You are asked to implement IPsec tunnels between your SRX devices located at various locations. You will use
the public key infrastructure (PKI) to verify the identification of the endpoints. What are two certificate
enrollment options available for this deployment? (Choose two.)
A.
Manually generating a PKCS10 request and submitting it to an authorized CA.
B.
Dynamically generating and sending a certificate request to an authorized CA using OCSP.
C.
Manually generating a CRL request and submitting that request to an authorized CA.
D.
Dynamically generating and sending a certificate request to an authorized CA using SCEP.
Explanation:
Page 9
http://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/nce/pki-conf- trouble/
configuring-and-troubleshooting-public-key-infrastructure.pdf