Juniper JN0-480 Practice Test - Questions Answers, Page 5

Probes are the basic unit of abstraction in Intent-Based Analytics (IBA). They are used to collect, process, and analyze data from the network and raise anomalies based on specified conditions. Probes are composed of processors and stages that form a directed acyclic graph (DAG) of data flow. The following statements are correct about probes:

A) Default probes can be cloned, modified, and saved. This is true because Apstra provides a set of default probes that cover common use cases and scenarios. These probes can be cloned and modified to suit the specific needs of the user. The modified probes can be saved as new probes with different names and descriptions. This allows the user to customize and extend the functionality of the default probes.

D) Default probes are enabled, based on the intent for a blueprint. This is true because Apstra enables or disables the default probes automatically based on the intent of the blueprint. The intent of the blueprint is the high-level description of the desired state and behavior of the network. Apstra uses the intent to determine which default probes are relevant and applicable for the blueprint and enables them accordingly. For example, if the intent of the blueprint is to deploy an EVPN-VXLAN fabric, Apstra will enable the default probes related to EVPN-VXLAN, such as EVPN-VXLAN Anomaly Detection, EVPN-VXLAN Fabric Health, and EVPN-VXLAN Fabric Validation. The following statements are incorrect about probes:

B) Only the variable parameters for default probes can be edited and saved. This is false because the user can edit and save any parameters for the default probes, not just the variable ones. The variable parameters are the ones that depend on the network topology, devices, or configuration, such as device names, interface names, IP addresses, VLAN IDs, etc. The user can also edit and save the fixed parameters, such as the duration, threshold, condition, etc. However, the user cannot edit and save the default probes directly. The user must clone the default probes first and then edit and save the cloned probes as new probes.

C) All default probes are enabled for all blueprints. This is false because Apstra does not enable all default probes for all blueprints. Apstra enables the default probes based on the intent of the blueprint, as explained above. This means that only the default probes that are relevant and applicable for the blueprint are enabled. For example, if the intent of the blueprint is to deploy a BGP IP fabric, Apstra will not enable the default probes related to EVPN-VXLAN, since they are not relevant for the blueprint. The user can also manually enable or disable the default probes as needed.Reference:

Probes

Create Probe

Intent-Based Analytics Overview

According to the Juniper documentation1, the Resources menu in the Juniper Apstra UI allows you to create and manage various types of resources that are assigned to different elements of the network. Resources include the following types:

IPv4 (including Host IPv4)

IPv6 (including Host IPv6)

ASN (autonomous system number)

VNI (virtual network identifier)

VLAN (virtual local area network)

Integer (used for pool type VLAN in local pools in Freeform blueprints)

Therefore, the correct answer is C and D. ASN pools and IP pools are two types of resources that can be created in the Resources menu. Bridge domain identifier (BDI) and DHCP pools are not applicable in this scenario, because they are not part of the resources types supported by Juniper Apstra.Reference:Resources Introduction | Apstra 4.1 | Juniper Networks

When working with logical devices, you specify where each port group is connected by selecting the port group layout and the port speed and role (s) for each port group.The Juniper Apstra UI offers two options to the operator for the port group role:unusedandgeneric1.

Unused: This option means that the port group is not configured or used by Apstra.This can be useful for ports that are faulty, reserved, or not part of the data center fabric1.

Generic: This option means that the port group is configured with a generic role that is not specific to any device type or function.This can be useful for ports that are used for testing, troubleshooting, or custom purposes1.Reference:

Logical Devices

A cabling anomaly is an issue that occurs when the physical connections between the devices in the data center fabric do not match the expected connections based on the Apstra Reference Design. A cabling anomaly can cause problems such as incorrect routing, suboptimal traffic flow, or device isolation. To remediate the issue, you can use one or both of the following methods:

Manually edit the cabling map.This allows you to override the Apstra-generated cabling and specify the correct connections between the devices.You can use the Apstra UI or the Apstra CLI to edit the cabling map and apply the changes to the fabric12.

