Juniper JN0-480 Data Center, Specialist Exam Practice Test

Answer : A, C

A pristine configuration in Juniper Apstra is the configuration file that is used to onboard a device into the Apstra software application.A pristine configuration contains the minimum settings that are required for the device to communicate with the Apstra server, such as the hostname, management IP address, username, password, and SSH key1. A pristine configuration has the following characteristics:

It is the configuration file placed on the device when decommissioning the device. This is because when a device is decommissioned from the Apstra software application, it is reverted back to its pristine configuration, which removes all the network configuration and services that were applied by the Apstra software application.This allows the device to be reused or repurposed for another network2.

It is the configuration file on a device before acknowledgment in Apstra. This is because when a device is onboarded into the Apstra software application, it is initially in the discovery state, which means that the device is discovered by the Apstra server, but not yet acknowledged by the user. In the discovery state, the device has the pristine configuration, which can be viewed and edited by the user.Once the user acknowledges the device, the device moves to the deployed state, which means that the device is ready to receive the network configuration and services from the Apstra software application3.

The following two statements are incorrect in this scenario:

It is the device's currently active configuration. This is not true, because the pristine configuration is not the device's currently active configuration, unless the device is in the discovery state or the decommissioned state.In the deployed state, the device's currently active configuration is the network configuration and services that are applied by the Apstra software application, which are based on the blueprint and the intent3.

It is the device's previously active configuration. This is not true, because the pristine configuration is not the device's previously active configuration, unless the device is in the decommissioned state. In the discovery state, the pristine configuration is the device's initial configuration, which may or may not be the same as the device's previous configuration before being onboarded into the Apstra software application.In the deployed state, the device's previously active configuration is the network configuration and services that were applied by the Apstra software application before the last commit3.

Pristine Config

Decommission Device

Device States

Answer : A, B, C

To implement remote user authentication for the role-based access control of your Apstra server, you can use one of the following methods: TACACS+, LDAP, or RADIUS. These are the protocols that Juniper Apstra supports to authenticate and authorize users based on roles assigned to individual users within an enterprise. You can configure the Apstra server to use one or more of these protocols as the authentication sources and specify the order of preference. You can also configure the Apstra server to use local user accounts as a fallback option if the remote authentication fails. The other options are incorrect because:

D) SAML is wrong because SAML (Security Assertion Markup Language) is not a supported protocol for remote user authentication for the role-based access control of your Apstra server. SAML is an XML-based standard for exchanging authentication and authorization data between different parties, such as identity providers and service providers. SAML is commonly used for web-based single sign-on (SSO) scenarios, but it is not compatible with the Apstra server.

E) Auth0 is wrong because Auth0 is not a protocol, but a service that provides authentication and authorization solutions for web and mobile applications. Auth0 is a platform that supports various protocols and standards, such as OAuth, OpenID Connect, SAML, and JWT. Auth0 is not a supported service for remote user authentication for the role-based access control of your Apstra server.Reference:

User Authentication Overview

[Juniper Apstra] Authentication and Authorization Debugging1

Authenticate User (API)

Configure Apstra Server

Answer : A, D

A cabling anomaly is an issue that occurs when the physical connections between the devices in the data center fabric do not match the expected connections based on the Apstra Reference Design. A cabling anomaly can cause problems such as incorrect routing, suboptimal traffic flow, or device isolation. To remediate the issue, you can use one or both of the following methods:

Manually edit the cabling map.This allows you to override the Apstra-generated cabling and specify the correct connections between the devices.You can use the Apstra UI or the Apstra CLI to edit the cabling map and apply the changes to the fabric12.

Have Apstra autoremediate the cabling map using LLDP.This allows Apstra to collect LLDP data from the devices and use it to update the cabling map automatically. LLDP is a protocol that allows devices to exchange information about their identity, capabilities, and neighbors.Apstra can use the LLDP data to detect and correct any cabling errors in the fabric34.Reference:

Edit Cabling Map (Datacenter)

Import / Export Cabling Map (Datacenter)

LLDP Overview

Anomalies (Service)

Answer : D

Referring to the exhibit, the image shows the Racks table under the Staged menu in the Juniper Apstra UI. The Racks table displays the details of the racks that are used in the blueprint, such as the name, rack type, and date.The rack type is a resource that defines the type and number of leaf devices, access switches, and/or generic systems that are used in rack builds1. The image shows seven racks in the table, but only two rack types: BorderLeaf and ServerRack. Therefore, the statement D is correct in this scenario.

The following three statements are incorrect in this scenario:

A) six. This is not true, because there are not six rack types in the table, but only two. The number six corresponds to the number of racks that have the same rack type: ServerRack.

B) three. This is not true, because there are not three rack types in the table, but only two. The number three does not correspond to any relevant information in the table or the image.

C) seven. This is not true, because there are not seven rack types in the table, but only two. The number seven corresponds to the total number of racks in the table, not the rack types.

Rack Types (Datacenter Design)

Racks (Staged)

Answer : A

When a new switch is added to Juniper Apstra software, it initially shows the ''0 OS-Quarantined'' status, which means that the device is not yet managed by Apstra and has not been assigned to any blueprint. The proper next step to make the device ready for use in a blueprint is to acknowledge the device, which is a manual action that confirms the device identity and ownership.Acknowledging the device changes its status to ''OOS-Ready'', which means that the device is ready to be assigned to a blueprint and deployed12.Reference:

Managing Devices

AOS Device Configuration Lifecycle

Answer : B

Device profiles are objects that associate a specific vendor model to a logical device in Juniper Apstra. Device profiles contain extensive hardware model details, such as form factor, ASIC, CPU, RAM, ECMP limit, and supported features. Device profiles also define how configuration is generated, how telemetry commands are rendered, and how configuration is deployed on a device.Device profiles enable the Apstra system to render and deploy the configuration according to the Apstra Reference Design12.Reference:

Device Profiles

Juniper Device Profiles

Answer : B

Juniper Apstra role-based access control (RBAC) is a feature that allows you to specify access permissions for different users based on their roles.RBAC servers are remote network servers that authenticate and authorize network access based on roles assigned to individual users within an enterprise1.Juniper Apstra has four predefined user roles: administrator, device_ztp, user, and viewer2. The administrator role is the most powerful role, and it can see all permissions and perform all actions in the Apstra software application.The administrator role can also create, clone, edit, and delete user roles, except for the four predefined user roles, which cannot be modified2. Therefore, the statement that the administrator role can see all permissions is correct.

The following three statements are incorrect in this scenario:

The viewer role is predefined and can be deleted. This is not true, because the viewer role is one of the four predefined user roles, and it cannot be deleted.The viewer role is the most restricted role, and it can only view the network information and configuration, but not make any changes2.

The user role can create roles. This is not true, because the user role is one of the four predefined user roles, and it cannot create roles.The user role can perform most of the network configuration and management tasks, but it cannot access the platform settings or the user management features2.

The administrator role is the only predefined role. This is not true, because there are four predefined user roles, not just one.The other three predefined user roles are device_ztp, user, and viewer2.

Providers --- Apstra 3.3.0 documentation

User/Role Management (Platform)