JN0-664

Practice JN0-664 Exam

Is it difficult for you to decide to purchase Juniper JN0-664 exam dumps questions? CertQueen provides FREE online Service Provider Professional (JNCIP-SP) JN0-664 exam questions below, and you can test your JN0-664 skills first, and then decide whether to buy the full version or not. We promise you get the following advantages after purchasing our JN0-664 exam dumps questions.
1.Free update in ONE year from the date of your purchase.
2.Full payment fee refund if you fail JN0-664 exam with the dumps

 

 Full JN0-664 Exam Dump Here

Latest JN0-664 Exam Dumps Questions

The dumps for JN0-664 exam was last updated on Apr 03,2026 .

Viewing page 1 out of 3 pages.

Viewing questions 1 out of 17 questions

Question#1

Exhibit



Referring to the exhibit, CE-1 is providing NAT services for the hosts at Site 1 and you must provide Internet access for those hosts
Which two statements are correct in this scenario? (Choose two.)

A. You must configure a static route in the main routing instance for the 10 1 2.0/24 prefix that uses the VPN-
B. inet.0 table as the next hop
C. You must configure a static route in the main routing instance for the 203.0.113.1/32 prefix that uses the VPN-
D. inet.0 table as the next hop.
E. You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPN-
F. inet.0 table.
G. You must configure a RIB group on PE-1 to leak the 10 1 2.0/24 prefix from the VPN-
H. inet.0 table to the inet.0 table.

Explanation:
In the given scenario, where CE-1 at Site 1 is providing NAT services and requires Internet access for its hosts, the correct configuration on PE-1 to provide Internet access involves routing and potentially using Routing Information Base (RIB) groups to ensure proper route leaking between VRFs (Virtual Routing and Forwarding instances) and the global routing table. Here are the correct statements:
You must configure a RIB group on PE-1 to leak a default route from the inet.0 table to the VPN-A.inet.0 table. By leaking a default route into the VPN-A routing table, hosts in Site 1 will be able to access the Internet via the PE-1 gateway. This is assuming that PE-1 is the gateway to the Internet for the VPN-A site.
You must configure a RIB group on PE-1 to leak the 10.1.2.0/24 prefix from the VPN-A.inet.0 table to the inet.0 table. This step is necessary if other devices in the main routing instance need to reach the hosts behind CE-1, which are performing NAT. This allows for return traffic from the Internet destined for the NATed IP addresses to find the correct route back to the CE-1 device.

Question#2

Which statement is true regarding BGP FlowSpec?

A. It uses a remote triggered black hole to protect a network from a denial-of-service attack.
B. It uses dynamically created routing policies to protect a network from denial-of-service attacks
C. It is used to protect a network from denial-of-service attacks dynamically
D. It verifies that the source IP of the incoming packet has a resolvable route in the routing table

Explanation:
BGP FlowSpec is a feature that extends the Border Gateway Protocol (BGP) to enable routers to exchange traffic flow specifications, allowing for more precise control of network traffic. The BGP FlowSpec feature enables routers to advertise and receive information about specific flows in the network, such as those originating from a particular source or destined for a particular destination. Routers can then use this information to construct traffic filters that allow or deny packets of a certain type, rate limit flows, or perform other actions1. BGP FlowSpec can also help in filtering traffic and taking action against distributed denial of service (DDoS) attacks by dropping the DDoS traffic or diverting it to an analyzer2. BGP FlowSpec rules are internally converted to equivalent Cisco Common Classification Policy Language (C3PL) representing corresponding match and action parameters2. Therefore, BGP FlowSpec uses dynamically created routing policies to protect a network from denial-of-service attacks.
References:
1: https://www.networkingsignal.com/what-is-bgp-flowspec/
2: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-flowspec-route-reflector-support.html

Question#3

Which two statements are correct regarding bootstrap messages that are forwarded within a PIM sparse mode domain? (Choose two.)

A. Bootstrap messages are forwarded only to routers that explicitly requested the messages within the PIM sparse-mode domain
B. Bootstrap messages distribute RP information dynamically during an RP election.
C. Bootstrap messages are used to notify which router is the PIM RP
D. Bootstrap messages are forwarded to all routers within a PIM sparse-mode domain.

Explanation:
Bootstrap messages are PIM messages that are used to distribute rendezvous point (RP) information dynamically during an RP election. Bootstrap messages are sent by bootstrap routers (BSRs), which are routers that are elected to perform the RP discovery function for a PIM sparse-mode domain. Bootstrap messages contain information about candidate RPs and their multicast groups, as well as BSR priority and hash mask length. Bootstrap messages are forwarded to all routers within a PIM sparse-mode domain using hop-by-hop flooding.

Question#4

Exhibit.



Referring to the exhibit, which path would traffic passing through R1 take to get to R4?

A. R1 -> R3 -> R4
B. R1 -> R2 -> R3 -> R4
C. R1 -> R2 -> R4
D. R1 -> R4

Explanation:
The OSPF cost is carried in the LSAs that are exchanged within an OSPF area. When a router calculates the cost to a destination it uses the cost of the exit interface of each router in the path to the destination.

Question#5

Exhibit



You want to implement the BGP Generalized TTL Security Mechanism (GTSM) on the network
Which three statements are correct in this scenario? (Choose three)

A. You can implement BGP GTSM between R2, R3, and R4
B. BGP GTSM requires a firewall filter to discard packets with incorrect TT
C. You can implement BGP GTSM between R2 and R1.
D. BGP GTSM requires a TTL of 1 to be configured between neighbors.
E. BGP GTSM requires a TTL of 255 to be configured between neighbors.

Explanation:
You can implement BGP GTSM between R2, R3, and R4 - GTSM can typically be implemented on any BGP peering relationship to protect against certain types of attacks, assuming that the routers are directly connected or that there's a controlled number of hops in between them.
BGP GTSM requires a firewall filter to discard packets with incorrect TTL - While GTSM itself checks the TTL of received BGP packets and drops those that don’t meet the expected TTL value, configuring a firewall filter can provide an additional layer of security to enforce this policy on the routers.
BGP GTSM requires a TTL of 255 to be configured between neighbors - The principle behind GTSM is that BGP packets sent between directly connected peers should have their TTL set to 255. When a BGP message is received, the TTL is checked, and if it is not within the expected range (usually close to 255), the packet is considered invalid.

Exam Code: JN0-664         Q & A: 96 Q&As         Updated:  Apr 03,2026

 

 Full JN0-664 Exam Dumps Here

Exam Code: JN0-664
Q & A: 96 Q&As
Updated:  Apr 03,2026

 

 About JN0-664 Dumps

TOP Exams