niusouti.com

多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel

题目
多选题
Which two configuration elements are required for a policy-based VPN?()
A

IKE gateway

B

secure tunnel interface

C

security policy to permit the IKE traffic

D

security policy referencing the IPsec VPN tunnel

相似考题

1.You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()A. access profileB. IKE parametersC. tunneled interfaceD. redirect policy

2.You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service.What must you add to complete the security policy configuration?()A. The intranet-auth authentication optionB. The redirect-portal application serviceC. The uac-policy application serviceD. The ipsec-vpn tunnel

3.Which statement contains the correct parameters for a route-based IPsec VPN?()A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

4.Which statement is true regarding IPsec VPNs?()A. There are five phases of IKE negotiation.B. There are two phases of IKE negotiation.C. IPsec VPN tunnels are not supported on SRX Series devices.D. IPsec VPNs require a tunnel PIC in SRX Series devices.

更多“多选题Which two configuration elements are required for a policy-based VPN?()AIKE gatewayBsecure tunnel interfaceCsecurity policy to permit the IKE trafficDsecurity policy referencing the IPsec VPN tunnel”相关问题

  • 第1题:

    Which two models are the models of DiffServ-Award traffic Engineering?()

    • A、Class-based Model
    • B、Maximum Allocation Model
    • C、Russian Doll Model
    • D、Global Tunnel Model
    • E、Policy-based Model

    正确答案:B,C

  • 第2题:

    You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()

    • A、The crypto ACL number
    • B、The IPSEC mode (tunnel or transport)
    • C、The GRE tunnel interface IP address
    • D、The GRE tunnel source interface or IP address, and tunnel destination IP address
    • E、The MTU size of the GRE tunnel interface

    正确答案:C,D

  • 第3题:

    Which two configuration elements are required for a policy-based VPN?()

    • A、IKE gateway
    • B、secure tunnel interface
    • C、security policy to permit the IKE traffic
    • D、security policy referencing the IPsec VPN tunnel

    正确答案:A,D

  • 第4题:

    Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }

    • A、set policy tunnel-traffic then tunnel remote-vpn
    • B、set policy tunnel-traffic then permit tunnel remote-vpn
    • C、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
    • D、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

    正确答案:D

  • 第5题:

    Which two models are the models of DiffServ-Aware Traffic Engineering? ()

    • A、Policy-based Model
    • B、Class based Model
    • C、Russian Doll Model
    • D、Global Tunnel Model
    • E、Maximum Allocation Model

    正确答案:C,E

  • 第6题:

    Which configuration shows the correct application of a security policy scheduler?()

    • A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
    • B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
    • C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
    • D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;

    正确答案:B

  • 第7题:

    Regarding a route-based versus policy-based IPsec VPN, which statement is true?()

    • A、A route-based VPN generally uses less resources than a policy-based VPN.
    • B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
    • C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
    • D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN

    正确答案:A

  • 第8题:

    Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;

    • A、The policy will always permit transit packets and use the IPsec VPN myTunnel.
    • B、The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.
    • C、The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
    • D、The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.

    正确答案:C

  • 第9题:

    单选题
    Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
    A

    set policy tunnel-traffic then tunnel remote-vpn

    B

    set policy tunnel-traffic then permit tunnel remote-vpn

    C

    set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit

    D

    set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn


    正确答案: A
    解析: 暂无解析

  • 第10题:

    多选题
    Which two configuration elements are required for a policy-based VPN?()
    A

    IKE gateway

    B

    secure tunnel interface

    C

    security policy to permit the IKE traffic

    D

    security policy referencing the IPsec VPN tunnel


    正确答案: D,B
    解析: 暂无解析

  • 第11题:

    单选题
    What is not a difference between VPN tunnel authentication and per-user authentication?()
    A

    VPN tunnel authentication is part of the IKE specification. 

    B

    VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).

    C

    User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 

    D

    802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.


