Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

As shown in the following figure, the BFD for OSPF network is as follows: 1. OSPF is running between the three devices: FW_A, FW_B, and FW_C. The neighbors are in the FULL state. The association between BFD and OSPF is complete. BFD is complete. To establish a BFD session, the following instructions are correct?

A.

When link a fails, BFD first senses, and FWA and FWB will converge immediately.

B.

link switching is switched in seconds

C.

FWA processes the neighbor Down event and recalculates the route. The new route is link b.

D.

When link a finds a fault, OSPF automatically converges and notifies BFD.

Site to Site IPSec VPN negotiation failed. Which of the following should be checked? 1. Network connectivity issues; 2. View the establishment of IKE phase 1 security associations and related configurations; 3. View the establishment of IKE phase 2 security associations and related configurations; 4. See if the security ACLs at both ends mirror each other.

A.

1 4 2 3

B.

4 2 3 1

C.

2 3 1 4

D.

4 1 2 3

In the dual-system hot backup, when the slave does not receive the hello packet of the HRP sent in the HRP hello packet period, the slave device is considered to be faulty.

A.

1

B.

2

C.

3

D.

5

If the IPSec policy is configured in the policy template and sub-policy mode, the firewall applies the policy template first and then applies the sub-policy.

A.

TRUE

B.

FALSE

What are the correct descriptions of IPSec and IKE below?

A.

IPSec has two negotiation modes to establish an SA. One is manual (manual) and the other is IKE (isakmp) auto-negotiation.

B.

IKE aggressive mode can choose to find the corresponding authentication key according to the negotiation initiator IP address or ID and finally complete the negotiation.

C.

NAT traversal function deletes the verification process of the UDP port number during the IKE negotiation process, and implements the discovery function of the NAT gateway device in the VPN tunnel. That is, if the NAT gateway device is found, it will be used in the subsequent IPSec data transmission. UDP encapsulation

D.

IKE security mechanisms include DH Diffie-Hellman exchange and key distribution, complete forward security and SHA1 encryption algorithms.

Two USG firewalls failed to establish an IPSec VPN tunnel through the NAT traversal mode. Run the display ike sa command to view the session without any UDP 500 session. What are the possible reasons?

A.

public network route is unreachable

B.

Intermediate line device disables UDP port 500

C.

Intermediate line device disables UDP 4500 port

D.

Intermediate line device disables ESP packets

When an attack occurs, many packets are found on the attacked host (1.1.129.32) as shown in the figure. According to the analysis of the attack, what kind of attack is this attack?

A.

Smurf

B.

Land

C.

WinNuke

D.

Ping of Death

In the IKE V1 pre-shared key mode, what is the main role of the data captured in the following figure?

A.

negotiation phase 2 SA

B.

SA of negotiation phase 1

C.

is used to exchange D-H public values, required random numbers

D.

is used to exchange identity information

When the user's SSL VPN has been successfully authenticated, the user cannot access the Web-link resource. On the Web server, view the information as follows: netstat -anp tcp With the following information, which of the following statements is correct?

A.

intranet server does not open web service

B.

virtual gateway policy configuration error

C.

The connection between the virtual gateway and the intranet server is incorrect.

D.

Virtual gateway and intranet server are unreachable

 

The dual-system hot backup load balancing service interface works at Layer 3, and the upstream and downstream routers are connected to each other. The two USG devices are active and standby. Therefore, both the hrp track master and the hrp track slave must be configured on the morning service interface.

A.

TRUE

B.

FALSE