单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }po
题目
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
相似考题
参考答案和解析
更多“单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }po”相关问题
-
第1题:
Which of the following commands will display a router’s crypto map IPsec security associationsettings?()
- A、show crypto map ipsec sa
- B、show crypto map
- C、show crypto engine connections active
- D、show ipsec crypto map
- E、show crypto map sa
- F、show ipsec crypto map sa
正确答案:A -
第2题:
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()
- A、IKE keepalives are unidirectional and sent every ten seconds
- B、IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
- C、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
- D、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
正确答案:A,C,D -
第3题:
在配置IPSec的安全提议proposal时,以下命令属于缺省配置的是()。
- A、encapsulation-mode tunnel
- B、transform esp
- C、esp encryption-algorithm des
- D、esp encryption-algorithm 3des
- E、esp authentication-algorithm md5
正确答案:A,B,C,E -
第4题:
Which configuration shows the correct application of a security policy scheduler?()
- A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
- B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
- C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
- D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
正确答案:B -
第5题:
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
- A、A route-based VPN generally uses less resources than a policy-based VPN.
- B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
- C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
- D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
正确答案:A -
第6题:
Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;
- A、The policy will always permit transit packets and use the IPsec VPN myTunnel.
- B、The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.
- C、The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
- D、The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
正确答案:C -
第7题:
单选题Which configuration shows the correct application of a security policy scheduler?()A[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }
B[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }
C[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }
D[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
正确答案: C解析: 暂无解析 -
第8题:
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpn
Bset policy tunnel-traffic then permit tunnel remote-vpn
Cset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
Dset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
正确答案: A解析: 暂无解析 -
第9题:
单选题Which statement contains the correct parameters for a route-based IPsec VPN?()A[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
B[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
C[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
D[edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
正确答案: C解析: 暂无解析 -
第10题:
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()Adata integrity
Bdata confidentiality
Cdata authentication
Douter IP header confidentiality
Eouter IP header authentication
正确答案: E,A解析: 暂无解析 -
第11题:
单选题Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
B[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
C[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
D[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
正确答案: A解析: 暂无解析 -
第12题:
单选题Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;AThe policy will always permit transit packets and use the IPsec VPN myTunnel.
BThe policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.
CThe policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
DThe policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
正确答案: C解析: 暂无解析 -
第13题:
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()
- A、[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
- B、[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
- C、[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
- D、[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
正确答案:B -
第14题:
Which operational mode command displays all active IPsec phase 2 security associations?()
- A、show ike security-associations
- B、show ipsec security-associations
- C、show security ike security-associations
- D、show security ipsec security-associations
正确答案:D -
第15题:
Which IPsec security protocol should be used when confidentiality is required?()
- A、AH
- B、MD5
- C、PSK
- D、ESP
正确答案:D -
第16题:
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()
- A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }
- B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }
- C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }
- D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
正确答案:C -
第17题:
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()
- A、data integrity
- B、data confidentiality
- C、data authentication
- D、outer IP header confidentiality
- E、outer IP header authentication
正确答案:A,B,C -
第18题:
Which two configuration elements are required for a route-based VPN?()
- A、secure tunnel interface
- B、security policy to permit the IKE traffic
- C、a route for the tunneled transit traffic
- D、tunnel policy for transit traffic referencing the IPsec VPN
正确答案:A,C -
第19题:
单选题Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()ACisco IOS IPsec/SSL VPN client
BCisco VPN Clinet
CISDN terminal adapter
DCisco Adaptive Security Appliance
正确答案: A解析: 暂无解析 -
第20题:
单选题Click the Exhibit button. Referring to the exhibit, which statement contains the correct gateway parameters?()A[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
B[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
C[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
D[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
正确答案: C解析: 暂无解析 -
第21题:
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()AA route-based VPN generally uses less resources than a policy-based VPN.
BA route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
CA route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
DA route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
正确答案: B解析: 暂无解析 -
第22题:
单选题You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }
B[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }
C[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }
D[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
正确答案: B解析: 暂无解析 -
第23题:
单选题Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;AThe policy will always permit transit packets and use the IPsec VPN myTunnel.
BThe policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.
CThe policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
DThe policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
正确答案: A解析: 暂无解析 -
第24题:
多选题IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()AIKE keepalives are unidirectional and sent every ten seconds
BIPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keys
CTo establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
DIKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
正确答案: D,B解析: 暂无解析