Have Apstra autoremediate the cabling map using LLDP.This allows Apstra to collect LLDP data from the devices and use it to update the cabling map automatically. LLDP is a protocol that allows devices to exchange information about their identity, capabilities, and neighbors.Apstra can use the LLDP data to detect and correct any cabling errors in the fabric34.Reference:

Edit Cabling Map (Datacenter)

Import / Export Cabling Map (Datacenter)

LLDP Overview

Anomalies (Service)

To implement remote user authentication for the role-based access control of your Apstra server, you can use one of the following methods: TACACS+, LDAP, or RADIUS. These are the protocols that Juniper Apstra supports to authenticate and authorize users based on roles assigned to individual users within an enterprise. You can configure the Apstra server to use one or more of these protocols as the authentication sources and specify the order of preference. You can also configure the Apstra server to use local user accounts as a fallback option if the remote authentication fails. The other options are incorrect because:

D) SAML is wrong because SAML (Security Assertion Markup Language) is not a supported protocol for remote user authentication for the role-based access control of your Apstra server. SAML is an XML-based standard for exchanging authentication and authorization data between different parties, such as identity providers and service providers. SAML is commonly used for web-based single sign-on (SSO) scenarios, but it is not compatible with the Apstra server.

E) Auth0 is wrong because Auth0 is not a protocol, but a service that provides authentication and authorization solutions for web and mobile applications. Auth0 is a platform that supports various protocols and standards, such as OAuth, OpenID Connect, SAML, and JWT. Auth0 is not a supported service for remote user authentication for the role-based access control of your Apstra server.Reference:

User Authentication Overview

[Juniper Apstra] Authentication and Authorization Debugging1

Authenticate User (API)

Configure Apstra Server

A Juniper Apstra rack is a physical entity that contains one or more network devices, such as leaf nodes, access switches, or generic systems. A rack is used to organize and manage the network devices in the Apstra software application. A rack has the following characteristics:

It stores information on how leaf nodes connect to generic devices. This is because a rack can include generic systems, which are devices that are not managed by Juniper Apstra, but are connected to the network. A generic system can be a server, a firewall, a load balancer, or any other device that has a network interface.A rack stores the information on how the leaf nodes, which are the devices that provide access to the end hosts, connect to the generic devices, such as the port number, the link speed, the LAG mode, and the roles1.

It has a rack type, which defines the type and number of leaf devices, access switches, and/or generic systems that are used in the rack. A rack type is a resource that is created in the data center design phase, and it does not specify the vendor or the model of the devices.A rack type can be predefined or custom-made, and it can be used to create multiple racks with the same structure and configuration2.

It has a rack build, which assigns the specific vendor and model of the devices to the rack. A rack build is created in the staged phase, and it uses the rack type as a template.A rack build can also assign the resources, such as the IP addresses, the ASNs, and the VNIs, to the devices in the rack3.

It has a rack deployment, which applies the network configuration and services to the devices in the rack. A rack deployment is performed in the active phase, and it uses the rack build as a reference.A rack deployment can also monitor the network performance and compliance of the devices in the rack4.

The following three statements are incorrect in this scenario:

It stores information on how pods connect to super spines. This is not true, because a rack does not store any information on the pod or the super spine level of the network. A pod is a cluster of leaf and spine devices that form a 3-stage Clos topology, and a super spine is a device that connects multiple pods in a 5-stage Clos topology.A rack only stores information on the leaf and the access level of the network1.

It stores IP address and ASN pool information. This is not true, because a rack does not store any information on the IP address and ASN pools. IP address and ASN pools are resources that are created in the data center design phase, and they contain a range of IP addresses and ASNs that can be assigned to the devices and the virtual networks.A rack only uses the IP address and ASN pools to assign the resources to the devices in the rack build2.

It stores device port data rates and vendor information. This is not true, because a rack does not store any information on the device port data rates and vendor information. The device port data rates and vendor information are specified in the rack build, which assigns the specific vendor and model of the devices to the rack.A rack only uses the rack build to apply the network configuration and services to the devices in the rack deployment3.

