You have an existing group VPN established in your internal network using the group-id 1.
You have been asked to configure a second group using the group-id 2. You must ensure
that the key server for group 1 participates in group 2 but is not the key server for that
group. Which statement is correct regarding the group configuration on the current key
server for group 1?
A.
You must configure both groups at the [edit security group-vpn] hierarchy.
B.
You must configure both groups at the [edit security ipsec vpn] hierarchy.
C.
You must configure both groups at the [edit security group-vpn member] hierarchy.
D.
You must configure both groups at the [edit security ike] hierarchy.
Explanation:
C is correct AJS Student Guide page 7-22
Answer is A.
http://www.juniper.net/documentation/en_US/junos12.1×47/topics/example/vpn-security-group-configuring-server-member-colocation-cli.html
From the KB posted by RWJ, I disagree that it is A. Note there is only “grp1” not “grp1” and “grp2”
This is very tricky on wording. You configure a single group under [edit security group-vpn], which makes me think A is wrong.
Under the group however, is where you would configure multiple match-policy’s p1, p2, p2.
In “C” the group is called member and that edit stanza is valid. If this shows up on the actual exam I’m going with “C”
Tom did you tke the exam, are these questions valid
ATTENTION PLEASE!!!
The JN0-633 exam End of Life (EOL) on July 1, 2017, now the new exam is JN0-634.
The newest JN0-634 dumps are available here FYI:
http://www.juniperbraindumps.com/category/juniper-junos-security-certification/jn0-634-dumps
Good Luck!!!