Click the Exhibit button.
[edit security]
user@host# show
ike {
policy ike-policy1 {
mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$GFjm5OBEclM5QCuO1yrYgo"; ## SECRET-DATA }
gateway remote-ike {
ike-policy ike-policy1;
address 172.19.51.170;
external-interface ge-0/0/3.0;
}}
ipsec {
policy vpn-policy1 {
proposal-set standard;
}
vpn remote-vpn {
ike {
gateway remote-ike;
ipsec-policy vpn-policy1;
}}}
Assuming you want to configure a route-based VPN, which command is required to bind the VPN to secure tunnel interface st0.0?
A. set ipsec vpn remote-vpn bind-interface st0.0
B. set ike gateway remote-ike bind-interface st0.0
C. set ike policy ike-policy1 bind-interface st0.0
D. set ipsec policy vpn-policy1 bind-interface st0.0
Regarding a route-based versus policy-based IPsec VPN, which statement is true?
A. A route-based VPN generally uses less resources than a policy-based VPN.
B. A route-based VPN cannot have a deny action in a policy; a policy-based VPN can have a deny action.
C. A route-based VPN is better suited for dialup or remote access compared to a policy-based VPN.
D. A route-based VPN uses a policy referencing the IPsec VPN; a policy-based VPN policy does not use a policy referencing the IPsec VPN.
A policy-based IPsec VPN is ideal for which scenario?
A. when you want to conserve tunnel resources
B. when the remote peer is a dialup or remote access client
C. when you want to configure a tunnel policy with an action of deny
D. when a dynamic routing protocol such as OSPF must be sent across the VPN
A route-based VPN is required for which scenario?
A. when the remote VPN peer is behind a NAT device
B. when multiple networks need to be reached across the tunnel and GRE cannot be used
C. when the remote VPN peer is a dialup or remote access client
D. when a dynamic routing protocol is required across the VPN and GRE cannot be used
Which attribute is optional for IKE phase 2 negotiations?
A. proxy-ID
B. phase 2 proposal
C. Diffie-Hellman group key
D. security protocol (ESP or AH)
Which attribute is required for all IKE phase 2 negotiations?
A. proxy-ID
B. preshared key
C. Diffie-Hellman group key
D. main or aggressive mode
Which operational mode command displays all active IPsec phase 2 security associations?
A. show ike security-associations
B. show ipsec security-associations
C. show security ike security-associations
D. show security ipsec security-associations
Two VPN peers are negotiating IKE phase 1 using main mode.
Which message pair in the negotiation contains the phase 1 proposal for the peers?
A. message 1 and 2
B. message 3 and 4
C. message 5 and 6
D. message 7 and 8
Regarding an IPsec security association (SA), which two statements are true? (Choose two.)
A. IKE SA is bidirectional.
B. IPsec SA is bidirectional.
C. IKE SA is established during phase 2 negotiations.
D. IPsec SA is established during phase 2 negotiations.
You are creating a destination NAT rule-set.
Which two are valid for use with the from clause? (Choose two.)
A. security policy
B. interface
C. routing-instance
D. IP address
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Juniper exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JN0-332 exam preparations and Juniper certification application, do not hesitate to visit our Vcedump.com to find your solutions here.