There are five phases of IKE negotiation.
There are two phases of IKE negotiation.
IPsec VPN tunnels are not supported on SRX Series devices.
IPsec VPNs require a tunnel PIC in SRX Series devices.
第1题:
A. NAT is not supported on SRX Series devices.
B. NAT requires special hardware on SRX Series devices.
C. NAT is processed in the control plane.
D. NAT is processed in the data plane.
第2题:
A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
第3题:
A. access profile
B. IKE parameters
C. tunneled interface
D. redirect policy
第4题:
Which statement is true regarding NAT?()
第5题:
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()
第6题:
A. Only main mode can be used for IKE negotiation
B. A local-identity must be defined
C. It must be the initiator for IKE
D. A remote-identity must be defined
第7题:
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()
第8题:
A. There are five phases of IKE negotiation.
B. There are two phases of IKE negotiation.
C. IPsec VPN tunnels are not supported on SRX Series devices.
D. IPsec VPNs require a tunnel PIC in SRX Series devices.
第9题:
What is not a difference between VPN tunnel authentication and per-user authentication?()
第10题:
Which two configuration elements are required for a policy-based VPN?()