Exam4Training

Juniper JN0-480 Data Center, Specialist (JNCIS-DC) Online Training

Question #1

When an agent installation is successful, devices are placed into which state using the Juniper Apstra Ul?

  • A . IS-MAINT
  • B . OOS-READY
  • C . OOS-QUARANTINED
  • D . IS-ACTIVE

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

When an agent installation is successful, devices are placed into the Out of Service Quarantined (OOS-QUARANTINED) state using the Juniper Apstra UI. This state means that the device is not yet managed by Apstra and has not been assigned to any blueprint. The device configuration at this point is called Pristine Config. To make the device ready for use in a blueprint, you need toacknowledge the device, which changes its state to Out of Service Ready (OOS-READY)12.

References:

– Managing Devices

– AOS Device Configuration Lifecycle

Question #2

Exhibit.

You are working to build an ESI-LAG for a multihomed server. The ESI-LAG is not coming up as multihomed.

Referring to the exhibit, what are two solutions to this problem? (Choose two.)

  • A . The gateway IP addresses on both devices must be different.
  • B . The LACP system ID on both devices must be the same.
  • C . The loopback IP addresses on both devices must be the same.
  • D . The ESI ID on both devices must be the same.

Reveal Solution Hide Solution

Correct Answer: B D
B D

Explanation:

According to the Juniper documentation1, an ESI-LAG is a link aggregation group (LAG) that spans two or more devices and is identified by an Ethernet segment identifier (ESI). An ESI-LAG provides redundancy and load balancing for a multihomed server in an EVPN-VXLAN network.

To configure an ESI-LAG, you need to ensure that the following requirements are met:

– The LACP system ID on both devices must be the same. This ensures that the LACP protocol can negotiate the LAG parameters and form a single logical interface for the server.

– The ESI ID on both devices must be the same. This ensures that the EVPN control plane can advertise the ESI-LAG as a single Ethernet segment and synchronize the MAC and IP addresses of the server across the devices.

– The VLAN ID and VNI on both devices must be the same. This ensures that the server can communicate with other hosts in the same virtual network and that the VXLAN encapsulation and decapsulation can work properly.

In the exhibit, the LACP system ID and the ESI ID on both devices are different, which prevents the ESI-LAG from coming up as multihomed. Therefore, the correct answer is B and D. The LACP system ID on both devices must be the same and the ESI ID on both devices must be the same.

References: ESI-LAG Made Easier with EZ-LAG, Example: Configuring an ESI on a Logical Interface With EVPN-MPLS Multihoming, Introduction to EVPN LAG Multihoming

Question #3

Which statement is correct about the Juniper Apstra Rendered configuration?

  • A . It is built at commit time and stored in a MySQL database.
  • B . It is stored in a NoSQL database and incrementally updated.
  • C . It is dynamically tendered at commit time.
  • D . It is rendered from the graph database and stored locally.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The Juniper Apstra Rendered configuration is the configuration that is generated from the staged blueprint and applied to the devices in the network. The Rendered configuration is dynamically rendered at commit time, which means that it is created on the fly based on the latest changes and validations in the blueprint. The Rendered configuration is not stored in any database, but it can be viewed in the Apstra UI or downloaded as a file. The Rendered configuration reflects the desired state of the network as defined by the intent of the blueprint.

The other options are incorrect because:

– A. It is built at commit time and stored in a MySQL database is wrong because the Rendered configuration is not stored in any database, let alone a MySQLdatabase. Apstra uses a graph database to store the network topology and configuration data, not a relational database like MySQL.

– B. It is stored in a NoSQL database and incrementally updated is wrong because the Rendered configuration is not stored in any database, let alone a NoSQL database. Apstra uses a graph database to store the network topology and configuration data, not a non-relational database like NoSQL. The Rendered configuration is not incrementally updated, but dynamically rendered at commit time.

