An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)A、Only main mode can be used for IKE negotiationB、A local-identity must be definedC、It must be t

题目

An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)

  • A、Only main mode can be used for IKE negotiation
  • B、A local-identity must be defined
  • C、It must be the initiator for IKE
  • D、A remote-identity must be defined
相似考题

1.Click the Exhibit button.[A] establishes an IPsec tunnel with [B]. The NAT device translates the IP address 1.1.1.1 to 2.1.1.1.On which port is the IKE SA established?()A.TCP 500B.UDP 500C.TCP 4500D.UDP 4500

2.Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()A. AESB. TKIPC. 802.1qD. ISAKMP

3.To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()A. IPSec in tunnel modeB. IPSec in transport modeC. GRE with IPSec in transport modeD. GRE with IPSec in tunnel mode

4.Which statement is true regarding IPsec VPNs?()A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.

更多“An IPsec tunnel is established o”相关问题

  • 第1题:

    You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()

    • A、The crypto ACL number
    • B、The IPSEC mode (tunnel or transport)
    • C、The GRE tunnel interface IP address
    • D、The GRE tunnel source interface or IP address, and tunnel destination IP address
    • E、The MTU size of the GRE tunnel interface

    正确答案:C,D

  • 第2题:

    Based on the configuration shown in the exhibit, what will happen to the traffic matching thesecurity policy?() [edit schedulers] user@host# showscheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }

    • A、The traffic is permitted through the myTunnel IPsec tunnel only on Tuesdays.
    • B、The traffic is permitted through the myTunnel IPsec tunnel daily, with the exception of Mondays.
    • C、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.
    • D、The traffic is permitted through the myTunnel IPsec tunnel all day on Mondays and Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am

    正确答案:C

  • 第3题:

    To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()

    • A、IPSec in tunnel mode
    • B、IPSec in transport mode
    • C、GRE with IPSec in transport mode
    • D、GRE with IPSec in tunnel mode

    正确答案:C

  • 第4题:

    Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()

    • A、AES
    • B、TKIP
    • C、802.1q
    • D、ISAKMP

    正确答案:A

  • 第5题:

    Regarding an IPsec security association (SA), which two statements are true?()

    • A、IKE SA is bidirectional.
    • B、IPsec SA is bidirectional.
    • C、IKE SA is established during phase 2 negotiations.
    • D、IPsec SA is established during phase 2 negotiations.

    正确答案:A,C

  • 第6题:

    单选题
    To securely transport EIGRP traffic, a network administrator will build VPNs between sites. Whatis the best method to accomplish the transport of EIGRP traffic?()
    A

     IPSec in tunnel mode

    B

     IPSec in transport mode

    C

     GRE with IPSec in transport mode

    D

     GRE with IPSec in tunnel mode


    正确答案: C
    解析: 暂无解析

  • 第7题:

    单选题
    Refer to the exhibit. With an IPSec tunnel established between remote Router A and head-end router B, with Compressed Real-Time Protocol (cRTP) configured on the serial interface of Router A, what impact will the cRTP configuration have on the Voice over IP packets flowing through the IPSec tunnel from a Cisco 7960 IP phone?()
    A

    Twenty bytes of header will be replaced with five bytes. 

    B

    If the IPSec transform set includes Authentication Header, the receiving IPSec peer will discard the packets. 

    C

    The IPSec packets will be dropped by Router A's compression logic.

    D

    The voice packets will not be compressed.


    正确答案: B
    解析: 暂无解析

  • 第8题:

    单选题
    You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of whichtype of tunnel?()
    A

    L2F tunnel

    B

    L2TP tunnel

    C

    GRE tunnel

    D

    ISAKMP tunnel


    正确答案: D
    解析: 暂无解析

  • 第9题:

    多选题
    An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)
    A

    Only main mode can be used for IKE negotiation

    B

    A local-identity must be defined

    C

    It must be the initiator for IKE

    D

    A remote-identity must be defined


    正确答案: B,C
    解析: 暂无解析

  • 第10题:

    单选题
    Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network. Which of the following answers best describes the router's logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()
    A

    When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interface

    B

    When routing the packet, matching a route whose outgoing interface is the GRE tunnel interface

    C

    When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interface

    D

    When permitted by an ACL that was referenced in the associated crypto map


    正确答案: D
    解析: 暂无解析

  • 第11题:

    单选题
    To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?()
    A

    IPSec in tunnel mode

    B

    IPSec in transport mode

    C

    GRE with IPSec in transport mode

    D

    GRE with IPSec in tunnel mode


    正确答案: D
    解析: 暂无解析

  • 第12题:

    单选题
    What is not a difference between VPN tunnel authentication and per-user authentication?()
    A

    VPN tunnel authentication is part of the IKE specification. 

