Want to know Actualtests JN0-643 Exam practice test features? Want to lear more about Juniper Enterprise Routing and Switching, Professional (JNCIP-ENT) certification experience? Study Download Juniper JN0-643 answers to Most recent JN0-643 questions at Actualtests. Gat a success with an absolute guarantee to pass Juniper JN0-643 (Enterprise Routing and Switching, Professional (JNCIP-ENT)) test on your first attempt.

2021 Sep JN0-643 exams

Q101. Which two statements about the voice VLAN feature are correct? (Choose two.) 

A. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on an access port. 

B. It can be used to assign VoIP traffic into a CoS forwarding class. 

C. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on a trunk port. 

D. It can be used to apply a policer to VoIP traffic. 

Answer: A,B 


Q102. Your company recently implemented Layer 2 authentication and access control to secure users accessing the corporate network. You implemented 802.1X, MAC RADIUS, and a captive portal to support a variety of hosts on the network. Senior management is concerned that valid users might be authenticated incorrectly on the network and they ask you questions about how these different access technologies are used simultaneously. 

Which three statements are correct? (Choose three.) 

A. MAC addresses that are part of a MAC address whitelist or a static MAC list are authenticated before any other authentication protocol is invoked. 

B. Captive portal is a supported fallback option for 802.1X. 

C. If the authentication server fails to respond to access requests and both a server-fail and guest VLAN are configured correctly, the server-fail VLAN takes precedence over the guest VLAN. 

D. Captive portal can only be configured on Layer 3 interfaces. 

E. If a port is configured with 802.1X and the host does not respond to EAP requests, no other authentication protocol can authenticate the host. 

Answer: A,B,C 


Q103. Click the Exhibit button. 

You are asked to connect Area 2 to the backbone. 

Which configuration would be required on R3? 

A. [edit protocols ospf3] 

user@R3# show 

area 0.0.0.0 { 

virtual-link neighbor-id 10.0.10.1 transit-area 0.0.0.1; 

interface ge-0/0/5.0; 

B. [edit protocols ospf] 

user@R3# show 

area 0.0.0.0 { 

virtual-link neighbor-id 192.168.1.2 transit-area 0.0.0.1; 

interface ge-0/0/5.0 { 

interface-type p2p; 

C. [edit protocols ospf3] 

user@R3# show 

area 0.0.0.0 { 

virtual-link neighbor-id 192.168.1.2 transit-area 0.0.0.1; 

interface ge-0/0/5.0; 

D. [edit protocols ospf3] 

user@R3# show 

area 0.0.0.1 { 

virtual-link neighbor-id 192.168.1.2 transit-area 0.0.0.1; 

interface ge-0/0/5.0; 

Answer: C 


Q104. Your company uses 802.1X to authenticate your users. You want to provide access to the Internet when users cannot authenticate on the RADIUS server or when the RADIUS server becomes unreachable. 

Which two methods accomplish this goal? (Choose two.) 

A. using a captive portal 

B. using a server fail fallback 

C. using MAC RADIUS 

D. using a guest VLAN 

Answer: B,D 


Q105. Click the Exhibit button. 

Referring to the exhibit, you must ensure that traffic to the 2001:10:5::/64 network leaves AS 2 through R3. 

Given that all BGP attributes are at their default, how would you accomplish this task? 

A. On R1, configure a MED of 50 for the 2001:10:5::/64 route. 

B. On R2, configure a MED of 50 for the 2001:10:5::/64 route. 

C. On R3, configure a MED of 50 for the 2001:10:5::/64 route. 

D. On R4, configure a MED of 50 for the 2001:10:5::/64 route. 

Answer: B 


JN0-643 pdf exam

Up to the immediate present JN0-643 exam prep:

Q106. -- Exhibit –

user@router> show ospf database network extensive 

OSPF link state database, area 0.0.0.1 

Type ID Adv Rtr Seq Age Opt Cksum Len 

Network 10.222.1.1 192.168.20.1 0x80000002 813 0x2 0x 32 

mask 255.255.255.0 

attached router 192.168.20.1 

attached router 192.168.40.1 

Aging timer 00:46:27 

Installed 00:13:32 ago, expires in 00:46:27, sent 1w5d 01:07:09 ago 

-- Exhibit –

Click the Exhibit button. 

Referring to the exhibit, which statement is true regarding the OSPF network LSA? 

