Practice Exams:

Juniper  JN0-351 Exam Dumps & Practice Test Questions

Question 1:

Which of the following three protocols are compatible with Bidirectional Forwarding Detection (BFD)? (Select three.)

A. RSTP
B. BGP
C. OSPF
D. LACP
E. FTP

Correct Answer: B, C, D

Explanation:

Bidirectional Forwarding Detection (BFD) is a lightweight, high-speed protocol designed to detect failures in forwarding paths between network devices, such as routers and switches. It operates independently of any specific routing protocol, but its utility shines when integrated with protocols that are responsible for path determination and link aggregation.

BFD enhances network reliability by significantly shortening the detection time for failed links, often from seconds (as seen with traditional routing protocol timers) to milliseconds. By doing so, it ensures faster convergence and minimal service disruption during outages.

Let’s examine the listed protocols in the context of BFD support:

A. RSTP (Rapid Spanning Tree Protocol)
RSTP is a Layer 2 protocol focused on preventing loops in Ethernet topologies. It achieves this by rapidly recalculating the spanning tree when a topology change is detected. However, it doesn’t utilize or integrate with BFD. Its failure detection is based on its own timers and protocol logic. Therefore, BFD is not supported by RSTP.

B. BGP (Border Gateway Protocol)
BGP is a Layer 4 protocol used to manage routing between autonomous systems, especially across the internet. Since BGP has relatively long failure detection intervals by default, integrating BFD allows BGP sessions to detect peer failures almost instantly. This is crucial in large-scale networks where rapid reconvergence is essential to avoid service disruptions. BFD can monitor the liveness of BGP peers and trigger failovers rapidly, making BGP a supported protocol.

C. OSPF (Open Shortest Path First)
OSPF is a widely-used Interior Gateway Protocol (IGP) designed for dynamic routing within a single autonomous system. BFD works with OSPF to offer faster link failure detection than native OSPF hello/dead intervals. When BFD is enabled, OSPF relies on it to detect peer failure instead of its own timers. This leads to quicker reaction to topology changes and improved resilience. Thus, OSPF supports BFD.

D. LACP (Link Aggregation Control Protocol)
LACP is used to bundle multiple physical links into a single logical channel to increase throughput and redundancy. BFD enhances LACP by monitoring the health of individual links within the aggregation group. If a link fails, BFD rapidly detects the issue and triggers failover within the group, maintaining consistent traffic flow. Therefore, LACP is another protocol that supports BFD.

E. FTP (File Transfer Protocol)
FTP is an application-layer protocol used for transferring files. It has no role in routing, link aggregation, or path monitoring. Since BFD operates at lower layers (typically Layer 2 or Layer 3), it does not interact with application protocols like FTP. Hence, FTP does not support BFD.

The three protocols that integrate with and benefit from BFD’s rapid failure detection are BGP, OSPF, and LACP. These protocols leverage BFD to improve convergence time and maintain high network availability. In contrast, protocols like RSTP and FTP do not support or interact with BFD due to differences in protocol purpose and operational layers.

Question 2:

What accurately describes the behavior of the Graceful Routing Engine Switchover (GRES) feature?

A. During a switchover, the Packet Forwarding Engine (PFE) restarts and all kernel and interface data is lost.
B. GRES operates using a helper mode and a starting mode.
C. When paired with Non-Stop Routing (NSR), GRES ensures routing remains active, and the new master Routing Engine does not restart the rpd process.
D. Even without other HA features enabled, GRES preserves routing and prevents the restart of the Routing Protocol Daemon.

Correct Answer: C

Explanation:

Graceful Routing Engine Switchover (GRES) is a high availability feature designed to enhance network resilience by allowing the backup Routing Engine (RE) in a router to take over seamlessly when the primary RE fails. It is a feature particularly relevant to Juniper devices and is crucial in reducing service interruptions during routing engine transitions due to faults, reboots, or maintenance.

GRES works by synchronizing certain critical state data—such as kernel routing tables, interface status, and process states—between the master and backup REs. However, for full routing continuity during a switchover, GRES must be combined with another key feature: Non-Stop Routing (NSR).

Now, let’s break down each answer choice:

A. The Packet Forwarding Engine (PFE) restarts, and kernel and interface information is lost.
This statement is incorrect. The primary purpose of GRES is to ensure that the PFE does not restart. The PFE continues to forward traffic based on the last known forwarding state, and kernel/interface information is preserved during the switchover. This allows for uninterrupted packet forwarding while the new RE takes over.

