网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
单选题
For IKE phase 1 negotiations, when is aggressive mode typically used?()
A
when one of the tunnel peers has a dynamic IP address
B
when one of the tunnel peers wants to force main mode to be used
C
when fragmentation of the IKE packet is required between the two peers
D
when one of the tunnel peers wants to specify a different phase 1 proposal
参考答案
参考解析
解析:
暂无解析
更多 “单选题For IKE phase 1 negotiations, when is aggressive mode typically used?()A when one of the tunnel peers has a dynamic IP addressB when one of the tunnel peers wants to force main mode to be usedC when fragmentation of the IKE packet is required between the two peersD when one of the tunnel peers wants to specify a different phase 1 proposal” 相关考题
考题
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)
A. Only main mode can be used for IKE negotiationB. A local-identity must be definedC. It must be the initiator for IKED. A remote-identity must be defined
考题
Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network.Which of the following answers best describes the router‘s logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()A. When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interfaceB. When routing the packet, matching a route whose outgoing interface is the GRE tunnel interfaceC. When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interfaceD. When permitted by an ACL that was referenced in the associated crypto map
考题
During the Easy VPN Remote connection process,which phase involves pushing the IP address, Domain Name System (DNS),and split tunnel attributes to the client?()A、mode configurationB、the VPN client establishment of an ISAKMP SAC、IPsec quick mode completion of the connectionD、VPN client initiation of the IKE phase 1 process
考题
Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network. Which of the following answers best describes the router's logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()A、When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interfaceB、When routing the packet, matching a route whose outgoing interface is the GRE tunnel interfaceC、When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interfaceD、When permitted by an ACL that was referenced in the associated crypto map
考题
When configuring a multipoint GRE (mGRE) tunnel interface, which one of the following is NOT a valid configuration option:()A、 tunnel sourceB、 tunnel destinationC、 tunnel keyD、 ip addressE、 tunnelvrf
考题
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()A、IKE keepalives are unidirectional and sent every ten secondsB、IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keysC、To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepacketsD、IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
考题
Which of the following is true when considering the Server load-balancing design within the E-Commerce Module of the Enterprise Campus network?()A、 Routed mode requires the ACE run OSPF or EIGRPB、 Bridged mode switches a packet between the public and the private subnets when it sees itsMAC address as the destinationC、 Two-armed mode will place the SLB inline to the servers, with different client-side and a server-side VLANsD、 One-armed mode, which uses the same VLAN for the client, the ACE, and the servers, requiresa traffic-diversion mechanism to ensure the traffic return from the server passes though the ACE
考题
You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()A、The crypto ACL numberB、The IPSEC mode (tunnel or transport)C、The GRE tunnel interface IP addressD、The GRE tunnel source interface or IP address, and tunnel destination IP addressE、The MTU size of the GRE tunnel interface
考题
Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?()A、message 1 and 2B、message 3 and 4C、message 5 and 6D、message 7 and 8
考题
A policy-based IPsec VPN is ideal for which scenario?()A、when you want to conserve tunnel resourcesB、when the remote peer is a dialup or remote access clientC、when you want to configure a tunnel policy with an action of denyD、when a dynamic routing protocol such as OSPF must be sent across the VPN
考题
For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1?()A、pre-shared keyB、integrity check valueC、XAUTHD、Diffie-Hellman Nonce
考题
Why is NTP an important component when implementing IPSec VPN in a PKI environment?()A、 To ensure the router has the correct time when generating its private/public key pairs.B、 To ensure the router has the correct time when checking certificate validity from the remote peersC、 To ensure the router time is sync with the remote peers for encryption keys generationD、 To ensure the router time is sync with the remote peers during theDH exchangeE、 To ensure the router time is sync with the remote peers when generating the cookies during IKE phase 1
考题
Which of the following explains the relationship between a physical and logical partition?()A、A physical partition is hosted on one or more logical partitions. A logical partition is used when describing storage.B、A logical partition is hosted on one or more physical partitions. A physical partition is used when describing storage.C、A physical partition is used when describing only a SCSI or SAS disk. A logical partition is used when describing a SAN LUN.D、A logical partition is used when describing only a SATA or SAS disk. A physical partition is used when describing RAID or mirrored arrays.
