JNCIP-SEC: Juniper Networks Certified Professional – Security (2024) — Question 46

You are asked to establish a hub-and-spoke IPsec VPN using an SRX Series device as the hub. All of the spoke devices are third-party devices.
Which statement is correct in this scenario?

Answer options

• A. You must statically configure the next-hop tunnel binding table entries for each of the third-party spoke devices.
• B. You must ensure that you are using aggressive mode when incorporating third-party devices as your spokes.
• C. You must always peer using loopback addresses when using non-Junos devices as your spokes.
• D. You must create a policy-based VPN on the hub device when peering with third-party devices.

Correct answer: A

Explanation

The correct answer is A because, when dealing with third-party devices, the next-hop tunnel binding table must be configured manually to ensure proper connectivity. Options B and C are incorrect as aggressive mode is not always required, and loopback addresses are not a necessity for non-Junos devices. Option D is also incorrect because policy-based VPNs are not the only method to connect with third-party devices.