B. GRES has a helper mode and a starting mode.
This is an inaccurate description of how GRES functions. GRES uses a master/backup model for the Routing Engines, not "helper" or "starting" modes. These terms are not used in Juniper’s documentation regarding GRES and may create confusion. The correct operational model is based on having one RE actively managing the control plane, while the other passively waits to take over.

C. When combined with Non-Stop Routing (NSR), routing is preserved, and the new master Routing Engine does not restart the Routing Protocol Daemon (rpd).
This is the correct and most complete statement. NSR works alongside GRES to synchronize routing protocol states (like OSPF, BGP, etc.) between the master and backup REs. When a switchover occurs, the backup RE becomes the master without restarting the Routing Protocol Daemon (rpd), which is responsible for maintaining routing sessions. As a result, routing continues seamlessly, and protocol adjacencies are preserved.

D. With no other high availability features enabled, routing is preserved, and the new master RE does not restart the Routing Protocol Daemon (rpd).
This is false. GRES alone does not preserve the routing protocol state. Without NSR, the rpd process is restarted on the new master RE, causing routing sessions to reset and possibly leading to service interruptions. GRES ensures the RE switchover happens cleanly, but only NSR prevents rpd from restarting.

GRES ensures that the backup Routing Engine can take over control plane responsibilities without disrupting packet forwarding. However, to maintain uninterrupted routing protocol sessions, it must be combined with NSR. This powerful duo allows the rpd process to stay active and synchronized across REs, ensuring complete control and data plane continuity during an RE failover. Therefore, the only accurate description is Option C.

Question 3:

What is the correct method for determining which routes are placed into a Routing Information Base (RIB) group?

A. An import policy is applied to the RIB group.
B. Only routes in the last routing table are installed.
C. A firewall filter must be used to install routes in RIB groups.
D. An export policy is applied to the RIB group.

Correct Answer: A

Explanation:

In modern routing platforms such as those running Junos OS, the Routing Information Base (RIB) is responsible for maintaining the collection of best routes learned via various routing protocols. Juniper devices allow the use of RIB groups to enable flexible management of routing information across multiple routing tables. A RIB group can be configured so that routes from one protocol can be replicated or selectively installed into more than one routing table. This is especially useful in scenarios like route leaking between logical systems or between virtual routers.

To control which routes are actually placed into a RIB group, import policies are utilized. These policies are evaluated at the point where routes are being introduced into the RIB. An import policy allows administrators to define conditions under which a route may be accepted, modified, or rejected. These conditions may include prefix length, next-hop type, route source, or attributes like AS path or MED. This gives fine-grained control over what gets installed in each RIB in the group.

Option A is therefore correct. Import policies are essential tools in RIB group configuration, acting as filters and modifiers for routes entering the RIB.

Option B is incorrect because RIB groups do not operate on a “last-table-only” principle. You can configure routes to be installed in multiple tables within the group, and there is no restriction that only the final table receives the route.

Option C is incorrect as well. Firewall filters are used primarily for controlling traffic, not for route installation. While filters might be used in policing or forwarding decisions, they have no role in determining how routes are placed into RIB groups.

Option D is also incorrect. Export policies determine what routes are sent out to other devices or protocols—not what is installed in the RIB. Though useful in route advertisement and redistribution, export policies have no bearing on internal route installation.

In conclusion, if your goal is to control what gets placed into a RIB group, the tool you must use is an import policy. It provides the necessary flexibility and precision for route management, ensuring that only desired routes are placed into one or more routing tables in a RIB group setup.

Question 4:

You are using OSPF to share routes for the Dallas and Denver offices, but the routers connected to those subnets are not advertising them. Which two actions should you take to resolve the issue? (Choose two.)

A. Configure static routes on the switches using the local vMX router’s loopback interface as the next hop.
B. Apply a routing policy to redistribute the Dallas and Denver subnets using Type 5 LSAs.
C. Create and apply a routing policy to redistribute the connected Dallas and Denver subnets.
D. Set the OSPF interfaces for the Dallas and Denver subnets as passive.

Correct Answers: C, D

Explanation:

In an OSPF (Open Shortest Path First) environment, it is not uncommon to encounter a scenario where directly connected subnets are not being advertised. This can be due to missing configurations or assumptions about default behavior that do not hold under certain circumstances.

Option C is one of the correct answers. If a router is not advertising its connected interfaces into the OSPF domain, it often means those interfaces are not included in the OSPF process, or that a routing policy is blocking them. In Junos OS and similar platforms, connected routes are not automatically advertised unless explicitly allowed. This can be done through a routing policy that redistributes connected routes into OSPF. Such a policy ensures that subnets, like those for Dallas and Denver, are treated as OSPF internal routes and are propagated to other routers in the OSPF area.

