单选题 Two VPN peers are negotiating IKE phase 1 using main mode. Which message pair in the negotiation contains the phase 1 proposal for the peers？（）
message 1 and 2
message 3 and 4
message 5 and 6
message 7 and 8
单选题 You are not able to telnet to the interface IP address of your device from a PC on the same subnet. What iscausing the problem？（）
Telnet is not being permitted by self policy.
Telnet is not being permitted by security policy.
Telnet is not allowed because it is not considered secure.
Telnet is not enabled as a host-inbound service on the zone
syn-fin， syn-flood， and tcp-no-frag
syn-fin， port-scan， and tcp-no-flag
syn-fin， fin-no-ack， and tcp-no-frag
syn-fin， syn-ack-ack-proxy， and tcp-no-frag
You cannot assign an interface to a functional zone.
You can specifiy a functional zone in a security policy.
Security zones must have a scheduler applied.
You can use a security zone for traffic destined for the device itself.
单选题 You must configure a SCREEN option that would protect your device from a session table flood.Which configuration meets this requirement？（）
when one of the tunnel peers has a dynamic IP address
when one of the tunnel peers wants to force main mode to be used
when fragmentation of the IKE packet is required between the two peers
when one of the tunnel peers wants to specify a different phase 1 proposal
when the remote VPN peer is behind a NAT device
when multiple networks need to be reached across the tunnel and GRE cannot be used
when the remote VPN peer is a dialup or remote access client
when a dynamic routing protocol is required across the VPN and GRE cannot be used
Source NAT works only with source pools.
Destination NAT is required to translate the reply traffic.
Source NAT does not require a security policy to function.
The egress interface IP address can be used for source NAT
The same key is used for encryption and decryption.
It is commonly used to create digital certificate signatures.
It uses two keys： one for encryption and a different key for decryption.
An attacker can decrypt data if the attacker captures the key used for encryption
routing protocol daemon
session-based forwarding module
separate routing and security planes