An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)A、Only main mode can be used for IKE negotiationB、A local-identity must be definedC、It must be the initiator for IKED、A remote-identity must be defined
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)
- A、Only main mode can be used for IKE negotiation
- B、A local-identity must be defined
- C、It must be the initiator for IKE
- D、A remote-identity must be defined
相关考题:
Click the Exhibit button.[A] establishes an IPsec tunnel with [B]. The NAT device translates the IP address 1.1.1.1 to 2.1.1.1.On which port is the IKE SA established?() A.TCP 500B.UDP 500C.TCP 4500D.UDP 4500
Which statement is true regarding IPsec VPNs?() A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?() A. AESB. TKIPC. 802.1qD. ISAKMP
To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?() A. IPSec in tunnel modeB. IPSec in transport modeC. GRE with IPSec in transport modeD. GRE with IPSec in tunnel mode
You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()A、The crypto ACL numberB、The IPSEC mode (tunnel or transport)C、The GRE tunnel interface IP addressD、The GRE tunnel source interface or IP address, and tunnel destination IP addressE、The MTU size of the GRE tunnel interface
What is not a difference between VPN tunnel authentication and per-user authentication?()A、VPN tunnel authentication is part of the IKE specification. B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }A、The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.B、The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.C、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am
What is true about Quality of Service (QoS) for VPNs?()A、QoS preclassification is only supported on generic routing encapsulation (GRE) and IPsec VPNsB、QoS preclassification is not required in Layer 2 Tunneling Protocol (L2TP), Layer2 Forwarding (L2F), and Point-to-Point Tunneling Protocol (PPTP) VPNsC、QoS preclassification is supported on IPsec AH VPNs, but not on IPsec ESP VPNsD、the QoS-for-VPNs feature (QoS preclassification) is designed for VPN transport interfacesE、with IPsec tunnel mode, the type of service (ToS) byte value is copied automatically from the original IP header to the tunnel header
To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()A、IPSec in tunnel modeB、IPSec in transport modeC、GRE with IPSec in transport modeD、GRE with IPSec in tunnel mode
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A、 AES B、 TKIPC、 802.1qD、 ISAKMP
Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A、AESB、TKIPC、802.1qD、ISAKMP
Which statement is true regarding IPsec VPNs?()A、There are five phases of IKE negotiation.B、There are two phases of IKE negotiation.C、IPsec VPN tunnels are not supported on SRX Series devices.D、IPsec VPNs require a tunnel PIC in SRX Series devices.
Regarding an IPsec security association (SA), which two statements are true?()A、IKE SA is bidirectional.B、IPsec SA is bidirectional.C、IKE SA is established during phase 2 negotiations.D、IPsec SA is established during phase 2 negotiations.
Which two configuration elements are required for a route-based VPN?()A、secure tunnel interfaceB、security policy to permit the IKE trafficC、a route for the tunneled transit trafficD、tunnel policy for transit traffic referencing the IPsec VPN
单选题To securely transport EIGRP traffic, a network administrator will build VPNs between sites. Whatis the best method to accomplish the transport of EIGRP traffic?()A IPSec in tunnel modeB IPSec in transport modeC GRE with IPSec in transport modeD GRE with IPSec in tunnel mode
多选题Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()Aallows dynamic routing over the tunnelBsupports multi-protocol (non-IP) traffic over the tunnelCreduces IPsec headers overhead since tunnel mode is usedDsimplifies the ACL used in the crypto mapEuses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
单选题Refer to the exhibit. With an IPSec tunnel established between remote Router A and head-end router B, with Compressed Real-Time Protocol (cRTP) configured on the serial interface of Router A, what impact will the cRTP configuration have on the Voice over IP packets flowing through the IPSec tunnel from a Cisco 7960 IP phone?()A Twenty bytes of header will be replaced with five bytes. B If the IPSec transform set includes Authentication Header, the receiving IPSec peer will discard the packets. C The IPSec packets will be dropped by Router A's compression logic.D The voice packets will not be compressed.
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of whichtype of tunnel?()AL2F tunnelBL2TP tunnelCGRE tunnelDISAKMP tunnel
单选题Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy?()A The traffic is permitted through the myTunnel IPSec tunnel only on Tuesdays.B The traffic is permitted through the myTunnel IPSec tunnel daily, with the exception of Mondays.C The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.D The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.
多选题An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)AOnly main mode can be used for IKE negotiationBA local-identity must be definedCIt must be the initiator for IKEDA remote-identity must be defined
多选题You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()AThe crypto ACL numberBThe IPSEC mode (tunnel or transport)CThe GRE tunnel interface IP addressDThe GRE tunnel source interface or IP address, and tunnel destination IP addressEThe MTU size of the GRE tunnel interface
单选题Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network. Which of the following answers best describes the router's logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()AWhen the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interfaceBWhen routing the packet, matching a route whose outgoing interface is the GRE tunnel interfaceCWhen routing the packet, matching a route whose outgoing interface is the IPsec tunnel interfaceDWhen permitted by an ACL that was referenced in the associated crypto map
多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel
单选题To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()AIPSec in tunnel modeBIPSec in transport modeCGRE with IPSec in transport modeDGRE with IPSec in tunnel mode
多选题Which two mechanisms can be used to detect IPsec GRE tunnel failures?()ADead Peer Detection (DPD)BCDPCisakmp keepalivesDGRE keepalive mechanismEThe hello mechanism of the routing protocol across the IPsec tunnel
单选题What is not a difference between VPN tunnel authentication and per-user authentication?()AVPN tunnel authentication is part of the IKE specification. BVPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).CUser authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. D802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.