PrepAway - Latest Free Exam Questions & Answers

Category: JN0-643 (v.4)

Exam JN0-643: Juniper Networks Certified Internet Professional (JNCIP-ENT) (November 5th, 2014)

Which three statements are correct?

Leave a comment

Your company recently implemented Layer 2 authentication and access control to secure users
accessing the corporate network. You implemented 802.1X, MAC RADIUS, and a captive portal to
support a variety of hosts on the network. Senior management is concerned that valid users might
be authenticated incorrectly on the network and they ask you questions about how these different
access technologies are used simultaneously.
Which three statements are correct? (Choose three.)

which three commands will allow access?

Leave a comment

— Exhibit –

— Exhibit —
Click the Exhibit button.
A contractor needs to connect a laptop to your company network, but your company has no
wireless access and each office has only a single network port for an employee laptop. You have
an IP phone with a data port available and you have access to the switch connected to it. You can
also add the contractor’s MAC address to the RADIUS server database.
Referring to the exhibit, which three commands will allow access? (Choose three.)

Which two statements are correct?

One comment

— Exhibit —
{master:0}
user@switch> show dot1x interface ge-0/0/15 detail
ge-0/0/15.0
RolE. Authenticator
Administrative statE. Auto
Supplicant modE. Multiple
Number of retries: 3
Quiet perioD. 60 seconds
Transmit perioD. 30 seconds
Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 120 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: guest
Number of connected supplicants: 0
— Exhibit —
Click the Exhibit button.

802.1X authentication was recently configured on your ge-0/0/15 port. You issue the command
shown in the exhibit.
Which two statements are correct? (Choose two.)

which two configuration statements are needed on the EX Series switch to resolve this problem?

One comment

— Exhibit —
user@switch> show configuration access
radius_server {
10.1.1.252 {
port 1812;
secret “$9$7gdwgGDkTz6oJz69A1INdb”; ## SECRET-DATA
}
profile radius_server {
authentication-order password;
radius {
authentication-server 10.1.1.252;
}
}

user@switch> show configuration protocols dot1x
authenticator {
ge-0/0/17.0 {
supplicant multiple;
}
}
user@switch> show configuration vlans
Sales_VLAN {
vlan-id 123;
}
user@switch> show configuration interfaces ge-0/0/17
unit 0 {
family ethernet-switching {
port-mode access;
}
}
— Exhibit —
Click the Exhibit button.
You are asked to place employees that are in the sales group into their own VLAN called
Sales_VLAN with a VLAN ID of 123 on port ge-0/0/17. The VLAN must be assigned dynamically.
After trying an initial configuration, you see that users in the sales group are not assigned to the
Sales_VLAN.
Referring to the exhibit, which two configuration statements are needed on the EX Series switch to

resolve this problem? (Choose two.)

what happens to traffic sent from this device?

7 comments

— Exhibit —
{master:0}[edit protocols dot1x]
user@switch# show
authenticator {
authentication-profile-name my-profile;
static {
00:21:cc:ba:c7:00/40 {

interface ge-0/0/12.0;
}
interface {
ge-0/0/12.0 {
supplicant multiple;
server-fail deny;
}
ge-1/0/14.0 {
reauthentication 120;
server-fail vlan-name local-only;
}
ge-1/0/15.0 {
supplicant multiple;
mac-radius {
restrict;
}
reauthentication 120;
server-fail vlan-name guest;
}
}
}
— Exhibit —
Click the Exhibit button.
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access
ports on this device are members of VLAN v20. The RADIUS server is currently not reachable.

Referring to the configuration shown in the exhibit, what happens to traffic sent from this device?


Page 9 of 23« First...7891011...20...Last »