What are two valid actions that can be applied to a frame by a Layer 2 firewall filter?

What are two valid actions that can be applied to a frame by a Layer 2 firewall filter?
(Choose two)

What are two valid actions that can be applied to a frame by a Layer 2 firewall filter?
(Choose two)

A.
Log

B.
loss-priority

C.
sample

D.
count

Explanation:
The correct answers are B, D.
Reference:
You can specify the following filter actions:
* accept
* count counter-name
* discard
* dscp code-point (family inet only)
* forwarding-class class-name
* ipsec-sa ipsec-sa (family inet only)
* load-balance group-name (family inet only)
* log (family inet and inet6 only)
* logical-system logical-system-name (family inet and inet6 only)
* loss-priority (high | medium-high | medium-low | low)
* next term
* next-hop-group group-name (family inet only)
* policer policer-name
* port-mirror (family bridge, ccc, inet, inet6, and vpls only)
* prefix-action action-name (family inet only)
* reject <message-type> (family inet and inet6 only)
* routing-instance routing-instance-name (family inet and inet6 only)
* sample (family inet, inet6, and mpls only)
* service-accounting (service filters and family inet or inet6 only)
* service-filter-hit (service filters and family inet or inet6 only)
* syslog (family inet and inet6 only)
* three-color-policer policer-name
* topology topology-name (family inet and inet6 only)
* traffic-class code-point (family inet6) only



Leave a Reply 3

Your email address will not be published. Required fields are marked *


2-Mar

2-Mar

[Update]

New JN0-360 Exam Questions and Answers Updated Recently (15/Mar/2017):

NEW QUESTION 341
Which OSPF LSA type describes the router IDs of ASBR routers located in remote areas?

A. Type 4
B. Type 2
C. Type 3
D. Type 1

Answer: A
Explanation:
OSPF LSA types:
LSA Type 1: Router LSA
LSA Type 2: Network LSA
LSA Type 3: Summary LSA
LSA Type 4: Summary ASBR LSA
LSA Type 5: Autonomous system external LSA
LSA Type 6: Multicast OSPF LSA
LSA Type 7: Not-so-stubby area LSA
LSA Type 8: External attribute LSA for BGP

NEW QUESTION 342
Referring to the exhibit, which two statements are correct? (Choose two.)
[edit]
user@host# show protocols ospf
area 0.0.0.0
{
interface ge-3/0/0.0
{
interface-type p2p;
}
}

A. Type 2 LSAs are not created for this link.
B. Type 2 LSAs are created for this link.
C. Designated router election does not occur on this link.
D. Designated router election occurs on this link.

Answer: AC
Explanation:
A: Type 2 – Network LSA – the designated router (DR) on a broadcast segment (e.g. Ethernet) lists which routers are joined together by the segment. Type 2 LSAs are flooded across their own area only. The link- state ID of the type 2 LSA is the IP interface address of the DR.
C: Designated router (DR) and BDR election is done via the Hello protocol. Hello packets are exchanged via IP multicast packets (Appendix B) on each segment. Multicast packets are not sent on p2p links.

NEW QUESTION 343
What are three well-known mandatory BGP attributes? (Choose three.)

A. origin
B. MED
C. AS path
D. next hop
E. local preference

Answer: ACD
Explanation:
ORIGIN is a well known mandatory attribute that indicates the origin of the prefix, or rather, the way in which the prefix was injected into BGP. The AS_PATH is a well-known mandatory attribute. The BGP NEXT_HOP is a well-known mandatory attribute.

NEW QUESTION 344
Your customer requests that you provide a transparent Layer 2 service between two of their remote locations. This service must allow the customer to pass tagged traffic from multiple VLANs. You decide to use Q-in-Q tunneling on the two provider edge MX Series routers that connect to the customer’s CE devices. Which two statements are true? (Choose two.)

A. As traffic enters the Q-in-Q tunnel on the core-facing interface on the ingress PE device, a push operation is performed.
B. As traffic passes through intermediary P routers in the Q-in-Q tunnel, a push operation is performed.
C. As traffic passes through intermediary P routers in the Q-in-Q tunnel, a swap operation is performed.
D. As traffic enters the Q-in-Q tunnel on the core-facing interface on the ingress PE device, a swap operation is performed.

