单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A A route-based VPN generally uses less resources than a policy-based VPN.B A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny act
题目
A route-based VPN generally uses less resources than a policy-based VPN.
A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
相似考题
参考答案和解析
更多“单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A A route-based VPN generally uses less resources than a policy-based VPN.B A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny act”相关问题
-
第1题:
Policy-based routing allows network administrators to implement routing policies to allow or deny paths based on all of these factors except which one?()
- A、End system
- B、Protocol
- C、Application
- D、Throughput
正确答案:D -
第2题:
Which two configuration elements are required for a policy-based VPN?()
- A、IKE gateway
- B、secure tunnel interface
- C、security policy to permit the IKE traffic
- D、security policy referencing the IPsec VPN tunnel
正确答案:A,D -
第3题:
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }
- A、set policy tunnel-traffic then tunnel remote-vpn
- B、set policy tunnel-traffic then permit tunnel remote-vpn
- C、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
- D、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
正确答案:D -
第4题:
Regarding secure tunnel (st) interfaces, which statement is true?()
- A、You cannot assign st interfaces to a security zone.
- B、You cannot apply static NAT on an st interface logical unit.
- C、st interfaces are optional when configuring a route-based VPN
- D、A static route can reference the st interface logical unit as the next-hop
正确答案:D -
第5题:
A route-based VPN is required for which scenario?()
- A、when the remote VPN peer is behind a NAT device
- B、when multiple networks need to be reached across the tunnel and GRE cannot be used
- C、when the remote VPN peer is a dialup or remote access client
- D、when a dynamic routing protocol is required across the VPN and GRE cannot be used
正确答案:D -
第6题:
Your company has users who connect remotely to the main office through a Windows Server 2008 VPN server.You need to ensure that users cannot access the VPN server remotely from 22:00 to 05:00. What should you do?()
- A、Create a network policy for VPN connections. Modify the Day and time restrictions.
- B、Create a network policy for VPN connections. Apply an IP filter to deny access to the corporate network.
- C、Modify the Logon hours for all user objects to specify only the VPN server on the Computer restrictions option.
- D、Modify the Logon Hours for the default domain policy to enable the Force logoff when logon hours expire option.
正确答案:C -
第7题:
单选题Policy-based routing allows network administrators to implement routing policies to allow or deny paths based on all of these factors except which one?()AEnd system
BProtocol
CApplication
DThroughput
正确答案: C解析: 暂无解析 -
第8题:
单选题A route-based VPN is required for which scenario? ()Awhen the remote VPN peer is behind a NAT device
Bwhen multiple networks need to be reached across the tunnel
Cwhen the remote VPN peer is a dialup or remote access client
Dwhen a dynamic routing protocol such as OSPF is required across the VPN
正确答案: A解析: 暂无解析 -
第9题:
单选题Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()ACisco IOS IPsec/SSL VPN client
BCisco VPN Clinet
CISDN terminal adapter
DCisco Adaptive Security Appliance
正确答案: A解析: 暂无解析 -
第10题:
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()AA route-based VPN generally uses less resources than a policy-based VPN.
BA route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
CA route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
DA route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
正确答案: B解析: 暂无解析 -
第11题:
单选题A route-based VPN is required for which scenario?()Awhen the remote VPN peer is behind a NAT device
Bwhen multiple networks need to be reached across the tunnel and GRE cannot be used
Cwhen the remote VPN peer is a dialup or remote access client
Dwhen a dynamic routing protocol is required across the VPN and GRE cannot be used
正确答案: B解析: 暂无解析 -
第12题:
多选题Which two configuration elements are required for a route-based VPN?()Asecure tunnel interface
Bsecurity policy to permit the IKE traffic
Ca route for the tunneled transit traffic
Dtunnel policy for transit traffic referencing the IPsec VPN
正确答案: B,A解析: 暂无解析 -
第13题:
A route-based VPN is required for which scenario? ()
- A、when the remote VPN peer is behind a NAT device
- B、when multiple networks need to be reached across the tunnel
- C、when the remote VPN peer is a dialup or remote access client
- D、when a dynamic routing protocol such as OSPF is required across the VPN
正确答案:D -
第14题:
A policy-based IPsec VPN is ideal for which scenario?()
- A、when you want to conserve tunnel resources
- B、when the remote peer is a dialup or remote access client
- C、when you want to configure a tunnel policy with an action of deny
- D、when a dynamic routing protocol such as OSPF must be sent across the VPN
正确答案:B -
第15题:
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()
- A、A route-based VPN generally uses less resources than a policy-based VPN.
- B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
- C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
- D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
正确答案:A -
第16题:
Which statement is true regarding IPsec VPNs?()
- A、There are five phases of IKE negotiation.
- B、There are two phases of IKE negotiation.
- C、IPsec VPN tunnels are not supported on SRX Series devices.
- D、IPsec VPNs require a tunnel PIC in SRX Series devices.
正确答案:D -
第17题:
Which two configuration elements are required for a route-based VPN?()
- A、secure tunnel interface
- B、security policy to permit the IKE traffic
- C、a route for the tunneled transit traffic
- D、tunnel policy for transit traffic referencing the IPsec VPN
正确答案:A,C -
第18题:
单选题Your company has users who connect remotely to the main office though a Windows Server 2008 VPN server. You need to ensure that users cannot access the VPN server remotely from 22:00 to 05:00. What should you do( )?ACreate a network policy for VPN connections. modify the Day and time restrictions.
BCreate a network policy for VPN connections. apply an ip filter to deny access to the corporate network.
CModify the Logon hours for all users objects to specify only the VPN server otn he computer restrictions option
DModify the Logon hours for the default domain policy to enable the Force logoff when logon hours expire option.
正确答案: A解析: 暂无解析 -
第19题:
单选题A policy-based IPsec VPN is ideal for which scenario?()Awhen you want to conserve tunnel resources
Bwhen the remote peer is a dialup or remote access client
Cwhen you want to configure a tunnel policy with an action of deny
Dwhen a dynamic routing protocol such as OSPF must be sent across the VPN
正确答案: B解析: 暂无解析 -
第20题:
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpn
Bset policy tunnel-traffic then permit tunnel remote-vpn
Cset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
Dset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
正确答案: B解析: 暂无解析 -
第21题:
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpn
Bset policy tunnel-traffic then permit tunnel remote-vpn
Cset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permit
Dset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
正确答案: A解析: 暂无解析 -
第22题:
单选题Which statement is true regarding IPsec VPNs?()AThere are five phases of IKE negotiation.
BThere are two phases of IKE negotiation.
CIPsec VPN tunnels are not supported on SRX Series devices.
DIPsec VPNs require a tunnel PIC in SRX Series devices.
正确答案: B解析: 暂无解析 -
第23题:
单选题Which statement is true about the SDM QoS wizard and its ability to enable a QoS policy on router interfaces?()AQoS can be enabled on interfaces used for Easy VPN clients
BQoS can be enabled on IPsec VPN interfaces and tunnels
CQoS can be enabled on interfaces with an existing QoS policy
Dthe QoS policy can be enabled for incoming and outgoing traffic on the interface
正确答案: D解析: 暂无解析 -
第24题:
单选题Regarding secure tunnel (st) interfaces, which statement is true?()AYou cannot assign st interfaces to a security zone.
BYou cannot apply static NAT on an st interface logical unit.
Cst interfaces are optional when configuring a route-based VPN
DA static route can reference the st interface logical unit as the next-hop
正确答案: D解析: 暂无解析