考题
Click the Exhibit button.Referring to the exhibit, which statement contains the correct gateway parameters?()
A. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }B. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }C. [edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }D. [edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
考题
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()
A. [edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B. [edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C. [edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D. [edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
考题
Which statement contains the correct parameters for a route-based IPsec VPN?()
A. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }B. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; } policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }C. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200;} policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface ge-0/0/1.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }D. [edit security ipsec] user@host# show proposal ike1-proposal { protocol esp; authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; lifetime-seconds 3200; }policy ipsec1-policy { perfect-forward-secrecy { keys group2; } proposals ike1-proposal; } vpn VpnTunnel { bind-interface st0.0; ike { gateway ike1-gateway; ipsec-policy ipsec1-policy; } establish-tunnels immediately; }
考题
Which IPsec security protocol should be used when confidentiality is required?()
A. AHB. MD5C. PSKD. ESP
考题
Which of the following commands will display a router’s crypto map IPsec security associationsettings?()A、show crypto map ipsec saB、show crypto mapC、show crypto engine connections activeD、show ipsec crypto mapE、show crypto map saF、show ipsec crypto map sa
考题
You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A、[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B、[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C、[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D、[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
考题
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()A、IKE keepalives are unidirectional and sent every ten secondsB、IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keysC、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepacketsD、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
考题
Which operational mode command displays all active IPsec phase 2 security associations?()A、show ike security-associationsB、show ipsec security-associationsC、show security ike security-associationsD、show security ipsec security-associations
考题
在配置IPSec的安全提议proposal时,以下命令属于缺省配置的是()。A、encapsulation-mode tunnelB、transform espC、esp encryption-algorithm desD、esp encryption-algorithm 3desE、esp authentication-algorithm md5
考题
Which IPsec security protocol should be used when confidentiality is required?()A、AHB、MD5C、PSKD、ESP
考题
Which configuration shows the correct application of a security policy scheduler?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
考题
Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }B、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }C、[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }D、[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
考题
Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A、A route-based VPN generally uses less resources than a policy-based VPN.B、A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C、A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D、A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
考题
Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()A、data integrityB、data confidentialityC、data authenticationD、outer IP header confidentialityE、outer IP header authentication
考题
Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;A、The policy will always permit transit packets and use the IPsec VPN myTunnel.B、The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.C、The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.D、The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
考题
Which two configuration elements are required for a route-based VPN?()A、secure tunnel interfaceB、security policy to permit the IKE trafficC、a route for the tunneled transit trafficD、tunnel policy for transit traffic referencing the IPsec VPN
考题
单选题Which configuration shows the correct application of a security policy scheduler?()A
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } scheduler-name now; } } }B
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }C
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn scheduler-name now; } } } }D
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; scheduler-name now; } then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now; }myTunnel;
考题
单选题Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?()A
Cisco IOS IPsec/SSL VPN clientB
Cisco VPN ClinetC
ISDN terminal adapterD
Cisco Adaptive Security Appliance
考题
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A
set policy tunnel-traffic then tunnel remote-vpnB
set policy tunnel-traffic then permit tunnel remote-vpnC
set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD
set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
考题
单选题Click the Exhibit button. Referring to the exhibit, which statement contains the correct gateway parameters?()A
[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }B
[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike-policy1; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }C
[edit security ike] user@host# show gateway ike-phase1-gateway { policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }D
[edit security ike] user@host# show gateway ike-phase1-gateway { ike-policy ike1-policy; address 10.10.10.1; dead-peer-detection { interval 20; threshold 5; } external-interface ge-1/0/1.0; }
考题
单选题Regarding a route-based versus policy-based IPsec VPN, which statement is true?()A
A route-based VPN generally uses less resources than a policy-based VPN.B
A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.C
A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.D
A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use apolicy referencing the IPsec VPN
考题
多选题Which three security concerns can be addressed by a tunnel mode IPsec VPN secured by ESP?()Adata integrityBdata confidentialityCdata authenticationDouter IP header confidentialityEouter IP header authentication
考题
单选题You want to test a configured screen value prior to deploying.Which statement will allow you to accomplish this?()A
[edit security screen] user@host# show ids-option untrust-screen { alarm-test-only; }B
[edit security screen] user@host# show ids-option untrust-screen { alarm-without-drop; }C
[edit security screen] user@host# show ids-option untrust-screen { alarm-no-drop; }D
[edit security screen] user@host# show ids-option untrust-screen { test-without-drop; }
考题
单选题Your task is to provision the Junos security platform to permit transit packets from the Private zone to the External zone by using an IPsec VPN and log information at the time of session close.Which configuration meets this requirement?()A
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts;destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } log { session-init; } } }B
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; } } count { session-close; } } }C
[edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN;} } log { session-close; } } }D
[edit security policies from-zone Private to-zone External] user@host# show policy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps; } then { permit { tunnel { ipsec-vpn VPN; log; count session-close; } } } }
考题
单选题Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;A
The policy will always permit transit packets and use the IPsec VPN myTunnel.B
The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.C
The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.D
The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
考题
单选题Based on the configuration shown in the exhibit, what are the actions of the security policy?() [edit schedulers] user@host# show scheduler now { monday all-day; tuesday exclude; wednesday { start-time 07:00:00 stop-time 18:00:00; } thursday { start-time 07:00:00 stop-time 18:00:00; } } [edit security policies from-zone Private to-zone External] user@host# showpolicy allowTransit { match { source-address PrivateHosts; destination-address ExtServers; application ExtApps;} then { permit { tunnel { ipsec-vpn myTunnel; } } } scheduler-name now;A
The policy will always permit transit packets and use the IPsec VPN myTunnel.B
The policy will permit transit packets only on Monday, and use the IPsec VPN Mytunnel.C
The policy will permit transit packets and use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.D
The policy will always permit transit packets, but will only use the IPsec VPN myTunnel all day Monday and Wednesday 7am to 6pm, and Thursday 7am to 6pm.
考题
多选题IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()AIKE keepalives are unidirectional and sent every ten secondsBIPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keysCTo establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepacketsDIKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers