PrepAway - Latest Free Exam Questions & Answers

What do the SA values in the graphic of IPSec that follows represent?

What do the SA values in the graphic of IPSec that follows represent?

PrepAway - Latest Free Exam Questions & Answers

A.
Security parameter index

B.
Security ability

C.
Security association

D.
Security assistant

Explanation:
C: Each IPSec VPN device will have at least one security association (SA) for each secure connection it uses. The SA, which is critical to the IPSec architecture, is a record of the
configurations the device needs to support an IPSec connection over a VPN connection. When two devices complete their handshaking process, which means they have agreed upon
a long list of parameters they will use to communicate, these data must be recorded and stored somewhere, which is in the SA. The SA can contain the authentication and encryption
keys, the agreed-upon algorithms, the key lifetime, the source IP address, and other information. When a device receives a packet via the IPSec protocol, it is the SA that tells the
device what to do with the packet. So if device B receives a packet from device C via IPSec, device B will look to the corresponding SA to tell it how to decrypt the packet, how to
properly authenticate the source of the packet, which key to use, and how to reply to the message if necessary.
A is incorrect because a security parameter index (SPI) keeps track of the different SAs. SAs are directional, so a device will have one SA for outbound traffic and a different SA for
inbound traffic for each individual communication channel. If a device is connecting to three devices, it will have at least six SAs, one for each inbound or outbound connection per
remote device. So how can a device keep all of these SAs organized and ensure that the right SA is invoked for the right connection? With the SPI, that’s how. Each device has an SPI
that keeps track of the different SAs and tells the device which one is appropriate to invoke for the different packets it receives.
B is incorrect because there is no component within IPSec officially referred to as security ability. This is a distracter answer.
D is incorrect because there is no component within IPSec officially referred to as security assistant. This is a distracter answer.

One Comment on “What do the SA values in the graphic of IPSec that follows represent?

  1. Joe says:

    Each IPSec VPN device will have at least one security association (SA) for each secure connection it uses. The SA, which is critical to the IPSec architecture, is a record of the configurations the device needs to support an IPSec connection over a VPN connection.




    0



    0

Leave a Reply