NEW QUESTION 1
Your organization manages a Layer 3 VPN for multiple customers To support advanced route than one BGP community on advertised VPN routes to remote PE routers.
Which routing-instance configuration parameter would support this requirement?

• A. vrf-export
• B. vrf-import
• C. vrf-target export
• D. vrf-target import

Answer: C

Explanation:
The vrf-target export parameter is used to specify one or more BGP extended community attributes that are attached to VPN routes when they are exported from a VRF routing instance to remote PE routers. This parameter allows you to control which VPN routes are accepted by remote PE routers based on their import policies. You can specify more than one vrf-target export value for a VRF routing instance to support advanced route filtering or route leaking scenarios.

NEW QUESTION 2
You are a network architect for a service provider and want to offer Layer 2 services to your customers You want to use EVPN for Layer 2 services in your existing MPLS network.
Which two statements are correct in this scenario? (Choose two.)

• A. Segment routing must be configured on all PE routers.
• B. VXLAN must be configured on all PE routers.
• C. EVPN uses Type 2 routes to advertise MAC address and IP address pairs learned using ARP snooping
• D. EVPN uses Type 3 routes to join a multicast tree to flood traffic.

Answer: CD

Explanation:
EVPN is a technology that connects L2 network segments separated by an L3 network using a virtual Layer 2 network overlay over the Layer 3 network. EVPN uses BGP as its control protocol to exchange different types of routes for different purposes. Type 2 routes are used to advertise MAC address and IP address pairs learned using ARP snooping from the local CE devices. Type 3 routes are used to join a multicast tree to flood traffic such as broadcast, unknown unicast, and multicast (BUM) traffic.

NEW QUESTION 3
Exhibit

You must ensure that the VPN backbone is preferred over the back door intra-area link as long as the VPN is available. Referring to the exhibit, which action will accomplish this task?

• A. Configure an import routing policy on the CE routers that rejects OSPF routes learned on the backup intra-area link.
• B. Enable OSPF traffic-engineering.
• C. Configure the OSPF metric on the backup intra-area link that is higher than the L3VPN link.
• D. Create an OSPF sham link between the PE routers.

Answer: D

Explanation:
A sham link is a logical link between two PE routers that belong to the same OSPF area but are connected through an L3VPN. A sham link makes the PE routers appear as if they are directly connected, and prevents OSPF from preferring an intra-area back door link over the VPN backbone. To create a sham link, you need to configure the local and remote addresses of the PE routers under the [edit protocols ospf area area-id] hierarchy level1.

NEW QUESTION 4
Exhibit

Referring to the exhibit, CE-1 is providing NAT services for the hosts at Site 1 and you must provide Internet access for those hosts
Which two statements are correct in this scenario? (Choose two.)

• A. You must configure a static route in the main routing instance for the 10 1 2.0/24 prefix that uses the VPN-A.inet.0 table as the next hop
• B. You must configure a static route in the main routing instance for the 203.0.113.1/32 prefix that uses the VPN-A.inet.0 table as the next hop.
• C. You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPN-A.inet.0 table.
• D. You must configure a RIB group on PE-1 to leak the 10 1 2.0/24 prefix from the VPN- A.inet.0 table to the inet.0 table.

Answer: AB

Explanation:
To provide Internet access for the hosts at Site 1, you need to configure static routes in the main routing instance on PE-1 that point to the VPN-A.inet.0 table as the next hop. This allows PE-1 to forward traffic from the Internet to CE-1 using MPLS labels and vice versa. You need to configure two static routes: one for the 10.1.2.0/24 prefix that represents the private network of Site 1, and one for the 203.0.113.1/32 prefix that represents the public IP address of CE-1.

NEW QUESTION 5
Which statement is true regarding BGP FlowSpec?

• A. It uses a remote triggered black hole to protect a network from a denial-of-service attack.
• B. It uses dynamically created routing policies to protect a network from denial-of-service attacks
• C. It is used to protect a network from denial-of-service attacks dynamically
• D. It verifies that the source IP of the incoming packet has a resolvable route in the routing table

Answer: B

Explanation:
BGP FlowSpec is a feature that extends the Border Gateway Protocol (BGP) to enable routers to exchange traffic flow specifications, allowing for more precise control of network traffic. The BGP FlowSpec feature enables routers to advertise and receive information about specific flows in the network, such as those originating from a particular source or destined for a particular destination. Routers can then use this information to construct traffic filters that allow or deny packets of a certain type, rate limit flows, or perform other actions1. BGP FlowSpec can also help in filtering traffic and taking action against distributed denial of service (DDoS) attacks by dropping the DDoS traffic or diverting it to an analyzer2. BGP FlowSpec rules are internally converted to equivalent Cisco Common Classification Policy Language (C3PL) representing corresponding match and action parameters2. Therefore, BGP FlowSpec uses dynamically created routing policies to protect a network from denial-of-service attacks.
References: 1: https://www.networkingsignal.com/what-is-bgp-flowspec/ 2: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-flowspec-route-reflector-support.html

NEW QUESTION 6
Exhibit

The network shown in the exhibit is based on IS-IS Which statement is correct in this scenario?