– D. It is rendered from the graph database and stored locally is wrong because the Rendered configuration is not rendered from the graph database, but from the staged blueprint. The graph database stores the network topology and configuration data, but the Rendered configuration is generated from the blueprint, which is a logical representation of the network design and intent. The Rendered configuration is not stored locally, but it can be downloaded as a file if needed.

References:

– Config Rendering in Juniper Apstra

– AOS Device Configuration Lifecycle

– Configlets (Datacenter Design)

Question #4

Which three statements describe intent-based analytics? (Choose three.)

  • A . It indicates when device operating versions require updating.
  • B . It is a real-time information processing pipeline.
  • C . It is used to establish network performance baselines.
  • D . It alerts the network operator when network performance moves away from the baseline.
  • E . It collects information from vendor websites.

Reveal Solution Hide Solution

Correct Answer: B C D
B C D

Explanation:

Intent-based analytics (IBA) is a feature of Juniper Apstra that allows you to combine intent from the network design with current and historic data from devices to reason about the network at-large1.

IBA has the following characteristics:

– It is a real-time information processing pipeline. This means that IBA can ingest, process, and analyze

large amounts of data from devices in real time, using agents and probes. Agents are software components that collect data from devices and send them to the Apstra server. Probes are user-defined queries that aggregate data across devices and generate advanced data that can be more easily reasoned about1.

– It is used to establish network performance baselines. This means that IBA can use the advanced data to measure and monitor the network performance against the expected outcomes and service levels. IBA can also use the historic data to create baselines that represent the normal behavior and state of the network2.

– It alerts the network operator when network performance moves away from the baseline. This means that IBA can detect and report any anomalies or deviations from the baseline or the intent in the network. IBA can also provide insights and recommendations for troubleshooting and resolving the issues2.

The following two statements are incorrect in this scenario:

– It indicates when device operating versions require updating. This is not true, because IBA does not provide any information or guidance about the device operating versions or updates. IBA is focused on the network performance and compliance, not on the device maintenance or upgrade1.

– It collects information from vendor websites. This is not true, because IBA does not collect any information from vendor websites or external sources. IBA only collects information from the devices in the network, using agents and probes1.

References:

– Intent-Based Analytics ― Apstra 3.3.0 documentation

– What is Intent Based Networking? | Juniper Networks US

Question #5

Exhibit.

Referring to the exhibit, how many tack types ate used in the staged blueprint?

  • A . six
  • B . three
  • C . seven
  • D . two

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Referring to the exhibit, the image shows the Racks table under the Staged menu in the Juniper Apstra UI. The Racks table displays the details of the racks that are used in the blueprint, such as the name, rack type, and date. The rack type is a resource that defines the type and number of leaf devices, access switches, and/or generic systems that are used in rack builds1. The image shows seven racks in the table, but only two rack types: BorderLeaf and ServerRack. Therefore, the statement D is correct in this scenario.

The following three statements are incorrect in this scenario:

– A. six. This is not true, because there are not six rack types in the table, but only two. The number six corresponds to the number of racks that have the same rack type: ServerRack.

– B. three. This is not true, because there are not three rack types in the table, but only two. The number

three does not correspond to any relevant information in the table or the image.

– C. seven. This is not true, because there are not seven rack types in the table, but only two. The number seven corresponds to the total number of racks in the table, not the rack types.

References:

– Rack Types (Datacenter Design)

– Racks (Staged)

Question #6

Which two statements about VXLAN VNIs are correct? (Choose two.)

  • A . VNIs can have over 16 million unique values.
  • B . VNIs identify a collision domain.
  • C . VNIs identify a broadcast domain
  • D . VNIs are alphanumeric values.

Reveal Solution Hide Solution

Correct Answer: A C
A C

Explanation:

VXLAN VNIs are virtual network identifiers that are used to identify and isolate Layer 2 segments in the overlay network.

VXLAN VNIs have the following characteristics:

– VNIs can have over 16 million unique values. This is because VXLAN VNIs are 24-bit fields that can range from 4096 to 16777214, according to the VXLAN standard1. This allows VXLAN to support a large number of Layer 2 segments and tenants in the network.

