Exam JN0-649 topic 1 question 56 discussion

D is correct, Sustain. "Server fail fallback allows you to specify one of four actions to be taken toward end devices awaiting authentication when the server is timed out: Permit: authentication, allowing traffic to flow from the end device through the interface as if the end device were successfully authenticated by the RADIUS server. Deny: authentication, preventing traffic from flowing from the end device through the interface. This is the default. Move: the end device to a specified VLAN. (The VLAN must already exist on the router.) Sustain: authenticated end devices that already have LAN access and deny unauthenticated end devices. If the RADIUS servers time out during reauthentication, previously authenticated end devices are reauthenticated and new users are denied LAN access. https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/concept/802-1x-pnac-divert-authentication-understanding-mx-series.html

https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/concept/802-1x-pnac-divert-authentication-understanding-mx-series.html

D is correct

D Sustain

If the RADIUS authentication servers become unavailable or inaccessible the server fail fallback is triggered. By default, the deny option is configured under server-fail, which force fails the supplicant authentication. However, there are other options that you can configure as actions to be taken for end devices awaiting authentication when the server times out. server-fail (bridge-domain bridge-domain | deny | permit | use-cache | vlan-name vlan-name) - deny—Force the supplicant authentication to fail. No traffic will flow through the interface. - permit—Force the supplicant authentication to succeed. Traffic will flow through the interface as if it were successfully authenticated by the RADIUS server. - use-cache—Force the supplicant authentication to succeed only if it was previously authenticated successfully. This action ensures that already authenticated supplicants are not affected.

Permit authentication, allowing traffic to flow from the end device through the interface as if the end device were successfully authenticated by the RADIUS server. Deny authentication, preventing traffic from flowing from the end device through the interface. This is the default. Move the end device to a specified VLAN. (The VLAN must already exist on the router.) Sustain authenticated end devices that already have LAN access and deny unauthenticated end devices. If the RADIUS servers time out during reauthentication, previously authenticated end devices are reauthenticated and new users are denied LAN access.

should be D