• A. The NSEL byte for Area 0001 is 00.
• B. The area address is two bytes.
• C. The routers are using unnumbered interfaces
• D. The system IDofR1_2 is 192.168.16.1

Answer: A

Explanation:
IS-IS is an interior gateway protocol that uses link-state routing to exchange routing information among routers within a single autonomous system. IS-IS uses two types of addresses to identify routers and areas: system ID and area address. The system ID is a unique identifier for each router in an IS-IS domain. The system ID is 6 octets long and can be derived from the MAC address or manually configured. The area address is a variable-length identifier for each area in an IS-IS domain. The area address can be 1 to 13 octets long and is composed of high-order octets of the address. An IS-IS instance may be assigned multiple area addresses, which are considered synonymous. Multiple synonymous area addresses are useful when merging or splitting areas in the domain1. In this question, we have a network based on IS-IS with four routers (R1_1, R1_2, R2_1, and R2_2) belonging to area 0001. The area address for area 0001 is 49.0001. The NSEL byte for area 0001 is the last octet of the address, which is 01. The NSEL byte stands for Network Service Access Point Selector (NSAP Selector) and indicates the type of service requested from the network layer2. Therefore, the correct statement in this scenario is that the NSEL byte for area 0001 is 01.
References: 1: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/xe-16/irs-xe-16-book/irs-ovrvw-cf.html 2:
https://www.juniper.net/documentation/us/en/software/junos/is-is/topics/concept/is-is-routing-overview.html

NEW QUESTION 7
Exhibit

Which two statements are true about the OSPF adjacency displayed in the exhibit? (Choose two.)

• A. There is a mismatch in the hello interval parameter between routers R1 and R2
• B. There is a mismatch in the dead interval parameter between routers R1 and R2.
• C. There is a mismatch in the OSPF hold timer parameter between routers R1 and R2.
• D. There is a mismatch in the poll interval parameter between routers R1 and R2.

Answer: AB

Explanation:
The hello interval is the time interval between two consecutive hello packets sent by an OSPF router on an interface. The dead interval is the time interval after which a neighbor is declared down if no hello packets are received from it. These parameters must match between two OSPF routers for them to form an adjacency. In the exhibit, router R1 has a hello interval of 10 seconds and a dead interval of 40 seconds, while router R2 has a hello interval of 30 seconds and a dead interval of 120 seconds. This causes a mismatch and prevents them from becoming neighbors23.

NEW QUESTION 8
Exhibit

You want Site 1 to access three VLANs that are located in Site 2 and Site 3 The customer- facing interface on the PE-1 router is configured for Ethernet-VLAN encapsulation.
What is the minimum number of L2VPN routing instances to be configured to accomplish this task?

• A. 1
• B. 3
• C. 2
• D. 6

Answer: B

Explanation:
To allow Site 1 to access three VLANs that are located in Site 2 and Site 3, you need to configure three L2VPN routing instances on PE-1, one for each VLAN. Each L2VPN routing instance will have a different VLAN ID and a different VNI for VXLAN encapsulation. Each L2VPN routing instance will also have a different vrf-target export value to identify which VPN routes belong to which VLAN. This way, PE-1 can forward traffic from Site 1 to Site 2 and Site 3 based on the VLAN tags and VNIs.

NEW QUESTION 9
Exhibit

Referring to the exhibit, what do the brackets [ ] in the AS path identify?

• A. They identify the local AS number associated with the AS path if configured on the router, or if AS path prepending is configured
• B. They identify an AS set, which are groups of AS numbers in which the order does not matter
• C. They identify that the autonomous system number is incomplete and awaiting more information from the BGP protocol.
• D. They identify that a BGP confederation is being used to ensure that there are no routing loops.

Answer: B

Explanation:
The brackets [ ] in the AS path identify an AS set, which are groups of AS numbers in which the order does not matter. An AS set is used when BGP aggregates routes from different ASs into a single prefix. For example, if BGP aggregates routes 10.0.0.0/16 and 10.1.0.0/16 from AS 100 and AS 200, respectively, into a single prefix 10.0.0.0/15, then the AS path for this prefix will be [100 200]. An AS set reduces the length of the AS path and prevents routing loops.

NEW QUESTION 10
You are asked to protect your company's customers from amplification attacks. In this scenario, what is Juniper's recommended protection method?