– VNIs identify a broadcast domain. This is because VXLAN VNIs are used to group the end hosts that belong to the same Layer 2 segment and can communicate with each other using VXLAN tunnels. The VXLAN tunnels are established using the VTEP information that is distributed by EVPN. The VTEPs are VXLAN tunnel endpoints that perform the VXLAN encapsulation and decapsulation. The VXLAN tunnels preserve the Layer 2 semantics and support the broadcast, unknown unicast, and multicast traffic within the same VNI2.

The following two statements are incorrect in this scenario:

– VNIs identify a collision domain. This is not true, because VXLAN VNIs do not identify a collision domain, which is a network segment where data packets can collide with each other. VXLAN VNIs identify a broadcast domain, which is a network segment where broadcast traffic can reach all the devices. Collision domains are not relevant in VXLAN networks, because VXLAN uses MAC-in-UDP encapsulation and IP routing to transport the Layer 2 frames over the Layer 3 network1.

– VNIs are alphanumeric values. This is not true, because VXLAN VNIs are numeric values, not

alphanumeric values. VXLAN VNIs are 24-bit fields that can range from 4096 to 16777214, according to the VXLAN standard1. Alphanumeric values are values that contain both letters and numbers, such as ABC123 or 1A2B3C.

References:

– Virtual Extensible LAN (VXLAN) Overview

– EVPN LAGs in EVPN-VXLAN Reference Architectures

Question #7

Exhibit.

Referring to the exhibit, how do you display the IPv6 subnets lot all of the listed VXLANs?

  • A . IPv6 subnets ate shown when each VXLAN is selected individually.
  • B . Select Columns, then select IPv6 Subnet.
  • C . Select all VXLANs. and the IPv6 Subnets column will appear
  • D . An IPv6 Subnets column is not shown, indicating that no VXLAN has an assigned IPv6 subnet

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Referring to the exhibit, the image shows a user interface of the Juniper Apstra software application, which is used for network management and configuration. The image shows the Virtual Networks table under the Resources menu, which displays the details of the VLANs and VXLANs in the network. The table has 11 columns, but only 9 are visible in the image. The other two columns are IPv6 Connectivity and IPv6 Subnet, which are hidden by default. To display the IPv6 subnets for all of the listed VXLANs, the user needs to select Columns, then select IPv6 Subnet. This will show the IPv6 Subnet column in the table, which will display the IPv6 addresses assigned to the VXLANs from the IPv6 pools. For more information, see Virtual Networks (Resources).

References:

– Virtual Networks (Resources)

– IPv6 Pools (Resources)

– Apstra User Guide

Question #8

InJuniper Apstra. which three modes are available fordevices? (Choose three.)

  • A . Deploy
  • B . Active
  • C . Stopped
  • D . Drain
  • E . Ready

Reveal Solution Hide Solution

Correct Answer: A D E
A D E

Explanation:

Juniper Apstra supports three deploy modes for devices: Deploy, Drain, and Ready. These modes determine the configuration and state of the devices in the data center fabric12.

Deploy: This mode applies the full Apstra-rendered configuration to the device, according to the Apstra Reference Design. The device state becomes IS-ACTIVE and the device is ready to carry traffic in the fabric12.

– Drain: This mode adds a “drain” configuration to the device, which prevents any new traffic from entering the device. The device state becomes IS-READY and the device is prepared for maintenance or decommissioning12.

– Ready: This mode removes the Apstra-rendered configuration from the device, leaving only the basic configuration such as device hostname, interface descriptions, and port speed/breakout. The device state becomes IS-READY and the device is not part of the fabric12.

References:

– Device Configuration Lifecycle

– Set Deploy Mode (Datacenter)

Question #9

When editing a device configuration to install some manual changes, which procedure should be followed?

