A system adminitrator is configuring a site-to-site VPN tunnel. Which of the following should be
configured on the VPN concentrator during the IKE phase?
A.
RIPEMD
B.
ECDHE
C.
Diffie-Hellman
D.
HTTPS
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
ECDH provides perfect forward secrecy which preshared keys don’t
My answer will be B .
0
2
Alex you are wrong:
After the participants have established a secure and authenticated channel, they proceed through Phase 2, in which they negotiate security associations (SAs) to secure the data to be transmitted through the IPsec tunnel.
Similar to the process for Phase 1, the participants exchange proposals to determine which security parameters to employ in the SA. A Phase 2 proposal also includes a security protocol—either Encapsulating Security Payload (ESP) or Authentication Header (AH)—and selected encryption and authentication algorithms. The proposal can also specify a Diffie-Hellman (DH) group, if Perfect Forward Secrecy (PFS) is desired.
Now I’m not sure which phase the question is referring to regardless:
The Diffie-Hellman algorithm relies on key exchange before data can be
sent. Usernames and passwords are considered a type of authentication. VPN
tunneling is done to connect a remote client to a network. Biometrics is the
science of identifying people by one of their physical attributes.
Answer is C
6
1