You are asked to implement IPsec tunnels between your SRX devices located at various
locations. You will use the public key infrastructure (PKI) to verify the identification of the
endpoints. What are two certificate enrollment options available for this deployment?
(Choose two.)
A.
Manually generating a PKCS10 request and submitting it to an authorized CA.
B.
Dynamically generating and sending a certificate request to an authorized CA using
OCSP.
C.
Manually generating a CRL request and submitting that request to an authorized CA.
D.
Dynamically generating and sending a certificate request to an authorized CA using
SCEP.
Correct: D
https://www.juniper.net/documentation/en_US/junos15.1×49-d40/topics/concept/security-pki-cmpv2-scep-certificate-enrollment-understanding.html
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22073&actp=search
Correct A and D
http://kb.juniper.net/InfoCenter/index?page=content&id=KB10175&actp=search
https://www.juniper.net/documentation/en_US/junos15.1×49-d40/topics/concept/security-pki-cmpv2-scep-certificate-enrollment-understanding.html
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22073&actp=search