JN0-481

Explanation:
A configuration deviation (also called a configuration anomaly) in Apstra indicates that the device’s running configuration differs from Apstra’s intended (golden) configuration for that node. In day-to-day operations, this most commonly occurs when an operator makes a change outside of Apstra’s control, such as entering commands directly on the device CLI (for example, on a Junos v24.4 switch), using another automation system, or applying an out-of-band configuration method.
Apstra continuously compares the device’s operational configuration against what it expects based on blueprint intent. When it detects drift, it raises a deviation anomaly so operators can decide how to restore compliance. Typical remediations are either (1) remove/revert the out-of-band change so the device matches intent again, or (2) explicitly acknowledge the change in Apstra (for example, via an accept/suppress workflow, depending on the exact UI action and version), so the deviation is no longer treated as unexpected.
While it is also possible for a deviation to be triggered by a device not accepting a rendered command (capability mismatch), the question asks what the anomaly indicates in this scenario; the primary meaning of “configuration deviation” is configuration changed outside of Apstra and therefore the network is no longer aligned with the intended state. That corresponds to option C.

Explanation:
In Apstra 5.1, a logical device defines the abstract port layout and capabilities (including supported speeds), while an interface map binds that abstract port layout to the real, vendor-specific front-panel ports. Rack types then consume logical devices and interface maps to model the rack’s leaf/superspine roles. Once a logical device is referenced by interface maps and used inside rack types (and potentially templates that instantiate those rack types), Apstra treats the combination as a consistent contract: port counts, roles, and speeds must remain semantically valid for every object that depends on it.
The exhibit’s validation error indicates that after changing interface speeds on the logical device, the
existing interface map(s) and their usage in rack types no longer match the logical device definition (for example, the map expects certain ports/speeds/roles, but the updated logical device would leave the map invalid). Because the logical device is being consumed in multiple places, the safest and required way to remove the error is to remove all dependencies―templates (if they reference the rack types), rack types, and interface maps―so Apstra can accept the new logical device definition without violating existing mappings. After updating the logical device, you then recreate or update the interface maps and re-associate them with the rack types/templates so the entire chain remains consistent under the new speed requirements.

Explanation:
In Apstra 5.1, multitenancy is modeled using routing zones, which map directly to the network operating system concept of a VRF. A VRF is an isolated Layer 3 routing instance with its own routing table and forwarding context, and Apstra’s routing zone is the intent-based abstraction used to define and manage that isolation consistently across the fabric. Therefore, if your goal is to allow or deny traffic to or from a particular VRF, you must select Routing Zone as the security policy application point.
This choice enables you to express policy at the tenant boundary (VRF boundary) rather than at a single segment boundary. In EVPN-VXLAN data center fabrics, a tenant VRF commonly contains multiple virtual networks (VXLAN segments) and their associated IRB gateways on the leaf switches. Applying policy at the routing-zone level allows Apstra to compile intent and deploy enforcement consistently where traffic enters or exits that VRF context―typically as ACL constructs rendered as Junos firewall filters on the appropriate interfaces (for example, IRB interfaces for east-west controls or border interfaces for north-south controls).
By contrast, selecting Virtual Network targets a single segment (not the whole VRF), and Internal/External Endpoint targets specific endpoints or endpoint groups rather than the VRF-wide policy boundary. Hence, Routing Zone is the correct application point when policy scope is the VRF.

Explanation:
In Apstra 5.1, property sets are structured data objects (YAML/JSON) used to hold values that templates can consume at render time. Their most common use is with configlets, where property set key/value pairs are referenced as variables inside the template so Apstra can perform variable substitution during configuration generation. This directly supports statement B.
Property sets are also designed to be reusable. A single configlet can reference more than one property set (for example, one set for NTP servers and another for syslog collectors), allowing clean separation of data domains and easier lifecycle updates. This supports statement E.
Operationally, when you bring design content into a blueprint, the blueprint must have the required supporting objects available. In Apstra workflows, configlets that use property sets require those property sets to be present in the blueprint context (commonly accomplished by importing the relevant property set(s) from the catalog into the blueprint as part of bringing in the configlet and its dependencies). This aligns with statement A as the blueprint-level outcome: the property sets used by an imported configlet are imported/available in the blueprint for rendering.
Statements C and D are incorrect because property sets are not limited only to configlets (they are also used with Analytics probes), and the syntax is not vendor-specific―Apstra uses standard YAML/JSON structures independent of NOS.
Verified Juniper sources (URLs):
https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/concept/property-set-datacenter-design.html
https://www.juniper.net/documentation/us/en/software/apstra4.2/apstra-user-guide/topics/concept/property-set-datacenter-design.html
https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/ref/configlet-examples.html

Explanation:
In Apstra 5.1, “resources” (such as ASNs, IP addressing, and VNIs) are allocated to blueprint elements using resource pools. The blueprint does not require you to manually craft every individual resource value; instead, Apstra’s workflow is to have you indicate which pool(s) should be used for the blueprint, and then Apstra automatically pulls and assigns the required values. This automation is fundamental to Apstra’s intent-based model: once the blueprint knows which pools to consume, it can deterministically allocate unique values across the fabric and generate consistent Junos configuration for the assigned devices.
Option D best matches this behavior because it reflects the documented mechanism: required resources are automatically pulled from the selected pool(s) and assigned in a fast, bulk transaction. This is what enables repeatable deployments―especially in EVPN-VXLAN data center fabrics― because resource collisions and manual tracking are avoided.
Option A is not the defining prerequisite for resource assignment; device profile and device assignment are important overall build steps, but the correctness of resource assignment is tied to pool selection and availability rather than being strictly gated by those tasks. Option B is incorrect because pools can be created and managed beyond only “global” contexts, and Apstra also supports creating additional pools from within the blueprint when needed. Option C is misleading because resources are governed by pools and allocation, not only by manual creation under a single tab.
Verified Juniper sources (URLs):
https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/concept/resources.html
https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/concept/freeform-resource-management.html
https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/ref/resource-pools-api.html