes in the source routing table are imported into the destination routing table or group, unless filtered by an import policy.
Option C is incorrect, because a firewall filter is not used to install routes in the RIB groups; a firewall filter is used to filter packets based on various criteria. Option D is incorrect, because an export policy is not applied to the RIB group; an export policy is applied to a routing protocol to control which routes are advertised to other devices.
References:
1: rib-groups | Junos OS | Juniper Networks

質問 # 38
Exhibit.

Which router will become the OSPF BDR if all routers are powered on at the same time?

A. R4
B. R3
C. R1
D. R2

正解：A

解説：
Explanation
OSPF DR/BDR election is a process that occurs on multi-access data links. It is intended to select two OSPF nodes: one to be acting as the Designated Router (DR), and another to be acting as the Backup Designated Router (BDR).The DR and BDR are responsible for generating network LSAs for the multi-access network and synchronizing the LSDB with other routers on the same network1.
The DR/BDR election is based on two criteria: the OSPF priority and the router ID. The OSPF priority is a value between 0 and 255 that can be configured on each interface participating in OSPF. The default priority is
1. A priority of 0 means that the router will not participate in the election and will never become a DR or BDR. The router with the highest priority will become the DR, and the router with the second highest priority will become the BDR. If there is a tie in priority, then the router ID is used as a tie-breaker. The router ID is a
32-bit number that uniquely identifies each router in an OSPF domain.It can be manually configured or automatically derived from the highest IP address on a loopback interface or any active interface2.
In this scenario, all routers have the same priority of 1, so the router ID will determine the outcome of the election. The router IDs are shown in the exhibit as RID values. The highest RID belongs to R4 (10.10.10.4), so R4 will become the DR. The second highest RID belongs to R3 (10.10.10.3), so R3 will become the BDR.
References:
1:OSPF DR/BDR Election: Process, Configuration, and Tuning2:OSPF Designated Router (DR) and Backup Designated Router (BDR)

質問 # 39
After receiving a BGP route, which two conditions are verified by the receiving router to ensure that the received route is valid? (Choose two)

A. The loops do not exist.
B. The next hop is reachable.
C. The local preference is greater than 0.
D. The AS-path length is greater than 0.

正解：A、B

解説：
B is correct because the loops do not exist is one of the conditions that are verified by the receiving router to ensure that the received BGP route is valid. A loop in BGP means that a route has been advertised by the same AS more than once, which can cause routing instability and inefficiency1. To prevent loops, BGP uses the AS-path attribute, which lists the AS numbers that a route has traversed from the origin to the destination2. The receiving router checks the AS-path attribute of the received route and discards it if it finds its own AS number in the list2. This way, BGP avoids accepting routes that contain loops.
C is correct because the next hop is reachable is one of the conditions that are verified by the receiving router to ensure that the received BGP route is valid. The next hop is the IP address of the next router that is used to forward packets to the destination network3. The receiving router checks the next hop attribute of the received route and verifies that it has a valid route to reach it3. If the next hop is not reachable, the received route is not usable and is rejected by the receiving router3. This way, BGP ensures that only feasible routes are accepted.

質問 # 40
What is the maximum allowable MTU size for a default GRE tunnel without IPv4 traffic fragmentation?

A. 1476 bytes
B. 1480 bytes
C. 1496 bytes
D. 1500 bytes

正解：A

解説：
Explanation
The maximum allowable MTU size for a default GRE tunnel without IPv4 traffic fragmentation is 1476 bytes1. This is because GRE packets are formed by the addition of the original packets and the required GRE headers1. These headers are 24-bytes in length and since these headers are added to the original frame, depending on the original size of the packet we may run into IP MTU problems1. The most common IP MTU is 1500-bytes in length (Ethernet)1. When the tunnel is created, it deducts the 24-bytes it needs to encapsulate the passenger protocols and that is the IP MTU it will use1. For example, if we are forming a tunnel over FastEthernet (IP MTU 1500)the IOS calculates the IP MTU on the tunnel as: 1500-bytes from Ethernet -
24-bytes for the GRE encapsulation = 1476-Bytes1.

質問 # 41
You want to ensure traffic is routed through a GRE tunnel.
In this scenario, which two statements will satisfy this requirement? (Choose two.)

A. BFD must be used on the stateless tunneling protocols.
B. Tunnel endpoints must have a route that directs traffic into the tunnel.
C. Keepalives must be used on stateless tunneling protocols.
D. All intermediary devices must have a route to the tunnel endpoints.

