多选题An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)AOnly main mode can be used for IKE negotiationBA local-identity must be definedCIt must be the initiator for IKEDA remote-identity must be defined
多选题
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)
A
Only main mode can be used for IKE negotiation
B
A local-identity must be defined
C
It must be the initiator for IKE
D
A remote-identity must be defined
参考解析
解析:
暂无解析
相关考题:
Click the Exhibit button.System services SSH, Telnet, FTP, and HTTP are enabled on the SRX Series device.Referring to the configuration shown in the exhibit, which two statements are true? ()(Choose two.)A. A user can use SSH to interface ge-0/0/0.0 and ge-0/0/1.0.B. A user can use FTP to interface ge-0/0/0.0 and ge-0/0/1.0.C. A user can use SSH to interface ge-0/0/0.0.D. A user can use SSH to interface ge-0/0/1.0.
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?() A. access profileB. IKE parametersC. tunneled interfaceD. redirect policy
Which statement is true regarding IPsec VPNs?() A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.) A. Only main mode can be used for IKE negotiationB. A local-identity must be definedC. It must be the initiator for IKED. A remote-identity must be defined
What are two requirements when using Packet Flow Acceleration? ()(Choose two.) A. Traffic needs be compressed.B. Quality of service must be enabled.C. A service tunnel must exist in at least one direction.D. PFA must be enabled on the client-side WX device.
Which three statements about the Cisco MPLS TE Fast Reroute (FRR) process are true?()A、TE tunnels that are configured with the FRR option cannot be used as backup tunnels.B、TE tunnels that are configured with the FRR option can be used as backup tunnels.C、The backup tunnel that is used to protect a physical interface must have a valid IP address configured.D、Interfaces must use MPLS global label allocation.E、The source IP address of use backup tunnel and the merge point (MP) should not be reachable.
You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()A、The crypto ACL numberB、The IPSEC mode (tunnel or transport)C、The GRE tunnel interface IP addressD、The GRE tunnel source interface or IP address, and tunnel destination IP addressE、The MTU size of the GRE tunnel interface
Which two statements are true about overflow pools?()A、Overflow pools do not support PATB、Overflow pools can not use the egress interface IP address for NATC、Overflow pools must use PATD、Overflow pools can contain the egress interface IP address or separate IP addresses
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()A、access profileB、IKE parametersC、tunneled interfaceD、redirect policy
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
When the Infranet Enforcer is set up in transparent mode, which additional resource policy must be configured to use OAC for IPsec enforcement? ()A、IPsec RoutingB、Access ControlC、IP Address PoolD、Source Interface
Which two methods are used to assign an IP address to a WX device? ()(Choose two.)A、SSHB、TelnetC、WebViewD、device front panelE、serial console (command-line interface)
Which statement is true regarding IPsec VPNs?()A、There are five phases of IKE negotiation.B、There are two phases of IKE negotiation.C、IPsec VPN tunnels are not supported on SRX Series devices.D、IPsec VPNs require a tunnel PIC in SRX Series devices.
For IKE phase 1 negotiations, when is aggressive mode typically used?()A、when one of the tunnel peers has a dynamic IP addressB、when one of the tunnel peers wants to force main mode to be usedC、when fragmentation of the IKE packet is required between the two peersD、when one of the tunnel peers wants to specify a different phase 1 proposal
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)A、Only main mode can be used for IKE negotiationB、A local-identity must be definedC、It must be the initiator for IKED、A remote-identity must be defined
Regarding an IPsec security association (SA), which two statements are true?()A、IKE SA is bidirectional.B、IPsec SA is bidirectional.C、IKE SA is established during phase 2 negotiations.D、IPsec SA is established during phase 2 negotiations.
Which statement is true regarding the Junos OS for security platforms?()A、SRX Series devices can store sessions in a session table.B、SRX Series devices accept all traffic by default.C、SRX Series devices must operate only in packet-based mode.D、SRX Series devices must operate only in flow-based mode.
多选题Which two statements are correct about database transportation?() (Choose two.)AThe source and target platforms must be the sameBRedo logs, control files and temp files are also transportedCThe transported database must have the same database identifier (DBID) as the source database and cannot be changedDThe COMPATIBLE parameter must be set to 10.0.0.0 or higher and the database must be opened in readonly mode before being transportedERecovery Manager (RMAN) is used to convert the necessary data files of the database if the target platform is different and has different endian format
多选题Which two statements are true about hierarchical architecture? ()(Choose two.)AYou can assign a logical interface to multiple zones.BYou cannot assign a logical interface to multiple zones.CYou can assign a logical interface to multiple routing instances.DYou cannot assign a logical interface to multiple routing instances.
多选题Which three statements about the Cisco MPLS TE Fast Reroute (FRR) process are true?()ATE tunnels that are configured with the FRR option cannot be used as backup tunnels.BTE tunnels that are configured with the FRR option can be used as backup tunnels.CThe backup tunnel that is used to protect a physical interface must have a valid IP address configured.DInterfaces must use MPLS global label allocation.EThe source IP address of use backup tunnel and the merge point (MP) should not be reachable.
多选题Which two methods are used to assign an IP address to a WX device? ()(Choose two.)ASSHBTelnetCWebViewDdevice front panelEserial console (command-line interface)
多选题You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()AThe crypto ACL numberBThe IPSEC mode (tunnel or transport)CThe GRE tunnel interface IP addressDThe GRE tunnel source interface or IP address, and tunnel destination IP addressEThe MTU size of the GRE tunnel interface
多选题An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)AOnly main mode can be used for IKE negotiationBA local-identity must be definedCIt must be the initiator for IKEDA remote-identity must be defined
单选题Which statement is true regarding IPsec VPNs?()AThere are five phases of IKE negotiation.BThere are two phases of IKE negotiation.CIPsec VPN tunnels are not supported on SRX Series devices.DIPsec VPNs require a tunnel PIC in SRX Series devices.
多选题What are two requirements when using Packet Flow Acceleration? ()(Choose two.)ATraffic needs be compressed.BQuality of service must be enabled.CA service tunnel must exist in at least one direction.DPFA must be enabled on the client-side WX device.
多选题Which two statements are true about overflow pools?()AOverflow pools do not support PATBOverflow pools can not use the egress interface IP address for NATCOverflow pools must use PATDOverflow pools can contain the egress interface IP address or separate IP addresses
多选题You want to take a complete database backup using RMAN. The backup should consist only the used blocks from your database. Which two statements are true about this backup operation? ()(Choose two.)ABackup compression should be enabledBParallelism for the channel should be set to 2CAll the files must be backed up as backup setsDThe backup may be stored either on disk or on media with media manager
多选题Click the Exhibit button. System services SSH, Telnet, FTP, and HTTP are enabled on the SRX Series device. Referring to the configuration shown in the exhibit, which two statements are true? ()(Choose two.)AA user can use SSH to interface ge-0/0/0.0 and ge-0/0/1.0.BA user can use FTP to interface ge-0/0/0.0 and ge-0/0/1.0.CA user can use SSH to interface ge-0/0/0.0.DA user can use SSH to interface ge-0/0/1.0.