Answer: AC
Explanation:
Q-in-Q tunneling adds a service VLAN tag before the customer’s 802.1Q VLAN tags. The Juniper Networks Junos operating system implementation of Q-in-Q tunneling supports the IEEE 802.1ad standard. In Q-in-Q tunneling, as a packet travels from a customer VLAN (C-VLAN) to a service provider’s or data center VLAN (S-VLAN), another 802.1Q tag for the appropriate S-VLAN is added before the C-VLAN tag. The C-VLAN tag remains and is transmitted through the network. As the packet leaves the S-VLAN in the downstream direction, the S-VLAN 802.1Q tag is removed. With the push option, a packet retains its tag and an additional VLAN tag is added. With the swap option, the incoming tag is replaced with an S-VLAN tag. (This is VLAN translation.)

NEW QUESTION 345
In an RSVP-based MPLS network, which ERO type specifies the exact order of routers through which an LSP must travel, without consulting the IGP?

A. loose hop
B. static hop
C. next hop
D. strict hop

Answer: D
Explanation:
When a strict hop is configured, it identifies an exact path through which the LSP must be routed. Strict-hop EROs (Explicit Route Objects) specify the exact order of the routers through which the RSVP messages are sent.
Incorrect Answers:
A: When a loose hop is configured, it identifies one or more transit LSRs through which the LSP must be routed. The network IGP determines the exact route from the inbound router to the first loose hop, or from one loose hop to the next. The loose hop specifies only that a particular LSR be included in the LSP.

NEW QUESTION 346
You are adding IPv6 to an existing IPv4 network running OSPF. Your plan is to use OSPFv3 to route both IPv4 and IPv6 prefixes. Which configuration will enable OSPFv3 to advertise prefixes for both IPv4 and IPv6?

A. user@host# show protocols ospf3
realm ipv4-unicast {
area 0.0.0.0 {
interface ge-0/0/0.0;
}
}
area 0.0.0.0 {
interface ge-0/0/0.0;
}
B. user@host# show protocols ospf3
export ipv4;
area 0.0.0.0 {
interface ge-0/0/0.0;
}
C. user@host# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/0.0;
}
user@host# show protocols ospf3
area 0.0.0.0 {
interface ge-0/0/0.0;
}
D. user@host# show protocols ospf3
rib-group inet.0;
area 0.0.0.0 {
interface ge-0/0/0.0;
}

Answer: A
Explanation:
By default, OSPFv3 supports unicast IPv6 routes, but you can configure OSPFv3 to support multiple address families. To support an address family other than unicast IPv6, you configure a realm that allows OSPFv3 to advertise IPv4 unicast, IPv4 multicast, or IPv6 multicast routes. Example of a configuration which support both Ipv4 and Ipv6 prefixes:
user@host# show protocols ospf3
realm ipv4-unicast {
area 0.0.0.0 {
interface fe-0/1/0.0;
}
}
area 0.0.0.0 {
interface fe-0/1/0.0;
}

NEW QUESTION 347
How many bytes does IP-IP tunneling add to an IP packet?

A. 20
B. 24
C. 16
D. 28

Answer: A
Explanation:
Tunneling increases overhead, because it needs an extra set of IP headers. Typically this is 20 bytes per packet, so if the normal packet size (MTU) on a network is 1500 bytes, a packet that is sent through a tunnel can only be 1480 bytes big.

NEW QUESTION 348
An IS-IS router on a broadcast medium has detected its LSDB is missing an LS PDU. Which action will the router take?

A. The router will send a CSNP to the router that sent it a PSNP with missing PDUs.
B. The router will send a link-state request packet to its closest Level 1/Level2 router.
C. The router will send a PSNP to the router that sent it a CSNP with missing PDUs.
D. The router will send a link-state request packet to its DIS router.

Answer: C
Explanation:
A Partial SNP (PSNP) is similar to CSNP except that it describes only some LSPs rather than the entire database. On a P2P network, PSNP is used to acknowledge received LSPs. On a LAN network, PSNP is used to request missing or latest LSPs.
Incorrect Answers:
A: IS-IS Sequence Number PDU (SNP). SNPs are used to maintain IS-IS LSDB by describing some or all of the LSPs in the database. The DIS periodically multicast Complete SNP (CSNP) to describe all the LSPs in the Pseudonode database.

NEW QUESTION 349
An IS-IS TLV includes which two attributes? (Choose two.)

A. topology
B. vector
C. length
D. value

Answer: CD
Explanation:
Within data communication protocols, optional information may be encoded as a type-length-value or TLV element inside a protocol. TLV is also known as tag-length-value. The type and length are fixed in size (typically 1-4 bytes), and the value field is of variable size. These fields are used as follows:
Type: A binary code, often simply alphanumeric, which indicates the kind of field that this part of the message represents;
Length: The size of the value field (typically in bytes);
Value: Variable-sized series of bytes which contains data for this part of the message.

NEW QUESTION 350
Which two statements are true regarding the output shown in the exhibit? (Choose two.)
[edit interfaces ge-1/0/0]
user@host# show
vlan-tagging;
native-vlan-id 55;
unit 0
{
family bridge
{
interface-mode trunk;
vlan-id-list [ 55 56 ];
}
}

A. The ge-1/0/0 interface will transmit any outgoing frames associated with VLAN 55 as untagged frames.
B. The ge-1/0/0 interface will associate any untagged frames that are received with VLAN 56.
C. The ge-1/0/0 interface will associate any untagged frames that are received with VLAN 55.
D. The ge-1/0/0 interface will transmit any outgoing frames associated with VLAN 56 as untagged frames.

Answer: BD
Explanation:
* You can configure the router to receive and forward single-tag frames, dual-tag frames, or a mixture of single-tag and dual-tag frames. To configure the router to receive and forward single-tag frames with 802.1Q VLAN tags, include the vlan- tagging statement at the [edit interfaces interface-name] hierarchy level:
[edit interfaces interface-name]
vlan-tagging;
* You can configure mixed tagging support for untagged packets on a port. Untagged packets are accepted on the same mixed VLAN-tagged port. To accept untagged packets, include the native-vlan-id statement and the flexible-vlan-tagging statement at the [edit interfaces interface-name] hierarchy level:
[edit interfaces ge-fpc/pic/port]
flexible-vlan-tagging;
native-vlan-id number;

NEW QUESTION 351
Which two LSA types would an ABR generate and send into a totally stubby area? (Choose two.)

A. Type 2 LSA
B. Type 4 LSA
C. Type 5 LSA
D. Type 3 LSA

Answer: AD
Explanation:
A stub area that only allows routes internal to the area and restricts Type 3 LSAs from entering the stub area is often called a totally stubby area. Totally stubby areas can only contain type 1 and 2 LSAs, and a single type 3 LSA.

NEW QUESTION 352
Which statement about Rapid Spanning Tree Protocol (RSTP) is correct?

A. If a device configured for RSTP receives STP BPDUs, it sends STP BPDUs.
B. If a device configured for RSTP receives STP BPDUs, it forwards them as STP BPDUs.
C. If a device configured for RSTP receives STP BPDUs, it continues to send RSTP BPDUs.
D. If a device configured for RSTP receives STP BPDUs, it sends RSTP and STP BPDUs.

Answer: B
Explanation:
Enhancements enable RSTP to achieve sub-second forwarding and network convergence. RSTP is backward-compatible with legacy STP. If legacy STP BPDU is detected on a link, then an RSTP-capable bridge will revert to legacy STP on that given port.

NEW QUESTION 353
Which statement is true about VSTP?

A. Adding VLANs to VSTP consumes more CPU resources.
B. It supports 4093 spanning-tree topologies.
C. It is compatible with PVST+, but not with PVST.
D. Different VLANs must use different spanning-tree topologies.

Answer: A
Explanation:
If you use VLANs, we recommend that you enable MSTP unless your network requires the device compatibility provided by VSTP. Switches configured to run VSTP automatically assign each VLAN to one spanning-tree instance that runs RSTP. While this approach is useful to optimize network usage in small networks with a limited number of VLANs, a VSTP configuration in a network with several hundred VLANs can overload switch CPUs.

NEW QUESTION 354
……

P.S. These New JN0-360 Exam Questions Were Just Updated From The Real JN0-360 Exam, You Can Get The Newest JN0-360 Dumps In PDF And VCE From — http://www.passleader.com/jn0-360.html (372q VCE and PDF)

Good Luck!

MESA

MESA

Passed the JNCIS-SP JN0-360 test at the beginning of Sep/2017 luckily!!!

There were 70 MCQs in my actual test, some new Qs appeared, which are available here — these FREE JN0-360 dumps.

Questions are mainly on MPLS/BGP/OSPF/IS-IS, Layer 2 Bridging and VLANs, IPv6 and so on.

And, I recommend you to learn the NEWEST & VALID PassLeader JN0-360 dumps here:

http://www.juniperbraindumps.com/?s=JN0-360

(IT IS THE NEWEST VERSION — 372 Q&As!!!)

Good Luck!!!