PrepAway - Latest Free Exam Questions & Answers

What name is given to the option of specifying that keys should be exchanged at intervals during phase 2 of th

What name is given to the option of specifying that keys should be exchanged at intervals during
phase 2 of the IKE (ISAKMP) process?

PrepAway - Latest Free Exam Questions & Answers

A.
Regular key exchange

B.
Perfect forward secrecy

C.
Perfect key secrecy

D.
Perfect forward exchange

Explanation:

: In phase 2, the SA (Security association) negotiated in phase 1 is used by the peers to negotiate
an SA for encrypting the IPSEC traffic. Keys can be modified as often as required during a
connection lifetime by performing phase 2. Phase 2 provides additional security by refreshing the
keys to ensure the reliability of the SA´s and prevent a man-in-the-middle-attack, this can be
achieved by using the option “Perfect Forward secrecy” in the encryption properties of the VPN.
See Page 7.14 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1) .


Leave a Reply