  • A . Edit the configuration on the device directly by the CLI; the changes will automatically be adjusted in the Juniper Apstra configuration
  • B . Edit the pristine configuration of the device.
  • C . Add a persistent change to a device configuration with a configlet.
  • D . Delete the device from the Juniper Apstra system, change the configuration, then re-import the device.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

A configlet is a small piece of configuration that can be applied to a device or a group of devices to make persistent changes that are not overwritten by Apstra. Configlets can be used to install manual changes that are not part of the Apstra rendered configuration, such as custom commands, scripts, or features. Configlets can be created, edited, and deleted from the Apstra GUI or CLI12.

References:

– Configlets Overview

– Configlets User Guide

Question #10

You are receiving cable, interface, and BGP anomalies from several devices within the data center fabric.

In Juniper Apstra. how would you troubleshoot these types of errors?

  • A . In the Ul, go to Time Voyager and revert to the last working version.
  • B . In the Ul, access the console to the devices and review the interface states.
  • C . In the Ul, go to Devices and confirm that agent connectivity is fine.
  • D . In the Ul, verify device connectivity by consulting the cable map.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The cable map is a graphical representation of the physical connections between the devices in the data center fabric. It shows the status of the cables, interfaces, and BGP sessions for each device. You can use the cable map to identify and troubleshoot any cable, interface, or BGP anomalies that may occur in the fabric. You can also filter the cable map by device name, device type, device role, device state, cable state, interface state, or BGP state12.

References:

– Cable Map Overview

– Cable Map User Guide

Question #11

Juniper Apstra has indicated an anomaly with respect to cabling.

What are two ways to remediate the issue? (Choose two.)

  • A . Manually edit the cabling map.
  • B . Redeploy the errant device.
  • C . Set the invalid ports to a disabled state.
  • D . Have Apstra autoremediate the cabling map using LLDP.

Reveal Solution Hide Solution

Correct Answer: CD
CD

Explanation:

A cabling anomaly is an issue that occurs when the physical connections between the devices in the data center fabric do not match the expected connections based on the Apstra Reference Design. A cabling anomaly can cause problems such as incorrect routing, suboptimal traffic flow, or device isolation.

To remediate the issue, you can use one or both of the following methods:

– Manually edit the cabling map. This allows you to override the Apstra-generated cabling and specify the correct connections between the devices. You can use the Apstra UI or the Apstra CLI to edit the cabling map and apply the changes to the fabric12.

– Have Apstra autoremediate the cabling map using LLDP. This allows Apstra to collect LLDP data

from the devices and use it to update the cabling map automatically. LLDP is a protocol that allows

devices to exchange information about their identity, capabilities, and neighbors. Apstra can use the

LLDP data to detect and correct any cabling errors in the fabric34.

References:

– Edit Cabling Map (Datacenter)

– Import / Export Cabling Map (Datacenter)

– LLDP Overview

– Anomalies (Service)

Question #12

Exhibit.

Which two statements about ESI values are correct for the server connections to the fabric shown in the exhibit? (Choose two.)

  • A . A valid ESI value for Server A is 0x00.00.00.00.00.00.00.00.00.00.
  • B . A valid ESI value for Server B is 0x00.20.20.20.20.20.20.20.20.20.
  • C . A valid ESI value for Server A is 0x00.10.10.10.10.10.10.10.10.10.
  • D . A valid ESI value for Server B is 0x00.00.00.00.00.00.00.00.00.00.

Reveal Solution Hide Solution

Correct Answer: C D
C D

Explanation:

To answer this question, we need to understand the concept of ESI values in EVPN LAGs. An ESI is a 10-byte value that identifies an Ethernet segment, which is a set of links that connect a multihomed device (such as a server) to one or more PE devices (such as leaf switches) in an EVPN network. The same ESI value must be configured on all the PE devices that connect to the same Ethernet segment. This allows the PE devices to form an EVPN LAG, which supports active-active or active-standby multihoming for the device. The ESI value can be manually configured (type 0) or automatically derived from LACP (type 1) or other methods. In the exhibit, Server A is connected to two leaf switches (QFX 5210) using a LAG with LACP enabled. Server B is connected to three leaf switches (QFX 5120) using a LAG with LACP enabled.

