PrepAway - Latest Free Exam Questions & Answers

which three statements are correct?

You have been asked to establish a dynamic IPsec VPN between your SRX device and a remote
user. Regarding this scenario, which three statements are correct? (Choose three.)

PrepAway - Latest Free Exam Questions & Answers

A.
You must use preshared keys.

B.
IKE aggressive mode must be used.

C.
Only predefined proposal sets can be used.

D.
Only policy-based VPNs are supported.

E.
You can use all methods of encryption.

Explanation:

Reference :http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamicvpn-appnote-v12.pdf

One Comment on “which three statements are correct?

  1. SW says:

    A C D

    Only preshared keys are supported for Phase 1 authentication with dynamic VPN tunnels.
    Only policy ­based VPNs are supported. Route­based VPNs are not supported with dynamic VPN.
    When a dynamic VPN client negotiates an “AutoKey IKE tunnel with a preshared key” aggressive mode must be used.
    The dynamic VPN client supports the following algorithms: MD5, SHA­1, DES, 3DES, AES (with 96­bit, 128­bit, and 256­bit keys).
    The dynamic VPN client supports DH groups 1,2, and 5. Tunnel negotiations will fail if other values are configured on the Juniper device.




    0



    0

Leave a Reply