Juniper Updated JN0-481 Exam Questions and Answers by nyra

In Apstra 5.1, “resources” are the identifier values consumed by the fabric design and rendered into device configuration—examples include ASNs, IP addresses, VNIs, VLAN-related identifiers (where applicable), and similar allocation-driven values. These values are provided through resource pools, which are the authoritative containers Apstra draws from when assigning resources to blueprint roles (for example, leaf ASNs, spine ASNs, loopbacks, point-to-point subnets, and VNI ranges). A key architectural feature is that resource pools are not confined to one blueprint. Apstra supports pools with different scopes to match operational needs: some pools are managed centrally and reused across multiple blueprints, while other pools are created and used within the context of a specific blueprint when you want strict separation and lifecycle alignment with that blueprint.

This is why the correct statement is that a pool’s scope can be global or blueprint-specific. Global pools are appropriate when you want consistent allocation policy across fabrics (for example, enterprise-wide ASN ranges). Blueprint-specific pools are appropriate when you want per-fabric independence or when allocations are generated dynamically within the blueprint. This scope behavior is independent of Junos v24.4; Junos receives the final rendered values, but the pool scoping and allocation control are Apstra design-time constructs that ensure deterministic, conflict-free assignments at scale.

Verified Juniper sources (URLs):

https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/concept/resources.html

https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/concept/freeform-resource-management.html

https://www.juniper.net/documentation/us/en/software/apstra5.1/apstra-user-guide/topics/ref/resource-pools-api.html

In Junos EVPN, the service type determines how VLANs (broadcast domains) are mapped into EVPN constructs. With VLAN-based service, the mapping is one-to-one: a single VLAN (single broadcast domain) maps to a single EVPN instance (EVI), resulting in a separate bridge table per VLAN. When you implement EVPN-VXLAN in a bridged overlay (L2 extension over an L3 underlay), leaf devices act as VTEPs and encapsulate VLAN traffic into VXLAN using the associated VNI, but the service-type mapping rule still applies.

At the MAC-VRF hierarchy, you configure the EVPN-VXLAN parameters and choose the service type for that EVPN instance. If the service type selected is VLAN-based, then the EVI represents exactly one VLAN at that EVPN instance level. If you need multiple VLANs under the same MAC-VRF/EVI construct, Junos provides alternative service types (for example, VLAN-aware or VLAN-bundle) specifically intended to associate multiple VLANs with a single EVPN instance; that is not what VLAN-based service does.

Therefore, in a bridged overlay EVPN-VXLAN design using VLAN-based service at the MAC-VRF EVPN instance level, the correct answer is one VLAN. This remains true regardless of how many total VLANs exist across the fabric; each VLAN-based EVI handles a single VLAN.

Verified Juniper sources (URLs):

https://www.juniper.net/documentation/us/en/software/junos/evpn/topics/concept/evpn-based-services.html

https://www.juniper.net/documentation/us/en/software/junos/evpn/topics/concept/mac-vrf-routing-instance-overview.html

In Apstra, a logical device abstracts a physical switch’s front-panel layout into one or more panels containing port groups. Each port group has a defined speed and one or more roles that describe how those ports are expected to be used in the fabric. These roles are essential because they constrain where ports may be consumed during rack type and template construction (for example, spine-facing vs server-facing vs generic connectivity).

Apstra-supported port group roles include fabric roles such as Spine and Leaf, and endpoint-facing roles such as Generic (commonly used for ports that connect to servers or external generic systems). Assigning Leaf and Spine roles ensures Apstra can correctly validate and render intent for uplinks and interconnects in a three-stage Clos or larger topologies. Assigning Generic indicates ports that can be used for non-fabric connections (such as server links, external routers modeled as generic systems, or other non-managed endpoints).

The options Empty and Root are not valid Apstra port group roles in the logical device model; Apstra uses other explicit role names (for example, Access, Peer, Unused, Generic, Leaf, Spine, Superspine depending on design type and version). In Junos v24.4 EVPN-VXLAN fabrics, getting these roles correct is foundational because Apstra relies on them to place underlay and overlay configuration onto the right interfaces with predictable results.

Verified Juniper sources (URLs):

https://www.juniper.net/documentation/us/en/software/apstra4.2/apstra-user-guide/topics/concept/logical-devices.html

https://www.juniper.net/documentation/us/en/software/jvd/jvd-collapsed-dc-fabric-juniper-apstra-access-switches/configuration_walkthrough.html

Apstra role-based access control separates fabric operations from identity and authorization administration. The administrator role includes full permissions, including the ability to manage users and roles (for example, creating users, assigning permissions, and creating/cloning/editing custom roles where allowed). This enables administrators to govern who can access the system and what they are permitted to change across all blueprints and system settings.

The user role, in contrast, is designed for day-to-day fabric work: viewing and editing supported blueprint elements and operational objects within the scope permitted by the role, but not administering other users’ access or modifying the role structure itself. In other words, a user can work on the network intent and operations, but cannot elevate privileges, change other users’ roles, or otherwise manage user/role administration unless explicitly granted additional permissions through custom roles.

That makes option C the correct statement: the user role cannot make changes to other user types (that is, it lacks the permissions needed to administer identities/roles). Options A, B, and D do not reflect Apstra’s RBAC model: roles are not primarily constrained “per blueprint” in that way, and users are not intended to modify other roles—those are administrator-level capabilities.

Verified Juniper sources (URLs):

https://www.juniper.net/documentation/us/en/software/apstra6.0/apstra-user-guide/topics/concept/user-role-management.html

https://www.juniper.net/documentation/us/en/software/apstra4.2/apstra-user-guide/topics/concept/user-role-management.html

https://www.juniper.net/documentation/us/en/software/apstra5.0/apstra-user-guide/topics/concept/user-role-management.html