Juniper JN0-480 Exam Dumps

Intent-based analytics (IBA) is a feature of Juniper Apstra that allows you to combine intent from the network design with current and historic data from devices to reason about the network at-large1. IBA has the following characteristics:

It is a real-time information processing pipeline. This means that IBA can ingest, process, and analyze large amounts of data from devices in real time, using agents and probes. Agents are software components that collect data from devices and send them to the Apstra server.Probes are user-defined queries that aggregate data across devices and generate advanced data that can be more easily reasoned about1.

It is used to establish network performance baselines. This means that IBA can use the advanced data to measure and monitor the network performance against the expected outcomes and service levels.IBA can also use the historic data to create baselines that represent the normal behavior and state of the network2.

It alerts the network operator when network performance moves away from the baseline. This means that IBA can detect and report any anomalies or deviations from the baseline or the intent in the network.IBA can also provide insights and recommendations for troubleshooting and resolving the issues2.

The following two statements are incorrect in this scenario:

It indicates when device operating versions require updating. This is not true, because IBA does not provide any information or guidance about the device operating versions or updates.IBA is focused on the network performance and compliance, not on the device maintenance or upgrade1.

It collects information from vendor websites. This is not true, because IBA does not collect any information from vendor websites or external sources.IBA only collects information from the devices in the network, using agents and probes1.

Intent-Based Analytics --- Apstra 3.3.0 documentation

What is Intent Based Networking? | Juniper Networks US

In the EVPN-VXLAN data center fabric bridged overlay architecture shown in the exhibit, the servers are connected to Leaf1 and Leaf6 using the same virtual network identifier (VNI). This means that the servers belong to the same Layer 2 domain and can communicate with each other using VXLAN tunnels across the fabric. The underlay network provides the IP connectivity between the leaf and spine devices, and it uses EBGP as the routing protocol. Therefore, the following two statements are correct in this scenario:

Loopback IPv4 addresses must be advertised into the EBGP underlay from leaf and spine devices. This is because the loopback addresses are used as the source and destination IP addresses for the VXLAN tunnels, and they must be reachable by all the devices in the fabric. The loopback addresses are also used as the router IDs and the BGP peer addresses for the EBGP sessions.

The underlay EBGP peering's must be established between leaf and spine devices. This is because the EBGP sessions are used to exchange the underlay routing information and the EVPN routes for the overlay network. The EBGP sessions are established using the loopback addresses of the devices, and they follow a spine-and-leaf topology, where each leaf device peers with all the spine devices, and each spine device peers with all the leaf devices.

The following two statements are incorrect in this scenario:

The underlay must use IRB interfaces. This is not true, because the underlay network does not provide any Layer 3 gateway functionality for the overlay network. The IRB interfaces are used to provide inter-VXLAN routing within the fabric, which is not the case in the bridged overlay architecture. The IRB interfaces are used in the edge-routed bridging (ERB) or the centrally-routed bridging (CRB) architectures, which are different from the bridged overlay architecture.

The underlay must be provisioned with PIMv2. This is not true, because the underlay network does not use multicast for the VXLAN tunnels. The VXLAN tunnels are established using EVPN, which uses BGP to distribute the MAC and IP addresses of the end hosts and the VTEP information of the devices. EVPN eliminates the need for multicast in the underlay network, and it provides optimal forwarding and fast convergence for the overlay network.

Exploring EVPN-VXLAN Overlay Architectures -- Bridged Overlay

EVPN LAGs in EVPN-VXLAN Reference Architectures

EVPN-VXLAN Configuration Guide

To implement remote user authentication for the role-based access control of your Apstra server, you can use one of the following methods: TACACS+, LDAP, or RADIUS. These are the protocols that Juniper Apstra supports to authenticate and authorize users based on roles assigned to individual users within an enterprise. You can configure the Apstra server to use one or more of these protocols as the authentication sources and specify the order of preference. You can also configure the Apstra server to use local user accounts as a fallback option if the remote authentication fails. The other options are incorrect because:

D) SAML is wrong because SAML (Security Assertion Markup Language) is not a supported protocol for remote user authentication for the role-based access control of your Apstra server. SAML is an XML-based standard for exchanging authentication and authorization data between different parties, such as identity providers and service providers. SAML is commonly used for web-based single sign-on (SSO) scenarios, but it is not compatible with the Apstra server.

E) Auth0 is wrong because Auth0 is not a protocol, but a service that provides authentication and authorization solutions for web and mobile applications. Auth0 is a platform that supports various protocols and standards, such as OAuth, OpenID Connect, SAML, and JWT. Auth0 is not a supported service for remote user authentication for the role-based access control of your Apstra server.Reference:

User Authentication Overview

[Juniper Apstra] Authentication and Authorization Debugging1

Authenticate User (API)

Configure Apstra Server

According to the Juniper documentation1, a routing zone is an L3 domain, the unit of tenancy in multi-tenant networks. You create routing zones for tenants to isolate their IP traffic from one another, thus enabling tenants to re-use IP subnets. In addition to being in its own VRF, each routing zone can be assigned its own DHCP relay server and external system connections. You can create one or more virtual networks within a routing zone, which means a tenant can stretch its L2 applications across multiple racks within its routing zone. For virtual networks with Layer 3 SVI, the SVI is associated with a Virtual Routing and Forwarding (VRF) instance for each routing zone isolating the virtual network SVI from other virtual network SVIs in other routing zones. Therefore, the correct answer is D. A routing zone is used to enable the communication between two VNIs within a VRF. A routing zone is not used for L4-L7 inspection, securing routing protocols, or requiring firewalls. Those are not the purposes of a routing zone in Juniper Apstra software.Reference:Routing Zones

Time Voyager is a feature of Juniper Apstra that allows you to restore previous revisions of a blueprint, which is a logical representation of your network design and configuration. Time Voyager automatically saves the five most recent blueprint commits, which are the changes that you apply to the network. You can also manually save up to twenty-five revisions by keeping them, which prevents them from being overwritten by new commits. Therefore, the correct answer is B and D. Time Voyager retains the five most recent blueprint commits and Time Voyager retains up to twenty-five saved revisions.Reference:Time Voyager | Apstra 4.1 | Juniper Networks,Time Voyager Introduction | Apstra 4.2 | Juniper Networks,Juniper Apstra at a Glance | Flyer