O'Reilly logo

Juniper MX Series by Harry Reynolds, Douglas Richard Hanks Jr.

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter Review Questions

  1. Which is true regarding the DDoS prevention feature?

    1. The feature is off by default

    2. The feature is on by default with aggressive policers

    3. The feature is on by default but requires policer configuration before any alerts or policing can occur

    4. The feature is on by default with high policer rates that in most cases exceed system control plane capacity to ensure no disruption to existing functionality

  2. Which is true about DDoS policers and RE protection policers evoked though a filter?

    1. The lo0 policer is disabled when DDoS is in effect

    2. The DDoS policers run first with the lo0 policer executed last

    3. The lo0 policer is executed before and after the DDoS policers, once at ingress and again in the RE

    4. Combining lo0 and DDoS policers is not permitted and a commit error is retuned

  3. A strong RE protection filter should end with which of the following?

    1. An accept all to ensure no disruption

    2. A reject all, to send error messages to sources of traffic that is not permitted

    3. A discard all to silently discard traffic that is not permitted

    4. A log action to help debug filtering of valid/permitted services

    5. Both C and D

  4. A filter is applied to the main instance lo0.0 and a VRF is defined without its own lo0.n ifl. Which is true?

    1. Traffic from the instance to the local control plane is filtered by the lo0.0 filter

    2. Traffic from the instance to remote VRF destinations is filtered by the lo0.0 filter

    3. Traffic from the instance to the local control plane is not filtered

    4. None of the above. VRFs require a lo0.n for their routing protocols to operate

  5. What Junos feature facilitates simplified filter management when using address-based match criteria to permit only explicitly defined BGP peers?

    1. Dynamic filter lists

    2. Prefix lists and the apply-path statement

    3. The ability to specify a 0/0 as a match-all in an address-based match condition

    4. All of the above

    5. A sr-TCM policer applied at the unit level for all Layer 2 families using the layer2-policer statement

  6. What is the typical use case for an RE filter applied in the output direction?

    1. To ensure your router is not generating attack traffic

    2. To track the traffic sent from the router for billing purposes

    3. A trick question; output filters are not supported

    4. To alter CoS/ToS marking and queuing for locally generated control plane traffic

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required