An IPsec tunnel is established o

第1题：

第2题：

You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec， which two parameters are required when defining the tunnel interfaceinformation？（）

• A、The crypto ACL number
• B、The IPSEC mode （tunnel or transport）
• C、The GRE tunnel interface IP address
• D、The GRE tunnel source interface or IP address， and tunnel destination IP address
• E、The MTU size of the GRE tunnel interface

第3题：

第4题：

To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?（）

• A、IPSec in tunnel mode
• B、IPSec in transport mode
• C、GRE with IPSec in transport mode
• D、GRE with IPSec in tunnel mode

第5题：

Based on the configuration shown in the exhibit， what will happen to the traffic matching thesecurity policy？（） [edit schedulers] user@host# showscheduler now { monday all-day； tuesday exclude； wednesday { start-time 07：00：00 stop-time 18：00：00； } thursday { start-time 07：00：00 stop-time 18：00：00； } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts； destination-address ExtServers； application ExtApps； } then { permit { tunnel { ipsec-vpn myTunnel； } } } scheduler-name now； }

• A、The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.
• B、The traffic is permitted through the myTunnel IPsec tunnel daily， with the exception of Mondays.
• C、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7：00 am and 6：00 pm， and Thursdays between 7：00 am and 6：00 pm.
• D、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6：01 pm and 6：59 am， and Thursdays between 6：01 pm and 6：59 am

第6题：

第7题：

What is not a difference between VPN tunnel authentication and per-user authentication?（）

• A、VPN tunnel authentication is part of the IKE specification. 
• B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
• C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 
• D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.

第8题：

第9题：

What is true about Quality of Service （QoS） for VPNs？（）

• A、QoS preclassification is only supported on generic routing encapsulation （GRE） and IPsec VPNs
• B、QoS preclassification is not required in Layer 2 Tunneling Protocol （L2TP）， Layer2 Forwarding （L2F）， and Point-to-Point Tunneling Protocol （PPTP） VPNs
• C、QoS preclassification is supported on IPsec AH VPNs， but not on IPsec ESP VPNs
• D、the QoS-for-VPNs feature （QoS preclassification） is designed for VPN transport interfaces
• E、with IPsec tunnel mode， the type of service （ToS） byte value is copied automatically from the original IP header to the tunnel header

第10题：

Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel？（）

• A、 AES 
• B、 TKIP
• C、 802.1q
• D、 ISAKMP