网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)
- A、Only main mode can be used for IKE negotiation
- B、A local-identity must be defined
- C、It must be the initiator for IKE
- D、A remote-identity must be defined
参考答案
更多 “An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)A、Only main mode can be used for IKE negotiationB、A local-identity must be definedC、It must be the initiator for IKED、A remote-identity must be defined” 相关考题
考题
Click the Exhibit button.[A] establishes an IPsec tunnel with [B]. The NAT device translates the IP address 1.1.1.1 to 2.1.1.1.On which port is the IKE SA established?()
A.TCP 500B.UDP 500C.TCP 4500D.UDP 4500
考题
Which statement is true regarding IPsec VPNs?()
A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.
考题
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()
A. AESB. TKIPC. 802.1qD. ISAKMP
考题
To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()
A. IPSec in tunnel modeB. IPSec in transport modeC. GRE with IPSec in transport modeD. GRE with IPSec in tunnel mode
考题
You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()A、The crypto ACL numberB、The IPSEC mode (tunnel or transport)C、The GRE tunnel interface IP addressD、The GRE tunnel source interface or IP address, and tunnel destination IP addressE、The MTU size of the GRE tunnel interface
考题
What is not a difference between VPN tunnel authentication and per-user authentication?()A、VPN tunnel authentication is part of the IKE specification. B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
考题
Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }A、The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.B、The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.C、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am
考题
What is true about Quality of Service (QoS) for VPNs?()A、QoS preclassification is only supported on generic routing encapsulation (GRE) and IPsec VPNsB、QoS preclassification is not required in Layer 2 Tunneling Protocol (L2TP), Layer2 Forwarding (L2F), and Point-to-Point Tunneling Protocol (PPTP) VPNsC、QoS preclassification is supported on IPsec AH VPNs, but not on IPsec ESP VPNsD、the QoS-for-VPNs feature (QoS preclassification) is designed for VPN transport interfacesE、with IPsec tunnel mode, the type of service (ToS) byte value is copied automatically from the original IP header to the tunnel header
考题
To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()A、IPSec in tunnel modeB、IPSec in transport modeC、GRE with IPSec in transport modeD、GRE with IPSec in tunnel mode
考题
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A、 AES B、 TKIPC、 802.1qD、 ISAKMP
考题
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A、AESB、TKIPC、802.1qD、ISAKMP
考题
Which statement is true regarding IPsec VPNs?()A、There are five phases of IKE negotiation.B、There are two phases of IKE negotiation.C、IPsec VPN tunnels are not supported on SRX Series devices.D、IPsec VPNs require a tunnel PIC in SRX Series devices.
考题
Regarding an IPsec security association (SA), which two statements are true?()A、IKE SA is bidirectional.B、IPsec SA is bidirectional.C、IKE SA is established during phase 2 negotiations.D、IPsec SA is established during phase 2 negotiations.
考题
Which two configuration elements are required for a route-based VPN?()A、secure tunnel interfaceB、security policy to permit the IKE trafficC、a route for the tunneled transit trafficD、tunnel policy for transit traffic referencing the IPsec VPN
考题
单选题To securely transport EIGRP traffic, a network administrator will build VPNs between sites. Whatis the best method to accomplish the transport of EIGRP traffic?()A
IPSec in tunnel modeB
IPSec in transport modeC
GRE with IPSec in transport modeD
GRE with IPSec in tunnel mode
考题
多选题Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()Aallows dynamic routing over the tunnelBsupports multi-protocol (non-IP) traffic over the tunnelCreduces IPsec headers overhead since tunnel mode is usedDsimplifies the ACL used in the crypto mapEuses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
考题
单选题Refer to the exhibit. With an IPSec tunnel established between remote Router A and head-end router B, with Compressed Real-Time Protocol (cRTP) configured on the serial interface of Router A, what impact will the cRTP configuration have on the Voice over IP packets flowing through the IPSec tunnel from a Cisco 7960 IP phone?()A
Twenty bytes of header will be replaced with five bytes. B
If the IPSec transform set includes Authentication Header, the receiving IPSec peer will discard the packets. C
The IPSec packets will be dropped by Router A's compression logic.D
The voice packets will not be compressed.
考题
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A
set policy tunnel-traffic then tunnel remote-vpnB
set policy tunnel-traffic then permit tunnel remote-vpnC
set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD
set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
考题
单选题You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of whichtype of tunnel?()A
L2F tunnelB
L2TP tunnelC
GRE tunnelD
ISAKMP tunnel
考题
单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy?()A
The traffic is permitted through the myTunnel IPSec tunnel only on Tuesdays.B
The traffic is permitted through the myTunnel IPSec tunnel daily, with the exception of Mondays.C
The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D
The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.
考题
多选题An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)AOnly main mode can be used for IKE negotiationBA local-identity must be definedCIt must be the initiator for IKEDA remote-identity must be defined
考题
多选题You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()AThe crypto ACL numberBThe IPSEC mode (tunnel or transport)CThe GRE tunnel interface IP addressDThe GRE tunnel source interface or IP address, and tunnel destination IP addressEThe MTU size of the GRE tunnel interface
考题
单选题Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network. Which of the following answers best describes the router's logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()A
When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interfaceB
When routing the packet, matching a route whose outgoing interface is the GRE tunnel interfaceC
When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interfaceD
When permitted by an ACL that was referenced in the associated crypto map
考题
多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel
考题
单选题To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()A
IPSec in tunnel modeB
IPSec in transport modeC
GRE with IPSec in transport modeD
GRE with IPSec in tunnel mode
考题
多选题Which two mechanisms can be used to detect IPsec GRE tunnel failures?()ADead Peer Detection (DPD)BCDPCisakmp keepalivesDGRE keepalive mechanismEThe hello mechanism of the routing protocol across the IPsec tunnel
考题
单选题What is not a difference between VPN tunnel authentication and per-user authentication?()A
VPN tunnel authentication is part of the IKE specification. B
VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).C
User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. D
802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
热门标签
最新试卷
