NGFW-ENGINEER · Question #125
NGFW-ENGINEER Question #125: Real Exam Question with Answer & Explanation
Sign in or unlock NGFW-ENGINEER to reveal the answer and full explanation for question #125. The question stem and answer options stay visible for context.
Question
An engineer is configuring a site-to-site IPSec VPN to a partner network. The IKE Gateway and IPSec tunnel configurations are complete, and the tunnel interface has been assigned to a security zone. However, the tunnel fails to establish, and no application traffic passes through it once it is up. Which two Security policy configurations are required to allow tunnel establishment and data traffic flow in this scenario? (Choose two.)
Options
- AA security rule is needed to allow IKE and IPSec traffic between the zone where the physical
- BA single bidirectional security rule must be configured to manage traffic flowing through the tunnel
- CSecurity rules must be configured to permit application traffic from the local zone to the tunnel
- DAn Application Override policy is needed to allow both the IKE negotiation and the encapsulated
Unlock NGFW-ENGINEER to see the answer
You've previewed enough free NGFW-ENGINEER questions. Unlock NGFW-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.