CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Juniper
  5. JN0-351

Free JN0-351 Exam Braindumps (page: 4)

Page 4 of 17
PDF with 101 Questions

You are asked to create a new firewall filter to evaluate Layer 3 traffic that is being sent between VLANs. In this scenario, which two statements are correct? (Choose two.)

  1. You should create a family Ethernet-switching firewall filter with the appropriate match criteria and actions.
  2. You should apply the firewall filter to the appropriate VLAN.
  3. You should create a family inet firewall filter with the appropriate match criteria and actions.
  4. You should apply the firewall filter to the appropriate IRB interface.

Answer(s): C,D

Explanation:

A firewall filter is a configuration that defines the rules that determine whether to forward or discard packets at specific processing points in the packet flow. A firewall filter can also modify the attributes of the packets, such as priority, marking, or logging. A firewall filter can be applied to various interfaces, protocols, or routing instances on a Juniper device1. A firewall filter has a family attribute, which specifies the type of traffic that the filter can evaluate. The family attribute can be one of the following: inet, inet6, mpls, vpls, iso, or ethernet- switching2. The family inet firewall filter is used to evaluate IPv4 traffic, which is the most common type of Layer 3 traffic on a network.
To create a family inet firewall filter, you need to specify the appropriate match criteria and actions for each term in the filter. The match criteria can include various fields in the IPv4 header, such as source address, destination address, protocol, port number, or DSCP value. The actions can include accept, discard, reject, count, log, policer, or next term3. To apply a firewall filter to Layer 3 traffic that is being sent between VLANs, you need to apply the filter to the appropriate IRB interface. An IRB interface is an integrated routing and bridging interface that provides Layer 3 functionality for a VLAN on a Juniper device. An IRB interface has an IP address that acts as the default gateway for the hosts in the VLAN. An IRB interface can also participate in routing protocols and forward packets to other VLANs or networks4. Therefore, option C is correct, because you should create a family inet firewall filter with the appropriate match criteria and actions. Option D is correct, because you should apply the firewall filter to the appropriate IRB interface.
Option A is incorrect, because you should not create a family ethernet-switching firewall filter with the appropriate match criteria and actions. A family ethernet-switching firewall filter is used to evaluate Layer 2 traffic on a Juniper device. A family ethernet-switching firewall filter can only match on MAC addresses or VLAN IDs, not on IP addresses or protocols5. Option B is incorrect, because you should not apply the firewall filter to the appropriate VLAN. A VLAN is a logical grouping of hosts that share the same broadcast domain on a Layer 2 network. A VLAN does not have an IP address or routing capability. A firewall filter cannot be applied directly to a VLAN; it must be applied to an interface that belongs to or connects to the VLAN6.


Reference:

1: Firewall Filters Overview 2: Configuring Firewall Filters 3: Configuring Firewall Filter Match Conditions and Actions 4: Understanding Integrated Routing and Bridging Interfaces 5: Configuring Ethernet-Switching Firewall Filters 6: Understanding VLANs



Exhibit



You have configured a GRE tunnel. To reduce the risk of dropping traffic, you have configured a keepalive OAM probe to monitor the state of the tunnel; however, traffic drops are still occurring.
Referring to the exhibit, what is the problem?

  1. For GRE tunnels, the OAM protocol requires that the BFD protocols also be used.
  2. The "event link-adjacency-loss" option must be set.
  3. LLDP needs to be removed from the gr-1/1/10.1 interface.
  4. The hold-time value must be two times the keepalive-time value

Answer(s): D

Explanation:

A keepalive OAM probe is a mechanism that can be used to monitor the state of a GRE tunnel and detect any failures in the tunnel path. A keepalive OAM probe consists of sending periodic packets from one end of the tunnel to the other and expecting a reply. If no reply is received within a specified time, the tunnel is considered down and the line protocol of the tunnel interface is changed to down1.
To configure a keepalive OAM probe for a GRE tunnel, you need to specify two parameters: the keepalive-time and the hold-time. The keepalive-time is the interval between each keepalive packet sent by the local router. The hold-time is the maximum time that the local router waits for a reply from the remote router before declaring the tunnel down2. According to the Juniper Networks documentation, the hold-time value must be two times the keepalive-time value for a GRE tunnel2. This is because the hold-time value must account for both the round-trip time of the keepalive packet and the processing time of the remote router. If the hold- time value is too small, it may cause false positives and unnecessary tunnel flaps. In the exhibit, the configuration shows that the keepalive-time is set to 10 seconds and the hold-time is set to 15 seconds for the gr-1/1/10.1 interface. This means that the local router will send a keepalive packet every 10 seconds and will wait for 15 seconds for a reply from the remote router. However, this hold-time value is not two times the keepalive-time value, which violates the recommended configuration. This may cause traffic drops if the remote router takes longer than 15 seconds to reply.
Therefore, option D is correct, because the hold-time value must be two times the keepalive-time value for a GRE tunnel. Option A is incorrect, because BFD is not required for GRE tunnels; BFD is another protocol that can be used to monitor tunnels, but it is not compatible with GRE keepalives3. Option B is incorrect, because the "event link-adjacency-loss" option is not related to GRE tunnels; it is an option that can be used to trigger an action when a link goes down4. Option C is incorrect, because LLDP does not need to be removed from the gr-1/1/10.1 interface; LLDP is a protocol that can be used to discover neighboring devices and their capabilities, but it does not interfere with GRE tunnels5.


Reference:

1: Configuring Keepalive Time and Hold time for a GRE Tunnel Interface 2: keepalive | Junos OS | Juniper Networks 3: Configuring Bidirectional Forwarding Detection 4: event link-adjacency-loss | Junos OS | Juniper Networks 5: Understanding Link Layer Discovery Protocol



Exhibit



You are a network operator troubleshooting BGP connectivity.

Which two statements are correct about the output shown in the exhibit? (Choose two.)

  1. Peer 10.32.1.2 is configured for AS 63645.
  2. The BGP session is not established.
  3. The R1 is configured for AS 65400.
  4. The routers are exchanging IPv4 routes.

Answer(s): B,C

Explanation:

Option B suggests that the BGP session is not established. This is correct because in the output, the state of the BGP session is shown as "Idle". In BGP, an "Idle" state means that the BGP session is not currently established1.
Option C suggests that R1 is configured for AS 65400. This is also correct because in the output, it's shown that the local AS number is 654001. The local AS number represents the Autonomous System (AS) number of the router on which you're checking the BGP session1.



What is the maximum allowable MTU size for a default GRE tunnel without IPv4 traffic fragmentation?

  1. 1496 bytes
  2. 1480 bytes
  3. 1500 bytes
  4. 1476 bytes

Answer(s): D

Explanation:

The maximum allowable MTU size for a default GRE tunnel without IPv4 traffic fragmentation is 1476 bytes1. This is because GRE packets are formed by the addition of the original packets and the required GRE headers1. These headers are 24-bytes in length and since these headers are added to the original frame, depending on the original size of the packet we may run into IP MTU problems1. The most common IP MTU is 1500-bytes in length (Ethernet)1.
When the tunnel is created, it deducts the 24-bytes it needs to encapsulate the passenger protocols and that is the IP MTU it will use1. For example, if we are forming a tunnel over FastEthernet (IP MTU 1500) the IOS calculates the IP MTU on the tunnel as: 1500-bytes from Ethernet - 24-bytes for the GRE encapsulation = 1476-Bytes1.