Option D is also correct. Enabling the passive interface option in OSPF tells the router not to form neighbor relationships on a given interface while still advertising the subnet into OSPF. This is useful when you want to advertise a network without forming adjacencies (e.g., point-to-host interfaces or LANs without other OSPF speakers). It also ensures that the interface’s connected subnet is included in OSPF advertisements. This helps resolve the issue of routes not being shared even though they are directly connected.

Option A is not correct in this context. Static routes are generally used for manually specifying paths to specific destinations but do not assist in OSPF route advertisement. They might provide routing functionality, but they don't solve the core issue of ensuring that subnets are propagated through OSPF.

Option B is incorrect because Type 5 LSAs are used for external routes, typically when redistributing from other protocols (like BGP or static) into OSPF. Dallas and Denver subnets are directly connected and should be shared via Type 1 (router) or Type 3 (summary) LSAs. Therefore, using Type 5 LSAs is inappropriate and unnecessary in this case.

Ultimately, the issue here is that OSPF is not handling the connected interfaces correctly. By redistributing connected routes (Option C) and enabling passive interfaces (Option D), the routers will successfully advertise their respective subnets into the OSPF domain.

Question 5:

You need to confirm which prefix information is being received from the IP address 10.36.1.4. Based on the provided BGP output, which two statements are accurate? (Choose two.)

A. The displayed routes have passed through one or more autonomous systems.
B. The output reflects routes received before any BGP import policies were applied.
C. The output includes active routes that were rejected by import policies.
D. The routes were learned from an internal BGP (IBGP) peer.

Correct Answers: A, B

Explanation:

When analyzing BGP routing behavior and its associated output, it’s crucial to understand how prefixes are received, filtered, and installed. The question focuses on interpreting the routing data from the IP address 10.36.1.4, and determining what the data reveals about BGP route processing.

Option A is correct because it indicates that the routes shown have traversed one or more autonomous systems (ASes). In BGP, each time a route crosses an AS boundary, the AS number is appended to the AS path. If the BGP output shows an AS path with more than one AS number, it's a clear sign that the routes have traveled through multiple ASes. This is typically seen with routes learned via external BGP (eBGP), and not internal BGP (iBGP), since eBGP is used for inter-domain routing.

Option B is also correct. BGP output often shows prefixes as received, before any local import policy has been applied. This “pre-policy” view helps network engineers evaluate which routes are being advertised by a peer without being influenced by local filtering or modification. It allows for raw inspection of incoming prefixes, making it easier to debug policy issues. Once an import policy is applied, it may reject, alter, or tag the routes before they are used.

Option C is incorrect because if a route is active, it has already passed all import policies and has been installed in the BGP table. Routes that are rejected due to policy filtering are not installed and will not be marked as active. They would typically be visible only in a pre-policy view or with additional debug commands.

Option D is incorrect due to a lack of evidence. There’s no clear indication in the question or exhibit (not shown here) that the routes are learned from an iBGP peer. Identification of iBGP routes typically involves checking the AS path (which should be empty for iBGP) or specific markers in the output. Without this, it's speculative to assume the peer is internal.

In summary, the correct interpretation of the BGP output confirms that the routes have traversed multiple autonomous systems and were received prior to any local import policies being applied. Understanding this distinction is vital for troubleshooting and validating routing behavior in complex BGP environments.

Question 6:

What is the default interval, in seconds, for sending BGP keepalive messages between peers?

A. 10 seconds
B. 60 seconds
C. 30 seconds
D. 90 seconds

Correct Answer: C

Explanation:

The Border Gateway Protocol (BGP) is one of the core routing protocols of the internet, primarily used to exchange routing information between different autonomous systems (ASes). For BGP sessions to remain operational and reliable, certain timers are used to monitor peer connectivity. Among these, the keepalive timer plays a fundamental role.

By default, the keepalive interval in BGP is set to 30 seconds. This means a router sends a keepalive message to its BGP peer every 30 seconds, assuming no other BGP update messages have been transmitted during that interval. These messages are essential for confirming that the BGP session is still active and that the peer is reachable.

The purpose of this mechanism is to prevent unnecessary session teardowns due to inactivity. Even when there are no route updates to share, the keepalive ensures both peers are still operational and maintaining the TCP session. If a peer does not receive a keepalive message within the expected timeframe, it begins to suspect the connection has been lost.

This leads to another important timer — the hold timer. The default hold time is typically 180 seconds. It represents the maximum time a router will wait without hearing from its BGP peer (via either keepalive or update messages) before declaring the session dead. When this occurs, BGP will remove the peer from the routing table and initiate failover if backup paths exist.