• A. ASN prepending
• B. BGP FlowSpec
• C. destination-based Remote Triggered Black Hole
• D. unicast Reverse Path Forwarding

Answer: C

Explanation:
amplification attacks are a type of distributed denial-of-service (DDoS) attack that exploit the characteristics of certain protocols to amplify the traffic sent to a victim. For example, an attacker can send a small DNS query with a spoofed source IP address to a DNS server, which will reply with a much larger response to the victim. This way, the attacker can generate a large amount of traffic with minimal resources.
One of the methods to protect against amplification attacks is destination-based Remote Triggered Black Hole (RTBH) filtering. This technique allows a network operator to drop traffic destined to a specific IP address or prefix at the edge of the network, thus preventing it from reaching the victim and consuming bandwidth and resources. RTBH filtering can be implemented using BGP to propagate a special route with a next hop of 192.0.2.1 (a reserved address) to the edge routers. Any traffic matching this route will be discarded by the edge routers.

NEW QUESTION 11
Exhibit

R4 is directly connected to both RPs (R2 and R3) R4 is currently sending all ,o,ns upstream to R3 but you want all joins to go to R2 instead Referring to the exhibit, which configuration change will solve this issue?

• A. Change the bootstrap priority on R2 to be higher than R3
• B. Change the default route in inet.2 on R4 from R3 as the next hop to R2
• C. Change the local address on R2 to be higher than R3.
• D. Change the group-range to be more specific on R2 than R3.

Answer: A

Explanation:
PIM Bootstrap Router (BSR) is a mechanism that allows PIM routers to discover and announce rendezvous point (RP) information for multicast groups. BSR uses two roles: candidate BSR and candidate RP. Candidate BSR is the router that collects information from all available RPs in the network and advertises it throughout the network. Candidate RP is the router that wants to become the RP and registers itself with the BSR. There can be only one active BSR in the network, which is elected based on the highest priority or highest IP address if the priority is the same. The BSR priority can be configured manually or assigned automatically. The default priority is 0 and the highest priority is 2515. In this question, R4 is directly connected to both RPs (R2 and R3) and is currently sending all joins upstream to R3 but we want all joins to go to R2 instead. To achieve this, we need to change the BSR priority on R2 to be higher than R3 so that R2 becomes the active BSR and advertises its RP information to R4.
Reference: 1: https://study-ccnp.com/multicast-rendezvous-points-explained/

NEW QUESTION 12
Exhibit

Click the Exhibit button-Referring to the exhibit, which two statements are correct about BGP routes on R3 that are learned from the ISP-A neighbor? (Choose two.)

• A. By default, the next-hop value for these routes is not changed by ISP-A before being sent to R3.
• B. The BGP local-preference value that is used by ISP-A is not advertised to R3.
• C. All BGP attribute values must be removed before receiving the routes.
• D. The next-hop value for these routes is changed by ISP-A before being sent to R3.

Answer: AB

Explanation:
BGP is an exterior gateway protocol that uses path vector routing to exchange routing information among autonomous systems. BGP uses various attributes to select the best path to each destination and to propagate routing policies. Some of the common BGP attributes are AS path, next hop, local preference, MED, origin, weight, and community. BGP attributes can be classified into four categories: well-known mandatory, well-known discretionary, optional transitive, and optional nontransitive. Well-known mandatory attributes are attributes that must be present in every BGP update message and must be recognized by every BGP speaker. Well-known discretionary attributes are attributes that may or may not be present in a BGP update message but must be recognized by every BGP speaker. Optional transitive attributes are attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional transitive attribute is not recognized by a BGP speaker, it is passed along to the next BGP speaker. Optional nontransitive attributes are attributes that may or may not be present in a BGP update message and may or may not be recognized by a BGP speaker. If an optional nontransitive attribute is not recognized by a BGP speaker, it is not passed along to the next BGP speaker. In this question, we have four routers (R1, R2, R3, and R4) that are connected in a full mesh topology and running IBGP. R3 receives the 192.168.0.0/16 route from its EBGP neighbor and advertises it to R1 and R4 with different BGP attribute values. We are asked which statements are correct about the BGP routes on R3 that are learned from the ISP-A neighbor. Based on the information given, we can infer that the correct statements are:
✑ By default, the next-hop value for these routes is not changed by ISP-A before being sent to R3. This is because the default behavior of EBGP is to preserve the next-hop attribute of the routes received from another EBGP neighbor. The next- hop attribute indicates the IP address of the router that should be used as the next hop to reach the destination network.
✑ The BGP local-preference value that is used by ISP-A is not advertised to R3. This is because the local-preference attribute is a well-known discretionary attribute that is used to influence the outbound traffic from an autonomous system. The local- preference attribute is only propagated within an autonomous system and is not advertised to external neighbors.
References: : https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol- bgp/13753-25.html : https://www.cisco.com/c/en/us/support/docs/ip/border-gateway- protocol-bgp/13762-40.html : https://www.cisco.com/c/en/us/support/docs/ip/border- gateway-protocol-bgp/13759-37.html

NEW QUESTION 13
When using OSPFv3 for an IPv4 environment, which statement is correct?

