An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.) A. Only main mode can be used for IKE negotiationB. A local-identity must be definedC. It must be the initiator for IKED. A remote-identity must be defined

An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)

A. Only main mode can be used for IKE negotiation

B. A local-identity must be defined

C. It must be the initiator for IKE

D. A remote-identity must be defined


以下程序段的输出结果为 ( )int j=2;switch(j){case 2:System.out.print("two.");case 2+1:System.out.println("three.");breakdefault:System.out.println("value is"+j);break;}A.two.three.B.two.C.three.D.value is 2

在路由器配置参数中,()指明为黑洞路由。 A.blackholeB.rejectC.preference-valueD.gateway-address

Which configuration shows the correct application of a security policy scheduler?() A. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;

Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }B. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }C. [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }D. [edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }

In which two ways can the router ID selection be controlled?() A. Manually assign rid.B. configure local-address.C. enable the fxp0 interface.D. Assign nonmartian address to lo0.

以下程序段的输出结果为( )。 int j=2 switch (j){ Case 2: system.out.print("two."): Case 2+1: System.out.println("three."); break: default: System.out.println (“value is”+j): Break }A.B.twoA.two.three.B.twoC.threeD.value is 2

试题四(共15分)阅读以下说明,回答问题1至问题5,将解答填入答题纸对应的解答栏内。【说明】某公司两分支机构之间的网络配置如图4-1所示,为保护通信安全,在路由器router-a和router-b上配置IPSec安全策略,对192.168.8.0/24网段和网段之间的数据进行加密处理。【问题1】(3分)为建立两分支机构之间的通信,请完成下面的路由配置命令。router-a (config) iproute (1)router-b(config)iproute (2)【问题2】(3分)下面的命令是在路由器router-a中配置IPSec隧道。请完成下面的隧道配置命令。router-a(config) crypto tunnel tun1 (设置IPSec隧道名称为tunl)router-a(config-tunnel) peer address (3) (设置隧道对端IP地址,router-a(config-tunnel)local address (4) 设置隧道本端IP地址)router-a(config-tunnel) set auto-up (设置为自动协商)router-a(config-tunnel) exit (退出隧道设置)【问题3】(3分)router-a 与 router-b之间采用预共享密钥“12345678”建立IPSec关联,请完成下面配置router-a(config) cryptike key 12345678 addressrouter_a(config)cryt ike key 12345678 addresS (5)router-b(config) crypt ike key 12345678 address (6)【问题4】(3分)下面的命令在路由器router-a中配置了相应的IPSec策略,请说明该策略的含义。router-a(config) crypto policyplrouter-a(config-policy) flow192.168.8.0255.255.255.0192. tunnel tunlrouter-a(config-policy)exit【问题5】(3分)下面的命令在路由器router-a中配置了相应的IPSec提议。router-a(config) crypto ipsec proposal secplrouter-a(config-ipsec-prop) esp 3des shalrouter-a(config-ipsecprop)exit该提议表明:IPSec采用ESP报文,加密算法 (7) ,认证算法采用 (8) 。

Whichofthefollowingcommandsprovidesdataplaneinformationrequiredtoforwardapackettoaspecificipaddress?() A.shiprouteB.shipcef〈ip_address〉C.shadjacency〈ip_address〉D.shiproute〈ip_addres$〉E.shipadjacency〈/p_address〉F.shipcef〈mac_addrQss〉〈ip_address〉

ACompanyisusing6to4tunnelsintheirIPv6network.Whichtwostatementsaretrueaboutthesetunnels?() A.Ina6to4tunnel,thefirsttwobytesoftheIPv6addresswillbe0x2002andthenextfourbyteswillbethehexadecimalequivalentoftheIPv4addressB.Ina6to4tunnel,theIPv4address192.168.99.1wouldbeconvertedtothe2002:1315:4463:1::/64IPv6addressC.Ina6to4tunnel,theIPv4address192.168.99.1wouldbeconvertedtothe2002:c0a8:6301::/48IPv6addressD.Ina6to4tunnel,thefirsttwobytesoftheIPv6addresswillbelocallyderivedandthenexttwobyteswillbethehexadecimalequivalentoftheIPv4addressE.Ina6to4tunnel,theIPv4address192.168.99.1wouldbeconvertedtothe2002:c0a8:6301::/16IPv6address

WhichofthefollowingareassociatedwiththeapplicationlayeroftheOSImodel?(two.)() A.pingB.TelnetC.FTPD.TCPE.IP