正解：B、D

解説：
Explanation
Option A is correct. For traffic to be sent through a GRE tunnel, there must be a route that directs the traffic into the tunnel. This is typically accomplished through the use of a static route or a dynamic routing protocol.
Option B is correct. All intermediary devices must have a route to the tunnel endpoints34. In real-world scenarios, the tunnel endpoints for a tunnel going over the Internet must have globally reachable internet addresses. Otherwise, intermediate routers in the Internet cannot forward the tunneled packets.

質問 # 42
Which two mechanisms are part of building and maintaining a Layer 2 bridge table? (Choose two.)

A. learning
B. flooding
C. blocking
D. listening

正解：A、B

解説：
Option B is correct. Flooding is a mechanism used in Layer 2 bridging where the switch sends incoming packets to all its ports except for the port where the packet originated1. This is done when the switch doesn't know the destination MAC address or when the packet is a broadcast or multicast1.
Option C is correct. Learning is another mechanism used in Layer 2 bridging where the switch learns the source MAC addresses of incoming packets and associates them with the port on which they were received23. This information is stored in a MAC address table, also known as a bridge table23.
Option A is incorrect. Blocking is a state in Spanning Tree Protocol (STP) used to prevent loops in a network2. It's not a mechanism used in building and maintaining a Layer 2 bridge table2.
Option D is incorrect. Listening is also a state in Spanning Tree Protocol (STP) where the switch listens for BPDUs to make sure no loops occur in the network before transitioning to the learning state2. It's not a mechanism used in building and maintaining a Layer 2 bridge table2.

質問 # 43
Refer to the exhibit.

Referring to the output shown in the exhibit, which statement is correct?

A. The state is normal for a DRother neighbor
B. An area ID mismatch exists between the OSPF neighbors
C. An MTU mismatch exists between the OSPF neighbors.
D. The state is normal for a DR neighbor.

正解：A

解説：
Explanation
In OSPF, the state of the neighbor relationship is determined by the exchange of OSPF packets between routers1. The state "2Way" as shown in the exhibit indicates that bi-directional communication has been established between the two OSPF routers1. This is the normal state for a neighbor that is not the Designated Router (DR) or Backup Designated Router (BDR) on a broadcast, non-broadcast multi-access (NBMA), or point-to-multipoint network1. These neighbors are often referred to as "DRothers"1. Therefore, option B is correct.

質問 # 44
Which two statements about redundant trunk groups on EX Series switches are correct? (Choose two.)

A. Redundant trunk groups must be connected to the same aggregation switch.
B. If the active link fails, then the secondary link automatically takes over.
C. Layer 2 control traffic is permitted on the secondary link
D. Redundant trunk groups load-balance traffic across two designated uplink interfaces.

正解：A、B

解説：
Explanation
Redundant Trunk Groups (RTGs) on EX Series switches provide a simple solution for network recovery when a trunk port on a switch goes down1. They are configured on the access switch and contain two links: a primary or active link, and a secondary link1. Therefore, option B is correct because if the active link fails, the secondary link automatically starts forwarding data traffic without waiting for normal spanning-tree protocol convergence1.
Option D is also correct. In a typical enterprise network composed of distribution and access layers, RTGs are used where one Access switch is connected to two different uplink switches2. This implies that RTGs must be connected to the same aggregation switch2.

質問 # 45
You are configuring an IS-IS IGP network and do not see the IS-IS adjacencies established. In this scenario, what are two reasons for this problem? (Choose two.)

A. IP subnets are not a /30 address.
B. The lo0 interface is not included as an IS-IS interface.
C. MTU is not at least 1492 bytes.
D. The Level 2 routers have mismatched areas.

正解：B、C

解説：
Explanation
Option A suggests that the MTU is not at least 1492 bytes. This is correct because IS-IS requires a minimum MTU of 1492 bytes to establish adjacencies1. If the MTU is less than this, IS-IS adjacencies will not be established1.
Option D suggests that the lo0 interface is not included as an IS-IS interface. This is also correct because the loopback interface (lo0) is typically used as the router ID in IS-IS1. If the loopback interface is not included in IS-IS, it could prevent IS-IS adjacencies from being established1.
Therefore, options A and D are correct.

質問 # 46
You want to use filter-based forwarding (FBF) on your Internet peering router to load-balance traffic to two directly connected ISPs based on the source address.
Which two statements are correct in this scenario? (Choose two.)

A. FBF uses the no-forwarding routing instance type.
B. FBF uses the forwarding routing instance type.
C. RIB groups are used to copy routes from the inet. o routing table.
D. RIB groups are used to hide routes in the inet. 0 routing table.

正解：B、C

解説：
Option B is correct. Filter-based forwarding (FBF), also known as Policy Based Routing (PBR), uses the forwarding routing instance type12.
Option C is correct. Routing Information Base (RIB) groups are used to copy routes from one routing table to another34. In the context of FBF, RIB groups can be used to copy routes from the inet.0 routing table34.
Option A is incorrect. FBF does not use the no-forwarding routing instance type15.
Option D is incorrect. RIB groups are not used to hide routes in the inet.0 routing table34. They are used to share or copy routes between different routing tables34.

質問 # 47
Exhibit

You are a network operator troubleshooting BGP connectivity.
Which two statements are correct about the output shown in the exhibit? (Choose two.)

A. The routers are exchanging IPv4 routes.
B. Peer 10.32.1.2 is configured for AS 63645.
C. The R1 is configured for AS 65400.
D. The BGP session is not established.

正解：C、D

解説：
Explanation
Option B suggests that the BGP session is not established. This is correct because in the output, the state of the BGP session is shown as "Idle". In BGP, an "Idle" state means that the BGP session is not currently established1.
Option C suggests that R1 is configured for AS 65400. This is also correct because in the output, it's shown that the local AS number is 654001. The local AS number represents the Autonomous System (AS) number of the router on which you're checking the BGP session1.

質問 # 48
You have DHCP snooping enabled but no entries are automatically created in the snooping database for an interface on your EX Series switch. What are two reasons for the problem? (Choose two.)

A. MAC limiting is enabled on the interface.
B. Dynamic ARP inspection is enabled on the interface.
C. The device that is connected to the interface has a static IP address.
D. The device that is connected to the interface has performed a DHCPRELEASE.

正解：A、C

解説：
Explanation
The DHCP snooping feature in Juniper Networks' EX Series switches works by building a binding database that maps the IP address, MAC address, lease time, binding type, VLAN number, and interface information1. This database is used to filter and validate DHCP messages from untrusted sources1.
However, there are certain conditions that could prevent entries from being automatically created in the snooping database for an interface:
MAC limiting: If MAC limiting is enabled on the interface, it could potentially interfere with the operation of DHCP snooping. MAC limiting restricts the number of MAC addresses that can be learned on a physical interface to prevent MAC flooding attacks1. This could inadvertently limit the number of DHCP clients that can be learned on an interface, thus preventing new entries from being added to the DHCP snooping database.
Static IP address: If the device connected to the interface is configured with a static IP address, it will not go through the DHCP process and therefore will not have an entry in the DHCP snooping database1. The DHCP snooping feature relies on monitoring DHCP messages to build its database1, so devices with static IP addresses that do not send DHCP messages will not have their information added.
Therefore, options B and C are correct. Options A and D are not correct because performing a DHCPRELEASE would simply remove an existing entry from the database1, and Dynamic ARP inspection (DAI) uses the information stored in the DHCP snooping binding database but does not prevent entries from being created1.

質問 # 49
You are asked to connect an IP phone and a user computer using the same interface on an EX Series switch.
The traffic from the computer does not use a VLAN tag, whereas the traffic from the IP phone uses a VLAN tag.
Which feature enables the interface to receive both types of traffic?

A. MAC limiting
B. voice VLAN
C. native VLAN
D. DHCP snooping

正解：B

解説：
Explanation
The feature that enables an interface on an EX Series switch to receive both untagged traffic (from the computer) and tagged traffic (from the IP phone) is the voice VLAN12.
The voice VLAN feature in EX-series switches enables access ports to accept both data (untagged) and voice (tagged) traffic and separate that traffic into different VLANs12. This allows the switch to differentiate between voice and data traffic, ensuring that voice traffic can be treated with a higher priority12. Therefore, option D is correct.

質問 # 50
Exhibit.

The ispi _ inet. 0 route table has currently no routes in it.
What will happen when you commit the configuration shown on the exhibit?

A. The inet. 0 route table will be imported into the ispi . inet. 0 route table.
B. The ISPI . inet. 0 route table will be completely overwritten by the inet. o route table.
C. The ISPI . inet. 0 route table will be imported into the inet. 0 route table.
D. The inet. 0 route table will be completely overwritten by the ispi . inet. 0 route table.

正解：A

解説：
Explanation
The configuration shown in the exhibit is an example of a routing instance of type virtual-router. A routing instance is a collection of routing tables, interfaces, and routing protocol parameters that create a separate routing domain on a Juniper device1. A virtual-router routing instance allows administrators to divide a device into multiple independent virtual routers, each with its own routing table2.
The configuration also includes a rib-group statement, which is used to import routes from one routing table to another. A rib-group consists of an import-rib statement, which specifies the source routing table, and an export-rib statement, which specifies the destination routing table.
In this case, the rib-group name is inet-to-ispi, and the import-rib statement specifies inet.0 as the source routing table. The export-rib statement specifies ispi.inet.0 as the destination routing table. This means that the routes from inet.0 will be imported into ispi.inet.0.
Therefore, the correct answer is B. The inet.0 route table will be imported into the ispi.inet.0 route table.
References:
1: Routing Instances Overview 2: Virtual Routing Instances : [rib-group (Routing Options)]

質問 # 51
Exhibit.