Page 4 of 17



Post your Comments and Discuss Juniper JN0-351 exam with other Community members:

Bilal28 commented on October 22, 2024
The dump still valid please ?
FRANCE
upvote

Folarin Ibukun commented on October 22, 2024
The dump is helpful, excellent
Anonymous
upvote

Luxmy commented on October 22, 2024
Thanks to these dumps, I spent more time celebrating than studying—totally worth it!
New Zealand
upvote

Fatoosh commented on October 22, 2024
I passed my exam with in fist sit-down and with a bit of panic... but mostly these dumps questions were all in the exam.
INDIA
upvote

Lax commented on October 22, 2024
Helpful to practice and prepare for the exam.
Anonymous
upvote

Dilsha commented on October 22, 2024
Thank you the website owner for making these exam questions available for free. It helped me clear my paper.
INDIA
upvote

Tommy commented on October 22, 2024
Passed the exam today with this dump. Very happy. Now Go Trump Go. Make this country great again.
UNITED STATES
upvote

Tubby commented on October 22, 2024
Asked by my employee to pass this exam. So I bought the full version of this exam dump to quickly prepare and pass the exam. I did not want to waste my out of office time to prepare for this.
UNITED STATES
upvote

SSSR commented on October 22, 2024
Great stuff and nicely formatted content. PDF is version is what I highly recommend as it has double the amount of questions.
UNITED KINGDOM
upvote

Nayaran commented on October 21, 2024
First and for most... this exam is extremely hard. Second this exam dump contains majority of the questions. I passed the certification exam.
UNITED STATES
upvote

Marc commented on October 21, 2024
hello would need help
UNITED STATES
upvote

Honest Consumer commented on October 21, 2024
Not a bad question bank. Very close to real exam topics and questions.
UNITED STATES
upvote

Shawna commented on October 21, 2024
I found this document a big help towards my preparation. Well worth the money.
UNITED STATES
upvote

Asma commented on October 21, 2024
Good questions
FRANCE
upvote

Jen commented on October 21, 2024
Do not overthink this guys. Just use these questions and you are good to pass.
EUROPEAN UNION
upvote

siva commented on October 21, 2024
it's goooood
INDIA
upvote

Lee commented on October 21, 2024
Finally a exam dump I can rely on. I went for the full PDF version and it turned out to be as advertised. I just passed first exam last Friday. Preping for the second one. Hopefully I can write and pass this one too because these exams are very difficult.
Hong Kong
upvote

Subash commented on October 21, 2024
I am planning to take this exam. Are these 257 questions enough to clear it? Also, does each section have a passing percentage, or is it based on the overall ?
INDIA
upvote

amrith commented on October 20, 2024
more questions on databricks as well please
Anonymous
upvote

jeff commented on October 20, 2024
This took the pressure out of preparation as I read everywhere that this exam is really hard. Wonderful resource.
UNITED STATES
upvote

CoolMo commented on October 20, 2024
A friend gave me the address to this site he said he passed his Azure exam using their exam dumps. I hope it can help me with my exam as well.
EUROPEAN UNION
upvote

Tyler commented on October 20, 2024
This is BIG help. I don't want to discount the fact that these questions are very similar to those in real exam. Way to go guys.
Canada
upvote

amrith commented on October 20, 2024
Documentation
Anonymous
upvote

Raj commented on October 20, 2024
Great article! I especially appreciated the way you broke down the questions
UNITED STATES
upvote

Jim commented on October 20, 2024
Some of the questions are tought. Need to practice more..
UNITED STATES
upvote

Jim commented on October 20, 2024
Good site for Salesforce certification
UNITED STATES
upvote

Tom commented on October 20, 2024
This is a very good resource
UNITED STATES
upvote

Marcellus Werifah commented on October 20, 2024
Verified answers
UNITED STATES
upvote

samir commented on October 20, 2024
good practice
AUSTRIA
upvote

Patric commented on October 20, 2024
The main thing about this exam dump is that the PDF is not free. And that is what I needed. So I had to pay for that but they offer 50% discount if you buy 2 or more exams.
Spain
upvote

Nathan commented on October 20, 2024
Using dumps are my last resort. And that is what I ended up using with this exam to pass. The exam is extremely difficult.
France
upvote

Marcellus Werifah commented on October 20, 2024
Who decides what is the correct in case of conflicts
UNITED STATES
upvote

Marcellus Werifah commented on October 20, 2024
Novice. Would need detailed explanation of any questions
UNITED STATES
upvote

Maya commented on October 20, 2024
It would be great if all answers are supported by reference link.
UNITED KINGDOM
upvote