A. The ID field value shows the router ID of the advertising router. 

B. The ID field is the local interface IP address from which the LSA will be advertised. 

C. The options field indicates this is a Type 2 LSA. 

D. The output shows that 192.168.20.1 is the designated router. 

Answer: D 


Q107. A coffee shop offering free Internet service to customers wants to implement the following security policies: 

1. Every customer must agree to a set of terms and conditions before accessing the Internet. 

2. Log out customers that are logged in for more than one hour. 

3. Log out customers that are idle for more than 5 minutes. 

4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions. 

The following configuration has been applied to the switch: 

set access radius-server 172.16.14.26 port 1812 

set access radius-server 172.16.14.26 secret Am@zingC00f33 

set access profile dot1x authentication-order radius 

set access profile dot1x radius authentication-server 172.27.14.226 

What would you add to implement these policies? 

A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple 

set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius 

set protocols dot1x authenticator authentication-profile-name dot1x 

set services captive-portal authentication-profile-name dot1x 

set services captive-portal interface ge-0/0/12.0 

set services captive-portal secure-authentication https 

set services captive-portal custom-options header-message “Welcome to Our Coffee Shop” 

set services captive-portal custom-options banner-message “Terms and Conditions of Use" 

B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple 

set protocols dot1x authenticator authentication-profile-name dot1x 

set services captive-portal authentication-profile-name dot1x 

set services captive-portal interface ge-0/0/12.0 

set services captive-portal secure-authentication https 

set services captive-portal custom-options header-message “Welcome to Our Coffee Shop” 

set services captive-portal custom-options banner-message “Terms and Conditions of Use" 

C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple 

set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius 

set protocols dot1x authenticator authentication-profile-name dot1x 

set services captive-portal authentication-profile-name dot1x 

set services captive-portal interface ge-0/0/12.0 

set services captive-portal interface ge-0/0/12.0 idle-timeout 300 

set services captive-portal interface ge-0/0/12.0 user-timeout 3600 

set services captive-portal secure-authentication https 

set services captive-portal custom-options header-message “Welcome to Our Coffee Shop” 

set services captive-portal custom-options banner-message “Terms and Conditions of Use" 

D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple 

set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius 

set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300 

set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 

set protocols dot1x authenticator authentication-profile-name dot1x 

set services captive-portal authentication-profile-name dot1x 

set services captive-portal interface ge-0/0/12.0 

set services captive-portal secure-authentication https 

set services captive-portal custom-options header-message “Welcome to Our Coffee Shop” 

set services captive-portal custom-options banner-message “Terms and Conditions of Use" 

Answer: A 


Q108. Which version of BGP would an enterprise use to peer with an ISP? 

A. Confederation BGP 

B. External BGP 

C. Internal BGP 

D. Labeled-Unicast 

Answer: C 


Q109. Which three PoE power allocation methods are supported on EX Series switches? (Choose three.) 

A. dynamic PoE management mode 

B. static PoE management mode 

C. enhanced power negotiation 

D. LLDP power negotiation 

E. class PoE management mode 

Answer: B,D,E 


Q110. Click the Exhibit button. 

In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic over VLAN 200. 

What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A? 

A. interfaces { 

ge-0/0/0 { 

unit 0 { 

family ethernet-switching { 

port-mode access; 

ge-0/0/10 { 

unit 0 { 

family ethernet-switching { 

port-mode trunk; 

vlan { 

members test; 

vlans { 

test { 

vlan-id 200; 

interface { 

ge-0/0/0.0; 

dot1q-tunneling { 

customer-vlans 100; } } } 

B. interfaces { 

ge-0/0/0 { 

unit 0 { 

family ethernet-switching { 

port-mode trunk; 

vlan { 

members test; 

ge-0/0/10 { 

unit 0 { 

family ethernet-switching { 

port-mode access; 

vlans { 

test { 

vlan-id 200; 

interface { 

ge-0/0/0.0; 

dot1q-tunneling { 

customer-vlans 100; 

C. interfaces { 

ge-0/0/0 { 

unit 0 { 

family ethernet-switching { 

port-mode trunk; 

vlan { 

members test; 

ge-0/0/10 { 

unit 0 { 

family ethernet-switching { 

port-mode access; 

vlans { 

test { 

vlan-id 200; 

interface { 

ge-0/0/10.0; 

dot1q-tunneling { 

customer-vlans 100; 

D. interfaces { 

ge-0/0/0 { 

unit 0 { 

family ethernet-switching { 

port-mode access; 

ge-0/0/10 { 

unit 0 { 

family ethernet-switching { 

port-mode trunk; 

vlan { 

members test; 

vlans { 

test { 

vlan-id 100; 

interface { 

ge-0/0/0.0; 

dot1q-tunneling { 

customer-vlans 200; 

Answer: A