JNCIE-DC: Juniper Networks Certified Expert – Data Center — Question 2

What is one way to increase the security of a site-to-site IPsec VPN tunnel?

Answer options

• A. Implement a stronger Diffie-Hellman group.
• B. Change IKE Phase 1 from main mode to aggressive mode.
• C. Implement traffic selectors.
• D. Implement a policy-based VPN.

Correct answer: C

Explanation

Implementing traffic selectors enhances security by allowing the specification of which traffic is protected by the VPN, thus limiting exposure. The other options either do not directly increase security or may even reduce it; for example, aggressive mode in IKE Phase 1 is less secure than main mode.