NGFW-ENGINEER · Question #99
NGFW-ENGINEER Question #99: Real Exam Question with Answer & Explanation
Sign in or unlock NGFW-ENGINEER to reveal the answer and full explanation for question #99. The question stem and answer options stay visible for context.
Question
A network architect is planning the deployment of a new IPSec VPN tunnel to connect a local data center to a cloud environment. The plan must include all necessary Security policy configurations for both tunnel negotiation and data transit. Which two Security policy requirements must be included in the implementation plan? (Choose two.)
Options
- AA policy must explicitly permit the IPSec container application between the external-facing zone
- BA policy must explicitly permit only the IKE application between the external-facing zone and local
- CA pair of policies is required to control the flow of data traffic into and out of the security zone
- DThe default interzone-default security policy is sufficient to allow the tunnel negotiation traffic
Unlock NGFW-ENGINEER to see the answer
You've previewed enough free NGFW-ENGINEER questions. Unlock NGFW-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.