Based on this information, the following statements are correct about ESI values for the server connections to the fabric:

– C. A valid ESI value for Server A is 0x00.10.10.10.10.10.10.10.10.10. This is true because this ESI value can be automatically derived from the LACP configuration on the QFX 5210 devices. The LACP system ID is usually based on the MAC address of the device, and the LACP administrative key is a 2-byte value that identifies the LAG. For example, if the MAC address of the QFX 5210 device is 00:10:10:10:10:10 and the LAG ID is 10, then the LACP system ID is 00:10:10:10:10:10 and the LACP administrative key is 00:0A. The ESI value is then derived by concatenating the LACP system ID and the LACP administrative key, resulting in 00:10:10:10:10:10:00:0A. This ESI value can be represented in hexadecimal notation as 0x00.10.10.10.10.10.00.0A, or padded with zeros as 0x00.10.10.10.10.10.00.0A.00.00. This ESI value must be configured on both QFX 5210 devices that connect to Server A.

– D. A valid ESI value for Server B is 0x00.00.00.00.00.00.00.00.00.00. This is true because this ESI value is a reserved value that indicates a single-homed device. Server B is connected to three leaf switches (QFX 5120) using a LAG, but it is not multihomed to any of them. This means that Server B does not need an ESI value to form an EVPN LAG with any of the leaf switches. Instead, Server B can use the reserved ESI value of 0x00.00.00.00.00.00.00.00.00.00, which indicates that it is a single-homed device and does not participate in any EVPN LAG. This ESI value must be configured on all three QFX 5120 devices that connect to Server B. Thefollowing statements are incorrect about ESI values for the server connections to the fabric:

– A. A valid ESI value for Server A is 0x00.00.00.00.00.00.00.00.00.00. This is false because this ESI value is a reserved value that indicates a single-homed device. Server A is connected to two leaf switches (QFX 5210) using a LAG with LACP enabled, which means that it is multihomed to both of them. This means that Server A needs an ESI value to form an EVPN LAG with the leaf switches. The ESI value must be unique and non-zero for each Ethernet segment, so the reserved ESI value of 0x00.00.00.00.00.00.00.00.00.00 is not valid for Server A.

– B. A valid ESI value for Server B is 0x00.20.20.20.20.20.20.20.20.20. This is false because this ESI value is not derived from the LACP configuration on the QFX 5120 devices. Server B is connected to three leaf switches (QFX 5120) using a LAG with LACP enabled, but it is not multihomed to any of them. This means that Server B does not need an ESI value to form an EVPN LAG with any of the leaf switches. Instead, Server B can use the reserved ESI value of 0x00.00.00.00.00.00.00.00.00.00, which indicates that it is a single-homed device and does not participate in any EVPN LAG. The ESI value of 0x00.20.20.20.20.20.20.20.20.20 is not valid for Server B, and it may cause conflicts with other Ethernet segments that use the same ESI value.

References:

– Ethernet Segment Identifiers, ESI Types, and LACP in EVPN LAGs

– Understanding Automatically Generated ESIs in EVPN Networks

– Ethernet Segment in EVPN: All You Need to Know

Question #13

What is the purpose of using a routing zone inside Juniper Apstra software?