    B

    VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).

    C

    User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 

    D

    802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.


    正确答案: C
    解析: 暂无解析

  • 第13题:

    What is not a difference between VPN tunnel authentication and per-user authentication?()

    • A、VPN tunnel authentication is part of the IKE specification. 
    • B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
    • C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 
    • D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.

    正确答案:D

  • 第14题:

    What is true about Quality of Service (QoS) for VPNs?()

    • A、QoS preclassification is only supported on generic routing encapsulation (GRE) and IPsec VPNs
    • B、QoS preclassification is not required in Layer 2 Tunneling Protocol (L2TP), Layer2 Forwarding (L2F), and Point-to-Point Tunneling Protocol (PPTP) VPNs
    • C、QoS preclassification is supported on IPsec AH VPNs, but not on IPsec ESP VPNs
    • D、the QoS-for-VPNs feature (QoS preclassification) is designed for VPN transport interfaces
    • E、with IPsec tunnel mode, the type of service (ToS) byte value is copied automatically from the original IP header to the tunnel header

    正确答案:C

  • 第15题:

    Which of the following protocols would MOST likely be used in the establishment of an IPSec VPN tunnel?()

    • A、 AES 
    • B、 TKIP
    • C、 802.1q
    • D、 ISAKMP

    正确答案:D

  • 第16题:

    Which statement is true regarding IPsec VPNs?()

    • A、There are five phases of IKE negotiation.
    • B、There are two phases of IKE negotiation.
    • C、IPsec VPN tunnels are not supported on SRX Series devices.
    • D、IPsec VPNs require a tunnel PIC in SRX Series devices.

    正确答案:D

  • 第17题:

    Which two configuration elements are required for a route-based VPN?()

    • A、secure tunnel interface
    • B、security policy to permit the IKE traffic
    • C、a route for the tunneled transit traffic
    • D、tunnel policy for transit traffic referencing the IPsec VPN

    正确答案:A,C

  • 第18题:

    多选题
    Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()
    A

    allows dynamic routing over the tunnel

    B

    supports multi-protocol (non-IP) traffic over the tunnel

    C

    reduces IPsec headers overhead since tunnel mode is used

    D

    simplifies the ACL used in the crypto map

    E

    uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration


    正确答案: C,B
    解析: 暂无解析

  • 第19题:

    单选题
    Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
    A

    set policy tunnel-traffic then tunnel remote-vpn

    B

    set policy tunnel-traffic then permit tunnel remote-vpn

    C

    set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit

    D

    set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn


    正确答案: B
    解析: 暂无解析

  • 第20题:

    单选题
    Based on the configuration shown in the exhibit, what will happen to the traffic matching the security policy?()
    A

    The traffic is permitted through the myTunnel IPSec tunnel only on Tuesdays.

    B

    The traffic is permitted through the myTunnel IPSec tunnel daily, with the exception of Mondays.

    C

    The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 7:00 am and 6:00 pm, and Thursdays between 7:00 am and 6:00 pm.

    D

    The traffic is permitted through the myTunnel IPSec tunnel all day on Mondays, Wednesdays between 6:01 pm and 6:59 am, and Thursdays between 6:01 pm and 6:59 am.


    正确答案: C
    解析: 暂无解析

  • 第21题:

    多选题
    You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()
    A

    The crypto ACL number

    B

    The IPSEC mode (tunnel or transport)

    C

    The GRE tunnel interface IP address

    D

    The GRE tunnel source interface or IP address, and tunnel destination IP address

    E

    The MTU size of the GRE tunnel interface


    正确答案: C,E
    解析: 暂无解析

  • 第22题:

    多选题
    Which two configuration elements are required for a policy-based VPN?()
    A

    IKE gateway

    B

    secure tunnel interface

    C

    security policy to permit the IKE traffic

    D

    security policy referencing the IPsec VPN tunnel


    正确答案: D,B
    解析: 暂无解析

  • 第23题:

    多选题
    Which two mechanisms can be used to detect IPsec GRE tunnel failures?()
    A

    Dead Peer Detection (DPD)

    B

    CDP

    C

    isakmp keepalives

    D

    GRE keepalive mechanism

    E

    The hello mechanism of the routing protocol across the IPsec tunnel


    正确答案: B,D
    解析: 暂无解析

相关内容