单选题Which attribute is required for all IKE phase 2 negotiations?()Aproxy-IDBpreshared keyCDiffie-Hellman group keyDmain or aggressive mode
单选题
Which attribute is required for all IKE phase 2 negotiations?()
A
proxy-ID
B
preshared key
C
Diffie-Hellman group key
D
main or aggressive mode
参考解析
解析:
暂无解析
相关考题:
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication
单选题Where do you configure SCREEN options?()Azones on which an attack might arriveBzones you want to protect from attackCinterfaces on which an attack might arriveDinterfaces you want to protect from attack
单选题Using a policy with the policy-rematch flag enabled, what happens to the existing and newsessions when you change the policy action from permit to deny?()AThe new sessions matching the policy are denied. The existing sessions are dropped.BThe new sessions matching the policy are denied. The existing sessions, not being allowed to carry any traffic, simply timeout.CThe new sessions matching the policy might be allowed through if they match another policy. The existing sessions are dropped.DThe new sessions matching the policy are denied. The existing sessions continue until they are completed or their timeout is reached.
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()AA route-based VPN generally uses less resources than a policy-based VPN.BA route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.CA route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.DA route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
单选题Which type of source NAT is configured in the exhibit?() [edit security nat destination] user@host# show pool A { address 10.1.10.5/32; } rule-set 1 { from zone untrust; rule 1A { match { destination-address 100.0.0.1/32; } then { destination-nat pool A; } } }Astatic destination NATBstatic source NATCpool-based destination NAT without PATDpool-based destination NAT with PAT
单选题A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in azone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUSTzone to the UNTRUST zone. Which configuration would correctly accomplish this task?()A AB BC CD D
单选题By default, which condition would cause a session to be removed from the session table?()ARoute entry for the session changed.BSecurity policy for the session changed.CThe ARP table entry for the source IP address timed out.DNo traffic matched the session during the timeout period.
单选题Which IDP policy action closes the connection and sends an RST packet to both the client and the server?()Aclose-connectionBterminate-connectionCclose-client-and-serverDterminate-session