Juniper Data Center, Specialist JN0-480 Exam Practice Test

Answer : B, D

According to the Juniper documentation1, EVPN route Type-3 is used to advertise the IP address of the VTEP and the VNIs that it supports. This allows the VTEPs to discover each other and form VXLAN tunnels for the VNIs that they have in common. EVPN route Type-2 is used to advertise the MAC and IP addresses of the hosts connected to the VTEPs. This allows the VTEPs to learn the MAC-to-IP bindings and the MAC-to-VTEP mappings for the hosts in the same VNI. Therefore, these two types of VXLAN tunnels will be automatically created by the EVPN control plane when using Juniper Apstra with the ERB design blueprint and two virtual networks in a common routing zone.Reference:Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric

Answer : B

Juniper Apstra role-based access control (RBAC) is a feature that allows you to specify access permissions for different users based on their roles.RBAC servers are remote network servers that authenticate and authorize network access based on roles assigned to individual users within an enterprise1.Juniper Apstra has four predefined user roles: administrator, device_ztp, user, and viewer2. The administrator role is the most powerful role, and it can see all permissions and perform all actions in the Apstra software application.The administrator role can also create, clone, edit, and delete user roles, except for the four predefined user roles, which cannot be modified2. Therefore, the statement that the administrator role can see all permissions is correct.

The following three statements are incorrect in this scenario:

The viewer role is predefined and can be deleted. This is not true, because the viewer role is one of the four predefined user roles, and it cannot be deleted.The viewer role is the most restricted role, and it can only view the network information and configuration, but not make any changes2.

The user role can create roles. This is not true, because the user role is one of the four predefined user roles, and it cannot create roles.The user role can perform most of the network configuration and management tasks, but it cannot access the platform settings or the user management features2.

The administrator role is the only predefined role. This is not true, because there are four predefined user roles, not just one.The other three predefined user roles are device_ztp, user, and viewer2.

Providers --- Apstra 3.3.0 documentation

User/Role Management (Platform)

Answer : A, D, E

Juniper Apstra supports three deploy modes for devices:Deploy,Drain, andReady.These modes determine the configuration and state of the devices in the data center fabric12.

Deploy: This mode applies the full Apstra-rendered configuration to the device, according to the Apstra Reference Design.The device state becomesIS-ACTIVEand the device is ready to carry traffic in the fabric12.

Drain: This mode adds a ''drain'' configuration to the device, which prevents any new traffic from entering the device.The device state becomesIS-READYand the device is prepared for maintenance or decommissioning12.

Ready: This mode removes the Apstra-rendered configuration from the device, leaving only the basic configuration such as device hostname, interface descriptions, and port speed/breakout.The device state becomesIS-READYand the device is not part of the fabric12.Reference:

Device Configuration Lifecycle

Set Deploy Mode (Datacenter)

Answer : B

The ztp.Json file on the Apstra ZTP server contains the configuration parameters for each device that is onboarded using ZTP. One of the parameters is the State, which can be one of the following values:init,ready,in_progress,done,error, ordisabled. The State indicates the current status of the device in the ZTP process. For example, if the State isready, it means that the device is ready to be onboarded by the Apstra ZTP server. If the State isdone, it means that the device has completed the ZTP process and is managed by the Apstra server. The State can be manually set or changed in the ztp.Json file to control the behavior of the device during ZTP. For more information, seeApstra ZTP Configuration File.Reference:

Apstra ZTP Configuration File

Apstra ZTP Introduction

Configure Apstra ZTP

Answer : B, D, E

To keep virtual networks isolated from each other within the Juniper Apstra system, you can use one or more of the following methods:

Enable Security Policy for virtual networks in the same Routing Zone.This allows you to define rules that control the traffic flow between different virtual networks within the same routing zone. You can specify the source and destination virtual networks, the protocol, the port, and the action (allow or deny) for each rule.The security policy is applied on the ingress interface of the leaf devices1.

Use Connectivity Templates to block access within the same Routing Zone.This allows you to customize the connectivity between different racks within the same routing zone. You can create templates that define the link type, the routing protocol, and the access control list (ACL) for each rack pair.The ACL can be used to filter the traffic based on the source and destination IP addresses, the protocol, and the port2.

Put each network in different Routing Zones.This allows you to create logical boundaries between different virtual networks based on the route target (RT) values. A routing zone is a collection of virtual networks that share the same RT for importing and exporting routes.Virtual networks in different routing zones do not exchange routes with each other, unless you configure remote EVPN gateways to connect them3.Reference:

Security Policy

Connectivity Templates

Routing Zones

Answer : B, D

Time Voyager is a feature of Juniper Apstra that allows you to restore previous revisions of a blueprint, which is a logical representation of your network design and configuration. Time Voyager automatically saves the five most recent blueprint commits, which are the changes that you apply to the network. You can also manually save up to twenty-five revisions by keeping them, which prevents them from being overwritten by new commits. Therefore, the correct answer is B and D. Time Voyager retains the five most recent blueprint commits and Time Voyager retains up to twenty-five saved revisions.Reference:Time Voyager | Apstra 4.1 | Juniper Networks,Time Voyager Introduction | Apstra 4.2 | Juniper Networks,Juniper Apstra at a Glance | Flyer

Answer : A, D

A cabling anomaly is an issue that occurs when the physical connections between the devices in the data center fabric do not match the expected connections based on the Apstra Reference Design. A cabling anomaly can cause problems such as incorrect routing, suboptimal traffic flow, or device isolation. To remediate the issue, you can use one or both of the following methods:

Manually edit the cabling map.This allows you to override the Apstra-generated cabling and specify the correct connections between the devices.You can use the Apstra UI or the Apstra CLI to edit the cabling map and apply the changes to the fabric12.

Have Apstra autoremediate the cabling map using LLDP.This allows Apstra to collect LLDP data from the devices and use it to update the cabling map automatically. LLDP is a protocol that allows devices to exchange information about their identity, capabilities, and neighbors.Apstra can use the LLDP data to detect and correct any cabling errors in the fabric34.Reference:

Edit Cabling Map (Datacenter)

Import / Export Cabling Map (Datacenter)

LLDP Overview

Anomalies (Service)