which three statements are correct?

You have been asked to establish a dynamic IPsec VPN between your SRX device and a remote
user. Regarding this scenario, which three statements are correct? (Choose three.)

You have been asked to establish a dynamic IPsec VPN between your SRX device and a remote
user. Regarding this scenario, which three statements are correct? (Choose three.)

A.
You must use preshared keys.

B.
IKE aggressive mode must be used.

C.
Only predefined proposal sets can be used.

D.
Only policy-based VPNs are supported.

E.
You can use all methods of encryption.

Explanation:

Reference :http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamicvpn-appnote-v12.pdf

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

SW

SW

A C D

Only preshared keys are supported for Phase 1 authentication with dynamic VPN tunnels.
Only policy ­based VPNs are supported. Route­based VPNs are not supported with dynamic VPN.
When a dynamic VPN client negotiates an “AutoKey IKE tunnel with a preshared key” aggressive mode must be used.
The dynamic VPN client supports the following algorithms: MD5, SHA­1, DES, 3DES, AES (with 96­bit, 128­bit, and 256­bit keys).
The dynamic VPN client supports DH groups 1,2, and 5. Tunnel negotiations will fail if other values are configured on the Juniper device.

Reply