Which is true regarding the DDoS prevention feature?
The feature is off by default
The feature is on by default with aggressive policers
The feature is on by default but requires policer configuration before any alerts or policing can occur
The feature is on by default with high policer rates that in most cases exceed system control plane capacity to ensure no disruption to existing functionality
Which is true about DDoS policers and RE protection policers evoked though a filter?
The lo0 policer is disabled when DDoS is in effect
The DDoS policers run first with the lo0 policer executed last
The lo0 policer is executed before and after the DDoS policers, once at ingress and again in the RE
Combining lo0 and DDoS policers is not permitted and a commit error is retuned
A strong RE protection filter should end with which of the following?
An accept all to ensure no disruption
A reject all, to send error messages to sources of traffic that is not permitted
A discard all to silently discard traffic that is not permitted
A log action to help debug filtering of valid/permitted services
Both C and D
A filter is applied to the main instance lo0.0 and a VRF is defined without its own lo0.n ifl. Which is true?
Traffic from the instance to the local control plane is filtered by the lo0.0 filter
Traffic from the instance to remote VRF destinations is filtered by the lo0.0 filter
Traffic from the instance to the local control plane is not filtered
None of the above. VRFs require a lo0.n for their routing protocols to operate
What Junos feature facilitates simplified filter management when using address-based match criteria to permit only explicitly defined BGP peers?
Dynamic filter lists
Prefix lists and the
The ability to specify a 0/0 as a match-all in an address-based match condition
All of the above
A sr-TCM policer applied at the unit level for all Layer 2
families using the
What is the typical use case for an RE filter applied in the output direction?
To ensure your router is not generating attack traffic
To track the traffic sent from the router for billing purposes
A trick question; output filters are not supported
To alter CoS/ToS marking and queuing for locally generated control plane traffic