  • A . A routing zone is used to enable L4-L7 inspection inside the fabric.
  • B . A routing zone is defined to secure the routing protocols.
  • C . A routing zone defined at the Apstra manager level requires firewalls to be deployed.
  • D . A routing zone is used to enable the communication between two VNIs within a VRF.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

According to the Juniper documentation1, a routing zone is an L3 domain, the unit of tenancy in multi-tenant networks. You create routing zones for tenants to isolate their IP traffic from one another, thus enabling tenants to re-use IP subnets. In addition to being in its own VRF, each routing zone can be assigned its own DHCP relay server and external system connections. You can create one or more virtual networks within a routing zone, which means a tenant can stretch its L2 applications across multiple racks within its routing zone. For virtual networks with Layer 3 SVI, the SVI is associated with a Virtual Routing and Forwarding (VRF) instance for each routing zone isolating the virtual network SVI from other virtual network SVIs in other routing zones. Therefore, the correct answer is D. A routing zone is used to enable the communication between two VNIs within a VRF. A routing zone is not used for L4-L7 inspection, securing routing protocols, or requiring firewalls. Those are not the purposes of a routing zone in Juniper Apstra software.

References: Routing Zones

Question #14

Which two statements are correct about Time Voyager? {Choose two.)

  • A . Time Voyager retains all of the blueprint revisions from the last Juniper Apstra backup.
  • B . Time Voyager retains the five most recent blueprint commits.
  • C . Time Voyager retains the last ten blueprint commits.
  • D . Time Voyager retains up to twenty-five saved revisions.

Reveal Solution Hide Solution

Correct Answer: B D
B D

Explanation:

Time Voyager is a feature of Juniper Apstra that allows you to restore previous revisions of a blueprint, which is a logical representation of your network design and configuration. Time Voyager automatically saves the five most recent blueprint commits, which are the changes that you apply to the network. You can also manually save up to twenty-five revisions by keeping them, which prevents them from being overwritten by new commits. Therefore, the correct answer is B and D. Time Voyager retains the five most recent blueprint commits and Time Voyager retains up to twenty-five saved revisions.

References: Time Voyager | Apstra 4.1 | Juniper Networks, Time Voyager Introduction | Apstra 4.2 | Juniper Networks, Juniper Apstra at a Glance | Flyer

Question #15

You are adding a new switch to Juniper Apstra software. The Managed Devices page shows the "0 OS-Quarantined" status.

What is the proper next step to make the device ready for use in a blueprint?

  • A . Acknowledge the device.
  • B . Take the device out of maintenance mode.
  • C . Install the agent for the device.
  • D . Take the device out of drain state.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

When a new switch is added to Juniper Apstra software, it initially shows the “0 OS-Quarantined” status, which means that the device is not yet managed by Apstra and has not been assigned to any blueprint. The proper next step to make the device ready for use in a blueprint is to acknowledge the device, which is a manual action that confirms the device identity and ownership. Acknowledging the device changes its status to “OOS-Ready”, which means that the device is ready to be assigned to a blueprint and deployed12.

References:

– Managing Devices

– AOS Device Configuration Lifecycle

Question #16

What does EVPN use lo identity which remote leaf device advertised the EVPN route?

  • A . a route distinguisher value
  • B . a community tag
  • C . a route target value
  • D . a VRF target value

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

EVPN uses a route distinguisher (RD) value to identify which remote leaf device advertised the EVPN route. An RD is a 64-bit value that is prepended to the EVPN NLRI to create a unique VPNv4 or VPNv6 prefix. The RD value is usually derived from the IP address of the PE that originates the EVPN route. By comparing the RD values of different EVPN routes, a PE can determine which remote PE advertised the route and which VRF the route belongs to.

The other options are incorrect because:

– B. a community tag is wrong because a community tag is an optional transitive BGP attribute that can be used to group destinations that share some common properties. A community tag does not identify the source of the EVPN route.

– C. a route target value is wrong because a route target (RT) value is an extended BGP community that is used to control the import and export of EVPN routes between VRFs. An RT value does not identify the source of the EVPN route.

– D. a VRF target value is wrong because there is no such thing as a VRF target value in EVPN. A VRF is a virtual routing and forwarding instance that isolates the IP traffic of different VPNs on a PE. A VRF does not have a target value associated with it.

