PrepAway - Latest Free Exam Questions & Answers

Which of the following will end the intruder’s access after the next Phase 2 exchange occurs?

Assume an intruder has succeeded in compromising your current IKE Phase 1 and Phase 2 keys.
Which of the following will end the intruder’s access after the next Phase 2 exchange occurs?

PrepAway - Latest Free Exam Questions & Answers

A.
DES Key Reset

B.
MD5 Hash Completion

C.
SHA1 Hash Completion

D.
Phase 3 Key Revocation

E.
Perfect Forward Secrecy

Explanation:

Perfect Forward Secrecy
Perfect Forward Secrecy (PFS) is a layer of protection that can be added to

Phase 2. Using this option adds a Diffie-Hellman key exchange to Phase 2
negotiations (it normally occurs only in Phase 1). If your Phase 1 keys were
compromised, an attacker could decrypt Phase 2 exchanges to get your IPSec
keys (VPN session keys). This scenario is prevented by adding a DiffieHellman key exchange to Phase 2. Even if an attacker got your Phase I keys,
they would need to get your Phase 2 keys to uncover the IPSec keys necessary
to decrypt your traffic. Because Phase 2 occurs every hour, it’s highly
unlikely that the attacker would have time to decipher your Phase 2 keys
before they were renegotiated.


Leave a Reply