    正确答案: A
    解析: 暂无解析

  • 第12题:

    多选题
    Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()
    A

    allows dynamic routing over the tunnel

    B

    supports multi-protocol (non-IP) traffic over the tunnel

    C

    reduces IPsec headers overhead since tunnel mode is used

    D

    simplifies the ACL used in the crypto map

    E

    uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration


    正确答案: B,E
    解析: 暂无解析

  • 第13题:

    During the Easy VPN Remote connection process,which phase involves pushing the IP address, Domain Name System (DNS),and split tunnel attributes to the client?()

    • A、mode configuration
    • B、the VPN client establishment of an ISAKMP SA
    • C、IPsec quick mode completion of the connection
    • D、VPN client initiation of the IKE phase 1 process

    正确答案:A

  • 第14题:

    What is not a difference between VPN tunnel authentication and per-user authentication?()

    • A、VPN tunnel authentication is part of the IKE specification. 
    • B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
    • C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 
    • D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.

    正确答案:D

  • 第15题:

    A policy-based IPsec VPN is ideal for which scenario?()

    • A、when you want to conserve tunnel resources
    • B、when the remote peer is a dialup or remote access client
    • C、when you want to configure a tunnel policy with an action of deny
    • D、when a dynamic routing protocol such as OSPF must be sent across the VPN

    正确答案:B

  • 第16题:

    You have created a security policy on an SRX240 that permits traffic from any source-address, any destination-address, and any application. The policy will be a source IP policy for use with the Junos Pulse Access Control Service. What must you add to complete the security policy configuration?()

    • A、The intranet-auth authentication option
    • B、The redirect-portal application service
    • C、The uac-policy application service
    • D、The ipsec-vpn tunnel

    正确答案:C

  • 第17题:

    You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()

    • A、access profile
    • B、IKE parameters
    • C、tunneled interface
    • D、redirect policy

    正确答案:A,B

  • 第18题:

    Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()

    • A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
    • B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
    • C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
    • D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }

    正确答案:C

  • 第19题:

    Which statement is true regarding IPsec VPNs?()

    • A、There are five phases of IKE negotiation.
    • B、There are two phases of IKE negotiation.
    • C、IPsec VPN tunnels are not supported on SRX Series devices.
    • D、IPsec VPNs require a tunnel PIC in SRX Series devices.

    正确答案:D

  • 第20题:

    Which two configuration elements are required for a route-based VPN?()

    • A、secure tunnel interface
    • B、security policy to permit the IKE traffic
    • C、a route for the tunneled transit traffic
    • D、tunnel policy for transit traffic referencing the IPsec VPN

    正确答案:A,C

  • 第21题:

    多选题
    You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()
    A

    The crypto ACL number

    B

    The IPSEC mode (tunnel or transport)

    C

    The GRE tunnel interface IP address

    D

    The GRE tunnel source interface or IP address, and tunnel destination IP address

    E

    The MTU size of the GRE tunnel interface


    正确答案: A,D
    解析: 暂无解析

  • 第22题:

    单选题
    Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
    A

    A route-based VPN generally uses less resources than a policy-based VPN.

    B

    A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.

    C

    A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.

    D

    A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN


    正确答案: B
    解析: 暂无解析

  • 第23题:

    单选题
    Which statement is true regarding IPsec VPNs?()
    A

    There are five phases of IKE negotiation.

    B

    There are two phases of IKE negotiation.

    C

    IPsec VPN tunnels are not supported on SRX Series devices.

    D

    IPsec VPNs require a tunnel PIC in SRX Series devices.


    正确答案: B
    解析: 暂无解析

  • 第24题:

    多选题
    Which two configuration elements are required for a route-based VPN?()
    A

    secure tunnel interface

    B

    security policy to permit the IKE traffic

    C

    a route for the tunneled transit traffic

    D

    tunnel policy for transit traffic referencing the IPsec VPN


    正确答案: B,A
    解析: 暂无解析

相关内容