违法和不良信息举报 联系客服
免费注册 登录

多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interfaceBsecurity policy to permit the IKE trafficCa route for the tunneled transit trafficDtunnel policy for transit traffic referencing the IPsec VPN

题目
多选题
Which two configuration elements are required for a route-based VPN?()
A

secure tunnel interface

B

security policy to permit the IKE traffic

C

a route for the tunneled transit traffic

D

tunnel policy for transit traffic referencing the IPsec VPN

参考答案和解析
正确答案: B,D
解析: 暂无解析
如果没有搜索结果或未解决您的问题,请直接 联系老师 获取答案。
相似问题和答案

第1题:

You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service.What must you add to complete the security policy configuration?()

A. The intranet-auth authentication option

B. The redirect-portal application service

C. The uac-policy application service

D. The ipsec-vpn tunnel


参考答案:C

第2题:

A route-based VPN is required for which scenario? ()

A. when the remote VPN peer is behind a NAT device

B. when multiple networks need to be reached across the tunnel

C. when the remote VPN peer is a dialup or remote access client

D. when a dynamic routing protocol such as OSPF is required across the VPN


参考答案:D

第3题:

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()

A. access profile

B. IKE parameters

C. tunneled interface

D. redirect policy


参考答案:A, B

第4题:

A route-based VPN is required for which scenario? ()

  • A、when the remote VPN peer is behind a NAT device
  • B、when multiple networks need to be reached across the tunnel
  • C、when the remote VPN peer is a dialup or remote access client
  • D、when a dynamic routing protocol such as OSPF is required across the VPN

正确答案:D

第5题:

What is not a difference between VPN tunnel authentication and per-user authentication?()

  • A、VPN tunnel authentication is part of the IKE specification. 
  • B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
  • C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 
  • D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.

正确答案:D

第6题:

Which statement contains the correct parameters for a route-based IPsec VPN?()

A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }


参考答案:D

第7题:

A policy needs to be implemented on Router B so that any traffic sourced from 172.16.10.0/24 will be forwarded to Router C. Which configuration on Router B will achieve the desired effect?()

A.access - list 1 permit 172.16.10.0 0.0.0.255 ! interface e0 ip policy route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 1 72.16.14.4

B.access - list 1 permit 172.16.10.0 0.0.0.255 ! interface s0 ip policy route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 172.16.12.3

C.access - list 1 permit 172.16.10.0 0.0.0.255 ! interface e0 ip polic y route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 172.16.12.2

D.access -list 1 deny 172.16.10.0 0.0.0.255 ! interface s0 ip policy route - map policy ! route - map policy permit 10 match ip address 1 set ip next - hop 172.16.12.2


参考答案:B

第8题:

Which statement is true regarding IPsec VPNs?()

A. There are five phases of IKE negotiation.

B. There are two phases of IKE negotiation.

C. IPsec VPN tunnels are not supported on SRX Series devices.

D. IPsec VPNs require a tunnel PIC in SRX Series devices.


参考答案:D

第9题:

Which statement is true about the SDM QoS wizard and its ability to enable a QoS policy on router interfaces?()

  • A、QoS can be enabled on interfaces used for Easy VPN clients
  • B、QoS can be enabled on IPsec VPN interfaces and tunnels
  • C、QoS can be enabled on interfaces with an existing QoS policy
  • D、the QoS policy can be enabled for incoming and outgoing traffic on the interface

正确答案:B

第10题:

Which two configuration elements are required for a policy-based VPN?()

  • A、IKE gateway
  • B、secure tunnel interface
  • C、security policy to permit the IKE traffic
  • D、security policy referencing the IPsec VPN tunnel

正确答案:A,D

更多相关问题
相关内容