网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
单选题
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
A
A route-based VPN generally uses less resources than a policy-based VPN.
B
A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
C
A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
D
A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
参考答案
参考解析
解析:
暂无解析
更多 “单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A A route-based VPN generally uses less resources than a policy-based VPN.B A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN” 相关考题
考题
Which statement is true regarding IPsec VPNs?()
A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.
考题
A route-based VPN is required for which scenario? ()
A. when the remote VPN peer is behind a NAT deviceB. when multiple networks need to be reached across the tunnelC. when the remote VPN peer is a dialup or remote access clientD. when a dynamic routing protocol such as OSPF is required across the VPN
考题
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()
A. AESB. TKIPC. 802.1qD. ISAKMP
考题
Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()
A.Cisco IOS IPsec/SSL VPN clientB.Cisco VPN ClinetC.ISDN terminal adapterD.Cisco Adaptive Security Appliance
考题
During the Easy VPN Remote connection process,which phase involves pushing the IP address, Domain Name System (DNS),and split tunnel attributes to the client?()A、mode configurationB、the VPN client establishment of an ISAKMP SAC、IPsec quick mode completion of the connectionD、VPN client initiation of the IKE phase 1 process
考题
What is not a difference between VPN tunnel authentication and per-user authentication?()A、VPN tunnel authentication is part of the IKE specification. B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
考题
防火墙IPSEC VPN特性支持哪些支持()A、IPSEC VPN热备功能B、支持IPSEC VPN隧道化功能C、支持IKEV2和基于域名的协商功能D、支持手机、PAD上自带的IPSEC VPN软件进行连接
考题
Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()A、Cisco IOS IPsec/SSL VPN clientB、Cisco VPN ClinetC、ISDN terminal adapterD、Cisco Adaptive Security Appliance
考题
You are considering deploying the Cisco SSL VPN AIM module in a Cisco 1800 Series Router.Which benefit should you expect?()A、to improve performance exclusively for SSL VPN applicationsB、to improve performance up to 300% for both IPsec and SSL VPN applicationsC、to improve performance for both IPsec and SSL VPN applications with IPsec encryption taking place in hardwareD、to improve performance up to 200% for both IPsec and SSL VPN applications with encryption taking place in hardwareE、to improve performance up to 300% for both IPsec and SSL VPN applications with SSL encryption taking place in hardware
考题
It is considered a best practice to use the Dead Peer Detection (DPD) feature with which VPN topologies?()A、IPSecB、IPSec with GREC、DMVPND、EZVPNE、all of the choices
考题
Which security-enabled device is recommended to provide a site-to-site IPsec VPN solution, but not SSL?()A、 Cisco Integrated Service RoutersB、 Cisco ASA 5500 Series Security ApplianceC、 CiscoWebVPN Services ModuleD、 CiscoIPsec VPN Module
考题
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A、 AES B、 TKIPC、 802.1qD、 ISAKMP
考题
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A、AESB、TKIPC、802.1qD、ISAKMP
考题
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A、A route-based VPN generally uses less resources than a policy-based VPN.B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
考题
Which statement is true regarding IPsec VPNs?()A、There are five phases of IKE negotiation.B、There are two phases of IKE negotiation.C、IPsec VPN tunnels are not supported on SRX Series devices.D、IPsec VPNs require a tunnel PIC in SRX Series devices.
考题
A route-based VPN is required for which scenario?()A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnel and GRE cannot be usedC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protocol is required across the VPN and GRE cannot be used
考题
Regarding an IPsec security association (SA), which two statements are true?()A、IKE SA is bidirectional.B、IPsec SA is bidirectional.C、IKE SA is established during phase 2 negotiations.D、IPsec SA is established during phase 2 negotiations.
考题
Which two configuration elements are required for a route-based VPN?()A、secure tunnel interfaceB、security policy to permit the IKE trafficC、a route for the tunneled transit trafficD、tunnel policy for transit traffic referencing the IPsec VPN
考题
单选题Which security-enabled device is recommended to provide a site-to-site IPsec VPN solution, but not SSL?()A
Cisco Integrated Service RoutersB
Cisco ASA 5500 Series Security ApplianceC
CiscoWebVPN Services ModuleD
CiscoIPsec VPN Module
考题
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A
set policy tunnel-traffic then tunnel remote-vpnB
set policy tunnel-traffic then permit tunnel remote-vpnC
set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD
set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
考题
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A
A route-based VPN generally uses less resources than a policy-based VPN.B
A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C
A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D
A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
考题
单选题A route-based VPN is required for which scenario? ()A
when the remote VPN peer is behind a NAT deviceB
when multiple networks need to be reached across the tunnelC
when the remote VPN peer is a dialup or remote access clientD
when a dynamic routing protocol such as OSPF is required across the VPN
考题
单选题A policy-based IPsec VPN is ideal for which scenario?()A
when you want to conserve tunnel resourcesB
when the remote peer is a dialup or remote access clientC
when you want to configure a tunnel policy with an action of denyD
when a dynamic routing protocol such as OSPF must be sent across the VPN
考题
单选题You are considering deploying the Cisco SSL VPN AIM module in a Cisco 1800 Series Router.Which benefit should you expect?()A
to improve performance exclusively for SSL VPN applicationsB
to improve performance up to 300% for both IPsec and SSL VPN applicationsC
to improve performance for both IPsec and SSL VPN applications with IPsec encryption taking place in hardwareD
to improve performance up to 200% for both IPsec and SSL VPN applications with encryption taking place in hardwareE
to improve performance up to 300% for both IPsec and SSL VPN applications with SSL encryption taking place in hardware
考题
单选题Which statement is true regarding IPsec VPNs?()A
There are five phases of IKE negotiation.B
There are two phases of IKE negotiation.C
IPsec VPN tunnels are not supported on SRX Series devices.D
IPsec VPNs require a tunnel PIC in SRX Series devices.
考题
多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel
考题
单选题Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A
AES B
TKIPC
802.1qD
ISAKMP
考题
多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN
热门标签
最新试卷