References:

– EVPN Fundamentals

– RFC 9136 – IP Prefix Advertisement in Ethernet VPN (EVPN)

– EVPN Type-5 Routes: IP Prefix Advertisement

– Understanding EVPN Pure Type 5 Routes

Question #17

You are installing a Juniper Apstra server in your data center. You have multiple users that will be expected to configure, manage, and carry out operational tasks in your data center. You have decided to implement remote user authentication for the role-based access control of your Apstra server.

In this scenario, which three methods are supported? (Choose three.)

  • A . TACACS+
  • B . LDAP
  • C . RADIUS
  • D . SAML
  • E . Auth0

Reveal Solution Hide Solution

Correct Answer: A B C
A B C

Explanation:

To implement remote user authentication for the role-based access control of your Apstra server, you can use one of the following methods: TACACS+, LDAP, or RADIUS. These are the protocols that Juniper Apstra supports to authenticate and authorize users based on roles assigned to individual users within an enterprise. You can configure the Apstra server to use one or more of these protocols as the authentication sources and specify the order of preference. You can also configure the Apstra server to use local user accounts as a fallback option if the remote authentication fails. The other options are incorrect because:

– D. SAML is wrong because SAML (Security Assertion Markup Language) is not a supported protocol for remote user authentication for the role-based access control of your Apstra server. SAML is an XML-based standard for exchanging authentication and authorization data between different parties, such as identity providers and service providers. SAML is commonly used for web-based single sign-on (SSO) scenarios, but it is not compatible with the Apstra server.

– E. Auth0 is wrong because Auth0 is not a protocol, but a service that provides authentication and authorization solutions for web and mobile applications. Auth0 is a platform that supports various protocols and standards, such as OAuth, OpenID Connect, SAML, and JWT. Auth0 is not a supported

service for remote user authentication for the role-based access control of your Apstra server.

References:

– User Authentication Overview

– [Juniper Apstra] Authentication and Authorization Debugging1

– Authenticate User (API)

– Configure Apstra Server

Question #18

You want to make a widget appear on the main dashboard in Juniper Apstra. In this scenario, which statement is correct?

  • A . When creating the widget, select the Add to Blueprint Dashboard option.
  • B . On the blueprint dashboard, click on the Add Widget option.
  • C . Widgets automatically appear on the blueprint dashboard.
  • D . Set the Default toggle switch to On for the desired widget.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

In Juniper Apstra, a widget is a graphical element that displays data from an intent-based analytics (IBA) probe. A widget can be used to monitor different aspects of the network and raise alerts to any anomalies. A widget can be viewed by itself or added to an analytics dashboard. A dashboard is a collection of widgets that can be customized and organized according to the user’s preference1.

The main dashboard in Juniper Apstra is the blueprint dashboard, which is the default view that shows the network information and configuration for the active blueprint. A blueprint is a logical representation of the network design and intent. The blueprint dashboard can display the system-generated dashboards, the user-generated dashboards, and the individual widgets that are relevant to the network2.

To make a widget appear on the main dashboard in Juniper Apstra, the user needs to set the Default toggle switch to On for the desired widget. This will add the widget to the blueprint dashboard, where it can be viewed along with other network information. The user can also remove the widget from the blueprint dashboard by setting the Default toggle switch to Off for the widget3. Therefore, the statement D is correct in this scenario.

The following three statements are incorrect in this scenario:

– When creating the widget, select the Add to Blueprint Dashboard option. This is not true, because there is no such option when creating a widget in Juniper Apstra. The user can only select the widget type, the probe, and the display mode when creating a widget4. To add the widget to the blueprint dashboard, the user needs to set the Default toggle switch to On for the widget after creating it3.

– On the blueprint dashboard, click on the Add Widget option. This is not true, because there is no such option on the blueprint dashboard in Juniper Apstra. The user can only view, edit, or delete the existing widgets and dashboards on the blueprint dashboard2. To add a widget to the blueprint dashboard, the user needs to set the Default toggle switch to On for the widget from the widgets table view3.

