JN0-130

单选题Which statement is true regarding IPsec VPNs?()A There are five phases of IKE negotiation.B There are two phases of IKE negotiation.C IPsec VPN tunnels are not supported on SRX Series devices.D IPsec VPNs require a tunnel PIC in SRX Series devices.

题目
单选题
Which statement is true regarding IPsec VPNs?()
A

There are five phases of IKE negotiation.

B

There are two phases of IKE negotiation.

C

IPsec VPN tunnels are not supported on SRX Series devices.

D

IPsec VPNs require a tunnel PIC in SRX Series devices.

如果没有搜索结果,请直接 联系老师 获取答案。
如果没有搜索结果,请直接 联系老师 获取答案。
相似问题和答案

第1题:

Which statement is true regarding NAT?()

A. NAT is not supported on SRX Series devices.

B. NAT requires special hardware on SRX Series devices.

C. NAT is processed in the control plane.

D. NAT is processed in the data plane.


参考答案:D

第2题:

Which statement contains the correct parameters for a route-based IPsec VPN?()

A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }

D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }


参考答案:D

第3题:

You are configuring an SRX210 as a firewall enforcer that will tunnel IPsec traffic from several Junos Pulse users.Which two parameters must you configure on the SRX210?()

A. access profile

B. IKE parameters

C. tunneled interface

D. redirect policy


参考答案:A, B

第4题:

Which statement is true regarding NAT?()

  • A、NAT is not supported on SRX Series devices.
  • B、NAT requires special hardware on SRX Series devices.
  • C、NAT is processed in the control plane.
  • D、NAT is processed in the data plane.

正确答案:D

第5题:

Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()

  • A、allows dynamic routing over the tunnel
  • B、supports multi-protocol (non-IP) traffic over the tunnel
  • C、reduces IPsec headers overhead since tunnel mode is used
  • D、simplifies the ACL used in the crypto map
  • E、uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration

正确答案:A,B,D

第6题:

An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)

A. Only main mode can be used for IKE negotiation

B. A local-identity must be defined

C. It must be the initiator for IKE

D. A remote-identity must be defined


参考答案:B, C

第7题:

IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()

  • A、IKE keepalives are unidirectional and sent every ten seconds
  • B、IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
  • C、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
  • D、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers

正确答案:A,C,D

第8题:

Which statement is true regarding IPsec VPNs?()

A. There are five phases of IKE negotiation.

B. There are two phases of IKE negotiation.

C. IPsec VPN tunnels are not supported on SRX Series devices.

D. IPsec VPNs require a tunnel PIC in SRX Series devices.


参考答案:D

第9题:

What is not a difference between VPN tunnel authentication and per-user authentication?()

  • A、VPN tunnel authentication is part of the IKE specification. 
  • B、VPN tunnel authentication does not control which end user can use the IPSec SA (VPN tunnel).
  • C、User authentication is used to control access for a specific user ID, and can be used with or without a VPN tunnel for network access authorization. 
  • D、802.1X with EAP-TLS (X.509 certificates) can be used to authenticate an IPSec tunnel.

正确答案:D

第10题:

Which two configuration elements are required for a policy-based VPN?()

  • A、IKE gateway
  • B、secure tunnel interface
  • C、security policy to permit the IKE traffic
  • D、security policy referencing the IPsec VPN tunnel

正确答案:A,D

更多相关问题