单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()AA route-based VPN generally uses less resources than a policy-based VPN.BA route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.CA route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.DA route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
单选题
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
A
A route-based VPN generally uses less resources than a policy-based VPN.
B
A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
C
A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
D
A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
参考解析
解析:
暂无解析
相关考题:
Which statement is true regarding IPsec VPNs?() A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.
A route-based VPN is required for which scenario? () A. when the remote VPN peer is behind a NAT deviceB. when multiple networks need to be reached across the tunnelC. when the remote VPN peer is a dialup or remote access clientD. when a dynamic routing protocol such as OSPF is required across the VPN
What is not a difference between VPN tunnel authentication and per-user authentication?()A、VPN tunnel authentication is part of the IKE specification. B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.
Which statement is true about the SDM QoS wizard and its ability to enable a QoS policy on router interfaces?()A、QoS can be enabled on interfaces used for Easy VPN clientsB、QoS can be enabled on IPsec VPN interfaces and tunnelsC、QoS can be enabled on interfaces with an existing QoS policyD、the QoS policy can be enabled for incoming and outgoing traffic on the interface
Policy-based routing allows network administrators to implement routing policies to allow or deny paths based on all of these factors except which one?()A、End systemB、ProtocolC、ApplicationD、Throughput
A route-based VPN is required for which scenario? ()A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnelC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protocol such as OSPF is required across the VPN
Which two configuration elements are required for a policy-based VPN?()A、IKE gatewayB、secure tunnel interfaceC、security policy to permit the IKE trafficD、security policy referencing the IPsec VPN tunnel
A policy-based IPsec VPN is ideal for which scenario?()A、when you want to conserve tunnel resourcesB、when the remote peer is a dialup or remote access clientC、when you want to configure a tunnel policy with an action of denyD、when a dynamic routing protocol such as OSPF must be sent across the VPN
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A、set policy tunnel-traffic then tunnel remote-vpnB、set policy tunnel-traffic then permit tunnel remote-vpnC、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A、A route-based VPN generally uses less resources than a policy-based VPN.B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
Regarding secure tunnel (st) interfaces, which statement is true?()A、You cannot assign st interfaces to a security zone.B、You cannot apply static NAT on an st interface logical unit.C、st interfaces are optional when configuring a route-based VPND、A static route can reference the st interface logical unit as the next-hop
Which statement is true regarding IPsec VPNs?()A、There are five phases of IKE negotiation.B、There are two phases of IKE negotiation.C、IPsec VPN tunnels are not supported on SRX Series devices.D、IPsec VPNs require a tunnel PIC in SRX Series devices.
A route-based VPN is required for which scenario?()A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnel and GRE cannot be usedC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protocol is required across the VPN and GRE cannot be used
Which two configuration elements are required for a route-based VPN?()A、secure tunnel interfaceB、security policy to permit the IKE trafficC、a route for the tunneled transit trafficD、tunnel policy for transit traffic referencing the IPsec VPN
Your company has users who connect remotely to the main office through a Windows Server 2008 VPN server.You need to ensure that users cannot access the VPN server remotely from 22:00 to 05:00. What should you do?()A、Create a network policy for VPN connections. Modify the Day and time restrictions.B、Create a network policy for VPN connections. Apply an IP filter to deny access to the corporate network.C、Modify the Logon hours for all user objects to specify only the VPN server on the Computer restrictions option.D、Modify the Logon Hours for the default domain policy to enable the Force logoff when logon hours expire option.
单选题Your company has users who connect remotely to the main office though a Windows Server 2008 VPN server. You need to ensure that users cannot access the VPN server remotely from 22:00 to 05:00. What should you do( )?ACreate a network policy for VPN connections. modify the Day and time restrictions.BCreate a network policy for VPN connections. apply an ip filter to deny access to the corporate network.CModify the Logon hours for all users objects to specify only the VPN server otn he computer restrictions optionDModify the Logon hours for the default domain policy to enable the Force logoff when logon hours expire option.
单选题Policy-based routing allows network administrators to implement routing policies to allow or deny paths based on all of these factors except which one?()AEnd systemBProtocolCApplicationDThroughput
单选题A policy-based IPsec VPN is ideal for which scenario?()Awhen you want to conserve tunnel resourcesBwhen the remote peer is a dialup or remote access clientCwhen you want to configure a tunnel policy with an action of denyDwhen a dynamic routing protocol such as OSPF must be sent across the VPN
单选题A route-based VPN is required for which scenario? ()Awhen the remote VPN peer is behind a NAT deviceBwhen multiple networks need to be reached across the tunnelCwhen the remote VPN peer is a dialup or remote access clientDwhen a dynamic routing protocol such as OSPF is required across the VPN
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()ACisco IOS IPsec/SSL VPN clientBCisco VPN ClinetCISDN terminal adapterDCisco Adaptive Security Appliance
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()AA route-based VPN generally uses less resources than a policy-based VPN.BA route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.CA route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.DA route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
单选题Which statement is true regarding IPsec VPNs?()AThere are five phases of IKE negotiation.BThere are two phases of IKE negotiation.CIPsec VPN tunnels are not supported on SRX Series devices.DIPsec VPNs require a tunnel PIC in SRX Series devices.
单选题A route-based VPN is required for which scenario?()Awhen the remote VPN peer is behind a NAT deviceBwhen multiple networks need to be reached across the tunnel and GRE cannot be usedCwhen the remote VPN peer is a dialup or remote access clientDwhen a dynamic routing protocol is required across the VPN and GRE cannot be used
单选题Which statement is true about the SDM QoS wizard and its ability to enable a QoS policy on router interfaces?()AQoS can be enabled on interfaces used for Easy VPN clientsBQoS can be enabled on IPsec VPN interfaces and tunnelsCQoS can be enabled on interfaces with an existing QoS policyDthe QoS policy can be enabled for incoming and outgoing traffic on the interface
多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN
单选题Regarding secure tunnel (st) interfaces, which statement is true?()AYou cannot assign st interfaces to a security zone.BYou cannot apply static NAT on an st interface logical unit.Cst interfaces are optional when configuring a route-based VPNDA static route can reference the st interface logical unit as the next-hop