Additionally, there’s a connect retry timer, which controls how frequently a router retries a failed BGP session establishment. However, this is unrelated to the regular operation of an established session.

It’s also worth noting that these timers can be customized based on network needs. For instance, in environments requiring faster convergence, administrators might lower the keepalive interval. However, reducing it excessively can increase CPU usage and the number of packets transmitted, especially in large-scale BGP deployments.

To summarize, the default BGP keepalive timer is 30 seconds, which helps maintain session integrity without overwhelming the network. This balanced default is suitable for most scenarios, ensuring BGP peers maintain consistent communication while allowing ample time for recovery in case of transient issues.

Question 7:

Which two statements about network tunnels are accurate? (Choose two.)

A. BFD (Bidirectional Forwarding Detection) cannot be applied to tunnels.
B. A valid route to the tunnel's remote endpoint is required at both ends.
C. IP-IP tunnels operate as stateful connections.
D. Tunneling increases the total size of transmitted packets.

Correct Answers: B, D

Explanation:

Tunnels in networking are used to encapsulate packets, enabling them to travel securely or privately over intermediate networks. They are especially useful for virtual private networks (VPNs), site-to-site communication, or bypassing routing limitations. Understanding tunnel functionality is essential for effective network configuration and maintenance.

Option A, which states that BFD cannot be used with tunnels, is incorrect. BFD, or Bidirectional Forwarding Detection, is a protocol designed to detect failures in the forwarding path between two endpoints in a short time frame. It is widely used to monitor tunnels, just as it is for physical links. For example, when a tunnel fails or becomes unreachable, BFD can trigger failover or rerouting procedures, making it highly relevant in tunnel monitoring.

Option B, stating that tunnel endpoints need valid routes to each other, is correct. For a tunnel to be established and operational, the two endpoints must be reachable through the underlying physical or logical network. This means that standard IP routing—via static routes or dynamic protocols—must be configured so that each endpoint can forward packets to the other’s tunnel IP address. Without such connectivity, the encapsulated traffic cannot be transported, and the tunnel will fail.

Option C, which claims that IP-IP tunnels are stateful, is incorrect. IP-IP tunnels are stateless, meaning they do not maintain information about active sessions. Each packet entering the tunnel is encapsulated and forwarded independently of previous or future packets. This simplifies tunnel management and makes it scalable, though it also means the tunnel itself does not enforce session persistence or reliability.

Option D, indicating that tunnels add overhead, is correct. When a packet is encapsulated inside another packet—such as adding an IP header for tunneling—additional bytes are appended. This increases the total packet size and may reduce the effective Maximum Transmission Unit (MTU), potentially leading to fragmentation if not managed carefully. For instance, GRE adds 24 bytes of overhead, while IP-IP adds 20 bytes.

In summary, tunnels require valid routing between endpoints and introduce packet overhead due to encapsulation. BFD can monitor tunnels, and IP-IP tunnels are inherently stateless.

Question 8:

Which statement accurately describes a feature of IP-IP tunnels?

A. IP-IP tunnels only support encapsulation of IP-based traffic.
B. IP-IP tunnels are used to encapsulate only non-IP traffic.
C. The inner packet’s TTL value is decreased while traversing the tunnel.
D. IP-IP encapsulation introduces 24 bytes of additional packet overhead.

Correct Answer: A

Explanation:

IP-IP tunneling is a simple encapsulation mechanism that allows an IP packet to be wrapped within another IP packet. This technique is commonly used to connect separate IP networks over an intermediate network that might not support direct IP routing between them. By creating a virtual point-to-point connection between two endpoints, IP-IP tunneling can facilitate seamless communication across disparate routing domains.

Option A is the correct choice. IP-IP tunnels are exclusively designed to carry IP traffic—specifically, they encapsulate one IP packet inside another. This makes them ideal for transporting IP packets across non-IP-aware or differently routed intermediate networks. Their use is especially common in IPv6 transition strategies, where IPv6 packets are encapsulated in IPv4 headers to traverse legacy networks.

Option B, which suggests that IP-IP tunnels encapsulate non-IP traffic, is incorrect. Non-IP traffic, such as Ethernet frames or MPLS labels, requires more flexible tunneling protocols like GRE or L2TP. IP-IP tunnels are limited to handling IP payloads.

Option C is also inaccurate. The TTL (Time to Live) value of the inner IP packet remains unchanged during tunnel transit. Instead, the outer IP packet’s TTL is decremented as it passes through routers in the intermediate network. This helps preserve the original packet’s hop count integrity once it is decapsulated at the destination tunnel endpoint. Routers between the tunnel endpoints do not process the inner IP header at all.

