JNCIP-SEC: Juniper Networks Certified Professional – Security (2024) — Question 57

You are deploying OSPF over IPsec with an SRX Series device and third-party device using GRE.

Which two statements are correct? (Choose two.)

Answer options

• A. Overlapping addresses are allowed between remote networks.
• B. The GRE interface should use lo0 as endpoints
• C. The GRE interface must be configured under the OSPF protocol.
• D. The OSPF protocol must be enabled under the VPN zone.

Correct answer: C, D

Explanation

Option C is correct because the GRE interface must indeed be configured within the OSPF protocol for proper operation. Option D is also correct as enabling the OSPF protocol in the VPN zone is necessary for OSPF to function correctly over the IPsec tunnel. Options A and B are incorrect because overlapping addresses are not typically allowed in OSPF configurations, and the GRE interface does not have to use lo0 as endpoints.