单选题For IKE phase 1 negotiations, when is aggressive mode typically used?()Awhen one of the tunnel peers has a dynamic IP addressBwhen one of the tunnel peers wants to force main mode to be usedCwhen fragmentation of the IKE packet is required between the two peersDwhen one of the tunnel peers wants to specify a different phase 1 proposal
单选题
For IKE phase 1 negotiations, when is aggressive mode typically used?()
A
when one of the tunnel peers has a dynamic IP address
B
when one of the tunnel peers wants to force main mode to be used
C
when fragmentation of the IKE packet is required between the two peers
D
when one of the tunnel peers wants to specify a different phase 1 proposal
参考解析
解析:
暂无解析
相关考题:
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.) A. Only main mode can be used for IKE negotiationB. A local-identity must be definedC. It must be the initiator for IKED. A remote-identity must be defined
Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network.Which of the following answers best describes the router‘s logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()A. When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interfaceB. When routing the packet, matching a route whose outgoing interface is the GRE tunnel interfaceC. When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interfaceD. When permitted by an ACL that was referenced in the associated crypto map
During the Easy VPN Remote connection process,which phase involves pushing the IP address, Domain Name System (DNS),and split tunnel attributes to the client?()A、mode configurationB、the VPN client establishment of an ISAKMP SAC、IPsec quick mode completion of the connectionD、VPN client initiation of the IKE phase 1 process
Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network. Which of the following answers best describes the router's logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()A、When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interfaceB、When routing the packet, matching a route whose outgoing interface is the GRE tunnel interfaceC、When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interfaceD、When permitted by an ACL that was referenced in the associated crypto map
When configuring a multipoint GRE (mGRE) tunnel interface, which one of the following is NOT a valid configuration option:()A、 tunnel sourceB、 tunnel destinationC、 tunnel keyD、 ip addressE、 tunnelvrf
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()A、IKE keepalives are unidirectional and sent every ten secondsB、IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keysC、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepacketsD、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
Which of the following is true when considering the Server load-balancing design within the E-Commerce Module of the Enterprise Campus network?()A、 Routed mode requires the ACE run OSPF or EIGRPB、 Bridged mode switches a packet between the public and the private subnets when it sees itsMAC address as the destinationC、 Two-armed mode will place the SLB inline to the servers, with different client-side and a server-side VLANsD、 One-armed mode, which uses the same VLAN for the client, the ACE, and the servers, requiresa traffic-diversion mechanism to ensure the traffic return from the server passes though the ACE
You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()A、The crypto ACL numberB、The IPSEC mode (tunnel or transport)C、The GRE tunnel interface IP addressD、The GRE tunnel source interface or IP address, and tunnel destination IP addressE、The MTU size of the GRE tunnel interface
Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?()A、message 1 and 2B、message 3 and 4C、message 5 and 6D、message 7 and 8
A policy-based IPsec VPN is ideal for which scenario?()A、when you want to conserve tunnel resourcesB、when the remote peer is a dialup or remote access clientC、when you want to configure a tunnel policy with an action of denyD、when a dynamic routing protocol such as OSPF must be sent across the VPN
For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1?()A、pre-shared keyB、integrity check valueC、XAUTHD、Diffie-Hellman Nonce
Why is NTP an important component when implementing IPSec VPN in a PKI environment?()A、 To ensure the router has the correct time when generating its private/public key pairs.B、 To ensure the router has the correct time when checking certificate validity from the remote peersC、 To ensure the router time is sync with the remote peers for encryption keys generationD、 To ensure the router time is sync with the remote peers during theDH exchangeE、 To ensure the router time is sync with the remote peers when generating the cookies during IKE phase 1
Which of the following explains the relationship between a physical and logical partition?()A、A physical partition is hosted on one or more logical partitions. A logical partition is used when describing storage.B、A logical partition is hosted on one or more physical partitions. A physical partition is used when describing storage.C、A physical partition is used when describing only a SCSI or SAS disk. A logical partition is used when describing a SAN LUN.D、A logical partition is used when describing only a SATA or SAS disk. A physical partition is used when describing RAID or mirrored arrays.
Which two statements are true about L2TP tunnel switching?()A、Requires only one tunnel switching license.B、Requires two licenses,one for inbound and one for outbound sessions.C、Enabled automatically when the BSR is configured as an LAC and LNS.D、Aids in L2TP tunnel scaling
For IKE phase 1 negotiations, when is aggressive mode typically used?()A、when one of the tunnel peers has a dynamic IP addressB、when one of the tunnel peers wants to force main mode to be usedC、when fragmentation of the IKE packet is required between the two peersD、when one of the tunnel peers wants to specify a different phase 1 proposal
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)A、Only main mode can be used for IKE negotiationB、A local-identity must be definedC、It must be the initiator for IKED、A remote-identity must be defined
Which attribute is required for all IKE phase 2 negotiations?()A、proxy-IDB、preshared keyC、Diffie-Hellman group keyD、main or aggressive mode
A route-based VPN is required for which scenario?()A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnel and GRE cannot be usedC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protocol is required across the VPN and GRE cannot be used
单选题During the Easy VPN Remote connection process,which phase involves pushing the IP address, Domain Name System (DNS),and split tunnel attributes to the client?()Amode configurationBthe VPN client establishment of an ISAKMP SACIPsec quick mode completion of the connectionDVPN client initiation of the IKE phase 1 process
单选题Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?()Amessage 1 and 2Bmessage 3 and 4Cmessage 5 and 6Dmessage 7 and 8
单选题Which of the following is true when considering the Server load-balancing design within the E-Commerce Module of the Enterprise Campus network?()A Routed mode requires the ACE run OSPF or EIGRPB Bridged mode switches a packet between the public and the private subnets when it sees itsMAC address as the destinationC Two-armed mode will place the SLB inline to the servers, with different client-side and a server-side VLANsD One-armed mode, which uses the same VLAN for the client, the ACE, and the servers, requiresa traffic-diversion mechanism to ensure the traffic return from the server passes though the ACE
单选题Which attribute is required for all IKE phase 2 negotiations?()Aproxy-IDBpreshared keyCDiffie-Hellman group keyDmain or aggressive mode
多选题You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()AThe crypto ACL numberBThe IPSEC mode (tunnel or transport)CThe GRE tunnel interface IP addressDThe GRE tunnel source interface or IP address, and tunnel destination IP addressEThe MTU size of the GRE tunnel interface
单选题When configuring a multipoint GRE (mGRE) tunnel interface, which one of the following is NOT a valid configuration option:()A tunnel sourceB tunnel destinationC tunnel keyD ip addressE tunnelvrf
单选题Why is NTP an important component when implementing IPSec VPN in a PKI environment?()A To ensure the router has the correct time when generating its private/public key pairs.B To ensure the router has the correct time when checking certificate validity from the remote peersC To ensure the router time is sync with the remote peers for encryption keys generationD To ensure the router time is sync with the remote peers during theDH exchangeE To ensure the router time is sync with the remote peers when generating the cookies during IKE phase 1
单选题For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1?()Apre-shared keyBintegrity check valueCXAUTHDDiffie-Hellman Nonce
单选题For IKE phase 1 negotiations, when is aggressive mode typically used?()Awhen one of the tunnel peers has a dynamic IP addressBwhen one of the tunnel peers wants to force main mode to be usedCwhen fragmentation of the IKE packet is required between the two peersDwhen one of the tunnel peers wants to specify a different phase 1 proposal
多选题IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()AIKE keepalives are unidirectional and sent every ten secondsBIPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keysCTo establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepacketsDIKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers