单选题For IKE phase 1 negotiations， when is aggressive mode typically used？（）A when one of the tunnel peers has a dynamic IP addressB when one of the tunnel peers wants to force main mode to be usedC when fragmentation of the IKE packet is required between t

第1题：

When configuring a multipoint GRE （mGRE） tunnel interface， which one of the following is NOT a valid configuration option：（）

• A、 tunnel source
• B、 tunnel destination
• C、 tunnel key
• D、 ip address
• E、 tunnelvrf

第2题：

Which of the following is true when considering the Server load-balancing design within the E-Commerce Module of the Enterprise Campus network？（）

• A、 Routed mode requires the ACE run OSPF or EIGRP
• B、 Bridged mode switches a packet between the public and the private subnets when it sees itsMAC address as the destination
• C、 Two-armed mode will place the SLB inline to the servers， with different client-side and a server-side VLANs
• D、 One-armed mode， which uses the same VLAN for the client， the ACE， and the servers， requiresa traffic-diversion mechanism to ensure the traffic return from the server passes though the ACE

第3题：

Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers？（）

• A、message 1 and 2
• B、message 3 and 4
• C、message 5 and 6
• D、message 7 and 8

第4题：

For the following items ，which one can be used to authenticate the IPsec peers during IKE Phase 1？（）

• A、pre-shared key
• B、integrity check value
• C、XAUTH
• D、Diffie-Hellman Nonce

第5题：

Which of the following explains the relationship between a physical and logical partition?（）

• A、A physical partition is hosted on one or more logical partitions. A logical partition is used when describing storage.
• B、A logical partition is hosted on one or more physical partitions. A physical partition is used when describing storage.
• C、A physical partition is used when describing only a SCSI or SAS disk. A logical partition is used when describing a SAN LUN.
• D、A logical partition is used when describing only a SATA or SAS disk. A physical partition is used when describing RAID or mirrored arrays.

第6题：

For IKE phase 1 negotiations， when is aggressive mode typically used？（）

• A、when one of the tunnel peers has a dynamic IP address
• B、when one of the tunnel peers wants to force main mode to be used
• C、when fragmentation of the IKE packet is required between the two peers
• D、when one of the tunnel peers wants to specify a different phase 1 proposal

第7题：

Which attribute is required for all IKE phase 2 negotiations？（）

• A、proxy-ID
• B、preshared key
• C、Diffie-Hellman group key
• D、main or aggressive mode

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true？（）

• A、IKE keepalives are unidirectional and sent every ten seconds
• B、IPsec uses the Encapsulating Security Protocol （ESP） or the Authentication Header （AH）protocol for exchanging keys
• C、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
• D、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers

第14题：

You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec， which two parameters are required when defining the tunnel interfaceinformation？（）

• A、The crypto ACL number
• B、The IPSEC mode （tunnel or transport）
• C、The GRE tunnel interface IP address
• D、The GRE tunnel source interface or IP address， and tunnel destination IP address
• E、The MTU size of the GRE tunnel interface

第15题：

A policy-based IPsec VPN is ideal for which scenario？（）

• A、when you want to conserve tunnel resources
• B、when the remote peer is a dialup or remote access client
• C、when you want to configure a tunnel policy with an action of deny
• D、when a dynamic routing protocol such as OSPF must be sent across the VPN

第16题：

Why is NTP an important component when implementing IPSec VPN in a PKI environment？（）

• A、 To ensure the router has the correct time when generating its private/public key pairs.
• B、 To ensure the router has the correct time when checking certificate validity from the remote peers
• C、 To ensure the router time is sync with the remote peers for encryption keys generation
• D、 To ensure the router time is sync with the remote peers during theDH exchange
• E、 To ensure the router time is sync with the remote peers when generating the cookies during IKE phase 1

第17题：

Which two statements are true about L2TP tunnel switching?（）

• A、Requires only one tunnel switching license.
• B、Requires two licenses，one for inbound and one for outbound sessions.
• C、Enabled automatically when the BSR is configured as an LAC and LNS.
• D、Aids in L2TP tunnel scaling

第18题：

An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? （）(Choose two.)

• A、Only main mode can be used for IKE negotiation
• B、A local-identity must be defined
• C、It must be the initiator for IKE
• D、A remote-identity must be defined

第19题：

A route-based VPN is required for which scenario？（）

• A、when the remote VPN peer is behind a NAT device
• B、when multiple networks need to be reached across the tunnel and GRE cannot be used
• C、when the remote VPN peer is a dialup or remote access client
• D、when a dynamic routing protocol is required across the VPN and GRE cannot be used

第20题：

第21题：

第22题：

第23题：

第24题：