• A. OSPFv3 only supports IPv4.
• B. OSPFv3 supports both IPv6 and IPv4, but not in the same routing instance.
• C. OSPFv3 is not backward compatible with IPv4
• D. OSPFv3 supports IPv4 only on interfaces with family inet6 defined

Answer: C

Explanation:
OSPFv3 is an extension of OSPFv2 that supports IPv6 routing and addressing. OSPFv3 is not backward compatible with IPv4 because it uses a different packet format and a different link-state advertisement (LSA) structure than OSPFv2. OSPFv3 also uses IPv6 link-local addresses as router IDs and neighbor addresses, instead of IPv4 addresses. To use OSPFv3 for an IPv4 environment, you need to enable the IPv4 unicast address family under [edit protocols ospf3] hierarchy level and configure IPv4 addresses on the interfaces.

NEW QUESTION 14
Exhibit

You are attempting to summarize routes from the 203.0.113.128/25 IP block on R8 to AS 64500. You implement the export policy shown in the exhibit and all routes from the routing table stop being advertised.
In this scenario, which two steps would you take to summarize the route in BGP? (Choose two.)

• A. Remove the from protocol bgp command from the export policy.
• B. Add the set protocols bgp family inet unicast add-path command to allow additional routes to the RIB table
• C. -
• D. Add the set routing-options static route 203.0.113.123/25 discard command.
• E. Replace exact in the export policy with orlonger.

Answer: CD

Explanation:
To summarize routes from the 203.0.113.128/25 IP block on R8 to AS 64500, you need to do the following:
✑ Add the set routing-options static route 203.0.113.128/25 discard command. This creates a static route for the summary prefix and discards any traffic destined to it. This is necessary because BGP can only advertise routes that are present in the routing table.
✑ Replace exact in the export policy with orlonger. This allows R8 to match and advertise any route that is equal or more specific than the summary prefix. The exact term only matches routes that are exactly equal to the summary prefix, which is not present in the routing table.

NEW QUESTION 15
Exhibit

R1 and R8 are not receiving each other's routes
Referring to the exhibit, what are three configuration commands that would solve this problem? (Choose three.)

• A. Configure loops and advertise-peer-as on routers in AS 64497 and AS 64450.
• B. Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 64498.
• C. Configure as-override on advertisement from AS 64500 toward AS 64512.
• D. Configure remove-private on advertisements from AS 64497 toward AS 64498
• E. Configure remove-private on advertisements from AS 64500 toward AS 64499

Answer: BDE

Explanation:
The problem in this scenario is that R1 and R8 are not receiving each other’s routes because of private AS numbers in the AS path. Private AS numbers are not globally unique and are not advertised to external BGP peers. To solve this problem, you need to do the following:
✑ Configure loops on routers in AS 65412 and advertise-peer-as on routers in AS 64498. This allows R5 and R6 to advertise their own AS number (65412) instead of their peer’s AS number (64498) when sending updates to R7 and R8. This prevents a loop detection issue that would cause R7 and R8 to reject the routes from R5 and R62.
✑ Configure remove-private on advertisements from AS 64497 toward AS 64498 and from AS 64500 toward AS 64499. This removes any private AS numbers from the AS path before sending updates to external BGP peers. This allows R2 and R3 to receive the routes from R1 and R4, respectively3.

NEW QUESTION 16
Exhibit

Referring to the exhibit, which statement is correct?

• A. The vrf-target configuration will allow routes to be shared between CE-1 and CE-2.
• B. The vrf-target configuration will stop routes from being shared between CE-1 and CE-2.
• C. The route-distinguisher configuration will allow overlapping routes to be shared between CE-1 and CE-2.
• D. The route-diatinguisher configuration will stop routes from being shared between CE-1 and CE-2.

Answer: C

Explanation:
The route distinguisher (RD) is a BGP attribute that is used to create unique VPN IPv4 prefixes for each VPN in an MPLS network. The RD is a 64-bit value that consists of two parts: an administrator field and an assigned number field. The administrator field can be an AS number or an IP address, and the assigned number field can be any arbitrary value chosen by the administrator. The RD is prepended to the IPv4 prefix to create a VPN IPv4 prefix that can be advertised across the MPLS network without causing any overlap or conflict with other VPNs. In this question, we have two PE routers (PE-1 and PE-2) that are connected to two CE devices (CE-1 and CE-2) respectively. PE-1 and PE-2 are configured with VRFs named Customer-A and Customer-B respectively.

NEW QUESTION 17
......