How many packets does the IKE exchange use for Phase 1 Main Mode?
A.
6
B.
12
C.
1
D.
3
Explanation:
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
Phase I modes
Between Security Gateways, there are two modes for IKE phase I. These modes only apply to IKEv1:
• Main Mode
• Aggressive Mode
If aggressive mode is not selected, the Security Gateway defaults to main mode, performing the IKE negotiation using six packets; aggressive mode performs the IKE negotiation with three packets.
Main mode is preferred because:
• Main mode is partially encrypted, from the point at which the shared DH key is known to both peers.
• Main mode is less susceptible to Denial of Service (DoS) attacks. In main mode, the DH computation is performed after authentication. In aggressive mode, the DH computation is performed parallel to authentication. A peer that is not yet authenticated can force processor intensive Diffie-Hellman computations on the other peer.
Note – Use aggressive mode when a Check Point Security Gateway needs to negotiate with third party VPN solutions that do not support main mode
0
0
Hi Imram, Can you recommend me any Good Books/resources for CCSA EXAM?
0
0