多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN
多选题
Which two configuration elements are required for a route-based VPN?()
A
secure tunnel interface
B
security policy to permit the IKE traffic
C
a route for the tunneled transit traffic
D
tunnel policy for transit traffic referencing the IPsec VPN
参考解析
解析:
暂无解析
相关考题:
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?() A. access profileB. IKE parametersC. tunneled interfaceD. redirect policy
Which statement is true regarding IPsec VPNs?() A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.
You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service.What must you add to complete the security policy configuration?()A. The intranet-auth authentication optionB. The redirect-portal application serviceC. The uac-policy application serviceD. The ipsec-vpn tunnel
Which statement contains the correct parameters for a route-based IPsec VPN?() A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
A route-based VPN is required for which scenario? () A. when the remote VPN peer is behind a NAT deviceB. when multiple networks need to be reached across the tunnelC. when the remote VPN peer is a dialup or remote access clientD. when a dynamic routing protocol such as OSPF is required across the VPN
A policy needs to be implemented on Router B so that any traffic sourced from 172.16.10.0/24 will be forwarded to Router C. Which configuration on Router B will achieve the desired effect?() A.access - list 1 permit 172.16.10.0 0.0.0.255 ! interface e0 ip policy route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 1 72.16.14.4B.access - list 1 permit 172.16.10.0 0.0.0.255 ! interface s0 ip policy route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 172.16.12.3C.access - list 1 permit 172.16.10.0 0.0.0.255 ! interface e0 ip polic y route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 172.16.12.2D.access -list 1 deny 172.16.10.0 0.0.0.255 ! interface s0 ip policy route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 172.16.12.2
What is not a difference between VPN tunnel authentication and per-user authentication?()A、VPN tunnel authentication is part of the IKE specification. B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
Which statement is true about the SDM QoS wizard and its ability to enable a QoS policy on router interfaces?()A、QoS can be enabled on interfaces used for Easy VPN clientsB、QoS can be enabled on IPsec VPN interfaces and tunnelsC、QoS can be enabled on interfaces with an existing QoS policyD、the QoS policy can be enabled for incoming and outgoing traffic on the interface
A route-based VPN is required for which scenario? ()A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnelC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protocol such as OSPF is required across the VPN
Which two configuration elements are required for a policy-based VPN?()A、IKE gatewayB、secure tunnel interfaceC、security policy to permit the IKE trafficD、security policy referencing the IPsec VPN tunnel
A policy-based IPsec VPN is ideal for which scenario?()A、when you want to conserve tunnel resourcesB、when the remote peer is a dialup or remote access clientC、when you want to configure a tunnel policy with an action of denyD、when a dynamic routing protocol such as OSPF must be sent across the VPN
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A、set policy tunnel-traffic then tunnel remote-vpnB、set policy tunnel-traffic then permit tunnel remote-vpnC、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()A、The intranet-auth authentication optionB、The redirect-portal application serviceC、The uac-policy application serviceD、The ipsec-vpn tunnel
You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()A、access profileB、IKE parametersC、tunneled interfaceD、redirect policy
Which configuration shows the correct application of a security policy scheduler?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A、A route-based VPN generally uses less resources than a policy-based VPN.B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
Which two statements describe the purpose of a security policy?()A、It enables traffic counting and logging.B、It enforces a set of rules for transit traffic.C、It controls host inbound services on a zone.D、It controls administrator rights to access the device.
Which statement is true regarding IPsec VPNs?()A、There are five phases of IKE negotiation.B、There are two phases of IKE negotiation.C、IPsec VPN tunnels are not supported on SRX Series devices.D、IPsec VPNs require a tunnel PIC in SRX Series devices.
Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;A、The policy will always permit transit packets and use the IPsec VPN myTunnel.B、The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.C、The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.D、The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
A route-based VPN is required for which scenario?()A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnel and GRE cannot be usedC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protocol is required across the VPN and GRE cannot be used
Which two configuration elements are required for a route-based VPN?()A、secure tunnel interfaceB、security policy to permit the IKE trafficC、a route for the tunneled transit trafficD、tunnel policy for transit traffic referencing the IPsec VPN
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题Your task is to provision the JUNOS security platform to permit transit packets from the Private zone to theExternal zone by using an IPsec VPN and log information at the time of session close. Which configurationmeets this requirement?()A AB BC CD D
多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()AA route-based VPN generally uses less resources than a policy-based VPN.BA route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.CA route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.DA route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN