IPSec Questions

Question 1

The session status for an IPsec tunnel with IPv6-in-IPv4 is down with the error message IKE message from 10.10.1.1 failed its sanity check or is malformed. Which statement describes a possible cause of this error?

A. There is a verification failure on the IPsec packet.
B. The SA has expired or has been cleared.
C. The pre-shared keys on the peers are mismatched.
D. There is a failure due to a transform set mismatch.
E. An incorrect packet was sent by an IPsec peer.

Answer: C

Question 2

Refer to the exhibit.

What is a possible reason for the IPSEC tunnel not establishing?

A. The peer is unreachable.
B. The transform sets do not match.
C. The proxy IDs are invalid.
D. The access lists do not match.

Answer: D

Question 3

What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec establishment?

A. It does not use Diffie-Hellman for secret exchange.
B. It does not support dead peer detection.
C. It does not support NAT traversal.
D. It does not hide the identity of the peer.

Answer: D

Question 4

Which three statements are functions that are performed by IKE phase 1? (Choose three)

A. It builds a secure tunnel to negotiate IKE phase 1 parameters.
B. It establishes IPsec security associations.
C. It authenticates the identities of the IPsec peers.
D. It protects the IKE exchange by negotiating a matching IKE SA policy.
E. It protects the identities of IPsec peers.
F. It negotiates IPsec SA parameters.

Answer: C D E