JNCIP-SEC: Juniper Networks Certified Professional – Security (2024) — Question 64
You are deploying IPsec VPNs to securely connect several enterprise sites with OSPF for dynamic routing. Some of these sites are secured by third- party devices not running Junos.
Which two statements are true for this deployment? (Choose two.)
Answer options
- A. OSPF over IPsec can be used for intersite dynamic routing.
- B. Sites with overlapping address spaces can be supported.
- C. OSPF over GRE over IPsec is required to enable intersite dynamic routing.
- D. Sites with overlapping address spaces cannot be supported.
Correct answer: B, C
Explanation
The correct answers are B and C. B is accurate because IPsec can indeed handle overlapping address spaces when configured correctly, while C is true as OSPF typically requires GRE to function over IPsec for intersite dynamic routing. A is incorrect because OSPF alone cannot handle overlapping address spaces without GRE, and D is incorrect as overlapping address spaces can be managed in this context.