考题
Which two statements are true about L2TP tunnel switching?()A、Requires only one tunnel switching license.B、Requires two licenses,one for inbound and one for outbound sessions.C、Enabled automatically when the BSR is configured as an LAC and LNS.D、Aids in L2TP tunnel scaling
考题
For IKE phase 1 negotiations, when is aggressive mode typically used?()A、when one of the tunnel peers has a dynamic IP addressB、when one of the tunnel peers wants to force main mode to be usedC、when fragmentation of the IKE packet is required between the two peersD、when one of the tunnel peers wants to specify a different phase 1 proposal
考题
An IPsec tunnel is established on an SRX Series Gateway on an interface whose IP address was obtained using DHCP.Which two statements are true? ()(Choose two.)A、Only main mode can be used for IKE negotiationB、A local-identity must be definedC、It must be the initiator for IKED、A remote-identity must be defined
考题
Which attribute is required for all IKE phase 2 negotiations?()A、proxy-IDB、preshared keyC、Diffie-Hellman group keyD、main or aggressive mode
考题
A route-based VPN is required for which scenario?()A、when the remote VPN peer is behind a NAT deviceB、when multiple networks need to be reached across the tunnel and GRE cannot be usedC、when the remote VPN peer is a dialup or remote access clientD、when a dynamic routing protocol is required across the VPN and GRE cannot be used
考题
单选题During the Easy VPN Remote connection process,which phase involves pushing the IP address, Domain Name System (DNS),and split tunnel attributes to the client?()A
mode configurationB
the VPN client establishment of an ISAKMP SAC
IPsec quick mode completion of the connectionD
VPN client initiation of the IKE phase 1 process
考题
单选题Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers?()A
message 1 and 2B
message 3 and 4C
message 5 and 6D
message 7 and 8
考题
单选题Which of the following is true when considering the Server load-balancing design within the E-Commerce Module of the Enterprise Campus network?()A
Routed mode requires the ACE run OSPF or EIGRPB
Bridged mode switches a packet between the public and the private subnets when it sees itsMAC address as the destinationC
Two-armed mode will place the SLB inline to the servers, with different client-side and a server-side VLANsD
One-armed mode, which uses the same VLAN for the client, the ACE, and the servers, requiresa traffic-diversion mechanism to ensure the traffic return from the server passes though the ACE
考题
单选题Which attribute is required for all IKE phase 2 negotiations?()A
proxy-IDB
preshared keyC
Diffie-Hellman group keyD
main or aggressive mode
考题
多选题You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()AThe crypto ACL numberBThe IPSEC mode (tunnel or transport)CThe GRE tunnel interface IP addressDThe GRE tunnel source interface or IP address, and tunnel destination IP addressEThe MTU size of the GRE tunnel interface
考题
单选题When configuring a multipoint GRE (mGRE) tunnel interface, which one of the following is NOT a valid configuration option:()A
tunnel sourceB
tunnel destinationC
tunnel keyD
ip addressE
tunnelvrf
考题
单选题Why is NTP an important component when implementing IPSec VPN in a PKI environment?()A
To ensure the router has the correct time when generating its private/public key pairs.B
To ensure the router has the correct time when checking certificate validity from the remote peersC
To ensure the router time is sync with the remote peers for encryption keys generationD
To ensure the router time is sync with the remote peers during theDH exchangeE
To ensure the router time is sync with the remote peers when generating the cookies during IKE phase 1
考题
单选题For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1?()A
pre-shared keyB
integrity check valueC
XAUTHD
Diffie-Hellman Nonce
考题
单选题For IKE phase 1 negotiations, when is aggressive mode typically used?()A
when one of the tunnel peers has a dynamic IP addressB
when one of the tunnel peers wants to force main mode to be usedC
when fragmentation of the IKE packet is required between the two peersD
when one of the tunnel peers wants to specify a different phase 1 proposal
考题
多选题IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPNstatements are true?()AIKE keepalives are unidirectional and sent every ten secondsBIPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH)protocol for exchanging keysCTo establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepacketsDIKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers
热门标签
最新试卷