– Widgets automatically appear on the blueprint dashboard. This is not true, because widgets do not automatically appear on the blueprint dashboard in Juniper Apstra. The user needs to manually add the widgets to the blueprint dashboard by setting the Default toggle switch to On for the widgets that they want to see on the blueprint dashboard3. The only exception is the widgets that are part of the system-generated dashboards, which are automatically created and added to the blueprint dashboard based on the state of the active blueprint2.

References:

– Widgets Overview

– Blueprint Summaries and Dashboard

– Widgets Introduction

– Create Widget

Question #19

In the Juniper Apstra Ul. which two resource types would be created in the Resources menu? (Choose two.)

  • A . bridge domain identifier (BDI)
  • B . DHCP pools
  • C . ASN pools
  • D . IP pools

Reveal Solution Hide Solution

Correct Answer: C D
C D

Explanation:

According to the Juniper documentation1, the Resources menu in the Juniper Apstra UI allows you to create and manage various types of resources that are assigned to different elements of the network.

Resources include the following types:

– IPv4 (including Host IPv4)

– IPv6 (including Host IPv6)

– ASN (autonomous system number)

– VNI (virtual network identifier)

– VLAN (virtual local area network)

– Integer (used for pool type VLAN in local pools in Freeform blueprints)

Therefore, the correct answer is C and D. ASN pools and IP pools are two types of resources that can be created in the Resources menu. Bridge domain identifier (BDI) and DHCP pools are not applicable in this scenario, because they are not part of the resources types supported by Juniper Apstra.

References: Resources Introduction | Apstra 4.1 | Juniper Networks

Question #20

You have recently committed a change after creating a new blueprint in Juniper Apstra. In the main dashboard, you see a number of anomalies related to BGR.

What is a likely cause of these anomalies?

  • A . You have misconfigured ASNs.
  • B . The fabric has not converged yet.
  • C . Spine-leaf links are incorrectly set.
  • D . A generic system has not been configured.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

In Juniper Apstra, a blueprint is a logical representation of the network design and configuration. When you create a new blueprint, you need to commit the changes to apply them to the network devices. However, committing the changes does not mean that the network is immediately updated and operational. It may take some time for the network to converge and reflect the new state of the blueprint. During this time, you may see some anomalies related to BGP in the main dashboard, which indicate that the BGP sessions are not established or stable between the devices. These anomalies are usually temporary and will disappear once the network converges and the BGP sessions are up and running. Therefore, the statement B is the most likely cause of these anomalies in this scenario.

The following three statements are less likely causes of these anomalies in this scenario:

– You have misconfigured ASNs. This is possible, but not very likely, because Juniper Apstra provides ASN pools that can be automatically assigned to the devices based on their roles. You can also manually specify the ASNs for the devices, but you need to ensure that they are unique and consistent with the network design. If you have misconfigured ASNs, you may see some anomalies related to BGP, but they will not disappear after the network converges. You will need to fix the ASNs and commit the changes again to resolve the anomalies.

– Spine-leaf links are incorrectly set. This is possible, but not very likely, because Juniper Apstra provides connectivity templates that can be used to define the spine-leaf links based on the interface maps. You can also manually specify the spine-leaf links, but you need to ensure that they are correct and match the physical cabling. If you have incorrectly set the spine-leaf links, you may see some anomalies related to BGP, but they will not disappear after the network converges. You will need to fix the spine-leaf links and commit the changes again to resolve the anomalies.


A generic system has not been configured. This is not relevant, because a generic system is a device that is not managed by Juniper Apstra, but is connected to the network. A generic system does not affect the BGP sessions between the devices that are managed by Juniper Apstra. If you have a generic system in your network, you need to configure it manually and ensure that it is compatible with the network design. A generic system does not cause any anomalies related to BGP in the main dashboard.

References:

– Blueprint Summaries and Dashboard

– BGP Session Flapping Probe

– Probe: BGP Session Monitoring


Exit mobile version