What is the management IP address of the device shown in the exhibit?

A. 172.23.11.10
B. 172.23.12.100
C. 10.210.20.233
D. 128.0.0.1

正解：B

解説：
Explanation
The management IP address of a device is the IP address that is used to access the device for configuration and monitoring purposes. It is usually assigned to a dedicatedmanagement interface that is separate from the data interfaces. The management interface can be accessed via SSH, Telnet, HTTP, or other protocols.
In the exhibit, the list of interfaces and their statuses shows that the management interface isme0. This interface has an admin status ofup, a protocol status ofinet, a local address of172.23.12.100/24, and a remote address ofunspecified. This means that the me0 interface is active, has an IPv4 address assigned, and is not connected to another device.
Therefore, the management IP address of the device shown in the exhibit is172.23.12.100.
References:
[Management Interfaces Overview] : [Displaying Interface Status Information]

質問 # 52
You are concerned about spoofed MAC addresses on your LAN.
Which two Layer 2 security features should you enable to minimize this concern? (Choose two.)

A. IP source guard
B. static ARP
C. DHCP snooping
D. dynamic ARP inspection

正解：C、D

解説：
A is correct because dynamic ARP inspection (DAI) is a Layer 2 security feature that prevents ARP spoofing attacks. ARP spoofing is a technique that allows an attacker to send fake ARP messages to associate a spoofed MAC address with a legitimate IP address. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DAI validates ARP packets by checking the source MAC address and IP address against a trusted database, which is usually built by DHCP snooping1. DAI discards any ARP packets that do not match the database or have invalid formats1.
C is correct because DHCP snooping is a Layer 2 security feature that prevents DHCP spoofing attacks.
DHCP spoofing is a technique that allows an attacker to act as a rogue DHCP server and offer fake IP addresses and other network parameters to unsuspecting clients. This can result in traffic redirection, man-in-the-middle attacks, or denial-of-service attacks. DHCP snooping filters DHCP messages by classifying switch ports as trusted or untrusted. Trusted ports are allowed to send and receive any DHCP messages, while untrusted ports are allowed to send only DHCP requests and receive only valid DHCP replies from trusted ports2. DHCP snooping also builds a database of MAC addresses, IP addresses, lease times, and binding types for each client2.

質問 # 53
You have two OSPF routers forming an adjacency. R1 has a priority of 32 and a router ID of 192.168.1.2. R2 has a priority of 64 and a router ID of 192.168.1.1. The routers were started at the same time and all other OSPF settings are the default settings.
Which statement is correct in this scenario?

A. At least three routers are required for a DR/BDR election
B. Router IDs must match for an adjacency to form.
C. R1 will be the BDR.
D. R2 will be the BDR.

正解：C

解説：
Explanation
In OSPF, the Designated Router (DR) and Backup Designated Router (BDR) are elected based on the priority of the routers1. The router with the highest priority becomes the DR, and the router with the second highest priority becomes the BDR1. If there is a tie in priority, then the router with the highest Router ID is chosen1.
In this scenario, R2 has a higher priority (64) than R1 (32), so R2 will become the DR1. Since R1 has the second highest priority, it will become the BDR1. Therefore, option D is correct.

質問 # 54
Which two BGP attributes must be supported by all BGP implementations and must be included in every update? (Choose two.)

A. AS path
B. next hop
C. community
D. MED

正解：A、B

解説：
Explanation
BGP attributes are properties that BGP uses for route advertisement, path selection, and loop prevention1. There are four categories of BGP attributes123:
Well-known mandatory: Must be recognized by all BGP routers, present in all BGP updates, and passed on to other BGP routers123.
Well-known discretionary: Supported by all BGP implementations, and are optionally included in BGP updates1.
Optional transitive: May not be supported by all implementations of BGP1.
Optional non-transitive: May not be supported by all implementations of BGP1.
The well-known mandatory attributes must be supported by all BGP implementations and must be included in every update123. These include the AS path and next hop attributes23. Therefore, options A and C are correct.

質問 # 55
......

有効な問題最新版を試そうJN0-351テスト解釈JN0-351有効な試験ガイド：https://www.jpntest.com/shiken/JN0-351-mondaishu

JN0-351実際の問題解答PDFは100%カバー率でリアル試験問題：https://drive.google.com/open?id=1Egiwd3-MlF-i4nKy3HjuUqgTjlStu4To