Option D, which claims that IP-IP encapsulation adds 24 bytes of overhead, is wrong. The actual overhead introduced by basic IP-IP encapsulation is 20 bytes, corresponding to a standard IPv4 header. This outer header is added to the original IP packet, increasing the overall size. If additional options or headers are included, the overhead could increase, but the default is 20 bytes.

To summarize, IP-IP tunnels are a lightweight encapsulation method specifically for IP traffic. They preserve the inner packet’s TTL, add 20 bytes of overhead, and are ideal for routing IP packets across intermediate networks that may not natively support the source or destination address ranges.

Question 9:

Which statement accurately describes the function of the OSPF designated router (DR) in a broadcast multi-access network?

A. The DR is responsible for generating Type 1 LSAs for all routers in the area
B. The DR establishes adjacencies with all routers and distributes LSAs to reduce LSA flooding
C. The DR performs loop prevention by summarizing routes across areas
D. The DR is selected based on the lowest router ID

Correct Answer: B

Explanation:

In a broadcast multi-access network, such as Ethernet, OSPF (Open Shortest Path First) elects a Designated Router (DR) and a Backup Designated Router (BDR) to optimize the routing update process. Without this mechanism, every OSPF router on the segment would form an adjacency with every other router, creating a full mesh of neighbor relationships. This results in significant overhead due to redundant LSAs (Link-State Advertisements) and can degrade performance.

The DR plays a central role by becoming the focal point for LSA distribution. All routers on the segment form adjacencies with the DR and send their LSAs to it. The DR then redistributes these LSAs to all other routers, thus reducing the number of LSAs and minimizing traffic. The BDR serves as a standby in case the DR fails.

Let’s break down the answer choices:

  • A is incorrect because each router originates its own Type 1 LSA; the DR does not originate these for other routers.

  • B is correct because the DR establishes full adjacencies with each router on the segment, thereby centralizing and optimizing LSA dissemination.

  • C is incorrect because route summarization and loop prevention are done at ABRs (Area Border Routers), not DRs.

  • D is incorrect because the router with the highest OSPF priority is elected DR. If priorities are equal, the router with the highest router ID is selected, not the lowest.

In summary, the DR’s purpose is to enhance OSPF’s scalability and efficiency on broadcast networks by minimizing unnecessary LSA exchanges.

Question 10:

Which two Junos OS configuration elements are necessary to enable an interface to participate in a VLAN-based Layer 2 bridging domain?

A. Configure the interface under a bridge domain and assign a VLAN ID
B. Apply a security policy to the interface
C. Associate the interface with a routing instance of type virtual-switch
D. Assign the interface an IP address in the same subnet as the bridge domain

Correct Answer: A and C

Explanation:

To enable an interface in Junos OS to participate in a Layer 2 bridging environment, especially in a VLAN-based bridging domain, you need to understand how Juniper implements Ethernet switching through bridge domains and virtual-switch routing instances.

First, a routing instance of type virtual-switch must be created. This routing instance handles Layer 2 switching functions independently of the default Layer 3 instance. It acts like a software switch where interfaces can be added to bridge different VLANs.

Then, within the virtual-switch routing instance, you define a bridge domain. The bridge domain is essentially a VLAN broadcast domain, where all member interfaces are allowed to communicate at Layer 2.

The two required steps to make this work are:

  • Assign the interface to a bridge domain and specify a VLAN ID. This tells Junos OS that the interface is part of a specific VLAN and should forward Ethernet frames based on MAC addresses.

  • Ensure the interface is associated with a virtual-switch routing instance, as this is the necessary environment for switching to occur.

Let’s analyze the answer choices:

  • A is correct: You must explicitly configure the interface inside a bridge domain and assign a VLAN ID.

  • B is incorrect: Security policies are used in Junos for SRX firewalls, not for enabling VLAN participation.

  • C is correct: Layer 2 interfaces for switching must reside within a virtual-switch routing instance.

  • D is incorrect: Interfaces in Layer 2 mode should not have IP addresses unless they're used for routed VLAN interfaces (RVI), which is a different concept.

Together, A and C form the foundational configuration needed for VLAN bridging in Junos OS.


How to open VCE Files

Use VCE Exam Simulator to open VCE files

Avanset VCE Simulator
Sign Up Learn More Full Version

Top Juniper Certifications

JNCIA-Junos Exams JNCIP-SP Exams

Top Juniper Certification Exams

Site Search:

 

VISA, MasterCard, AmericanExpress, UnionPay

SPECIAL OFFER: GET 10% OFF

ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address

SPECIAL OFFER: GET 10% OFF

Use Discount Code:

MIN10OFF

A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.

Next

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.