Racks (Staged)

Rack Types (Datacenter Design)

Rack Builds (Staged)

Racks (Active)

When an agent installation is successful, devices are placed into the Out of Service Quarantined (OOS-QUARANTINED) state using the Juniper Apstra UI. This state means that the device is not yet managed by Apstra and has not been assigned to any blueprint. The device configuration at this point is called Pristine Config. To make the device ready for use in a blueprint, you need to acknowledge the device, which is a manual action that confirms the device identity and ownership.Acknowledging the device changes its status to Out of Service Ready (OOS-READY)12.Reference:

Managing Devices

AOS Device Configuration Lifecycle

The attribute that enables Juniper Apstra to scale and manage thousands of devices with a single server instance is that Apstra is a distributed state system. This means that Apstra uses a graph database to store the network topology and configuration data in a distributed and replicated manner across multiple server nodes. This allows Apstra to handle large-scale networks with high performance, reliability, and availability. Apstra also uses a stateful orchestration engine that ensures the network state is always consistent with the intent of the blueprint, which is the logical representation of the network design and behavior. Apstra can automatically detect and resolve any discrepancies between the desired and actual network state, as well as handle any changes or failures in the network. The other options are incorrect because:

A) Apstra is installed as a cloud resource is wrong because Apstra can be installed either as a cloud resource or as an on-premises resource. Apstra is available as a virtual machine image that can be deployed on various hypervisors, such as VMware ESXi, QEMU/KVM, Microsoft Hyper-V, or Oracle VirtualBox. Apstra can also be deployed on public cloud platforms, such as Amazon Web Services (AWS) or Microsoft Azure. However, the installation method does not affect the scalability of Apstra, which is determined by the distributed state system architecture.

B) Apstra is based on NGINX is wrong because Apstra is not based on NGINX, but on Python and Django. NGINX is a web server and reverse proxy that Apstra uses to serve the web user interface and the REST API. However, NGINX is not the core component of Apstra, and it does not affect the scalability of Apstra, which is determined by the distributed state system architecture.

C) Apstra is available as an OVA is wrong because Apstra is available as an OVF, not an OVA. An OVF (Open Virtualization Format) is a standard format for packaging and distributing virtual machine images. An OVA (Open Virtual Appliance) is a single file that contains the OVF and the virtual disk images. Apstra provides an OVF file that can be imported into various hypervisors, such as VMware ESXi, QEMU/KVM, Microsoft Hyper-V, or Oracle VirtualBox. However, the availability of Apstra as an OVF does not affect the scalability of Apstra, which is determined by the distributed state system architecture.Reference:

JUNIPER APSTRA ARCHITECTURE

Apstra Server Requirements/Reference

Juniper Networks Apstra 4.0 enhances the experience of users and operators

A security policy is the feature that would be used to accomplish the task of controlling access to other virtual networks in the same routing zone using the Juniper Apstra UI. A security policy allows you to define rules that specify which traffic is allowed or denied between different virtual networks, IP endpoints, or routing zones. A security policy can be applied to one or more virtual networks in the same routing zone, and it can use various criteria to match the traffic, such as source and destination IP addresses, protocols, ports, or tags. A security policy can also support DHCP relay, which enables the forwarding of DHCP requests from one virtual network to another. The other options are incorrect because:

A) interface policy is wrong because an interface policy is a feature that allows you to configure the interface parameters for the devices in a blueprint, such as interface names, speeds, types, or descriptions. An interface policy does not affect the access control between different virtual networks in the same routing zone.

B) anti-affinity policy is wrong because an anti-affinity policy is a feature that allows you to prevent certain devices or logical devices from being placed in the same rack or leaf pair in a blueprint. An anti-affinity policy is used to enhance the availability and redundancy of the network, not to control the access between different virtual networks in the same routing zone.

C) routing policy is wrong because a routing policy is a feature that allows you to configure the routing parameters for the devices in a blueprint, such as routing protocols, autonomous system numbers, route filters, or route maps. A routing policy does not affect the access control between different virtual networks in the same routing zone, unless the routing policy is used to filter or modify the routes exchanged between different routing zones.Reference:

Security Policy

Interface Policy

Anti-Affinity Policy

Routing Policy