An auditor reviewed your companys firewall configurations and is requiring that IPsec VPN connections must not expose IKE identities during IKE negotiations. Which two methods satisfy this requirement? (Choose two.)
Suggested Answer:A🗳️
Main Mode and Aggressive Mode - IKE phase 1 negotiations are used to establish IKE SAs. These SAs protect the IKE phase 2 negotiations. IKE uses one of two modes for phase 1 negotiations: main mode or aggressive mode. The choice of main or aggressive mode is a matter of tradeoffs. Some of the characteristics of the two modes are: ✑ Main mode - Protects the identities of the peers during negotiations and is therefore more secure. - Enables greater proposal flexibility than aggressive mode. - Is more time consuming than aggressive mode because more messages are exchanged between peers. (Six messages are exchanged in main mode.) ✑ Aggressive mode - Exposes identities of the peers to eavesdropping, making it less secure than main mode. - Is faster than main mode because fewer messages are exchanged between peers. (Three messages are exchanged in aggressive mode.) - Enables support for fully qualified domain names (FQDNs) when the router uses preshared keys. Reference: https://www.juniper.net/techpubs/en_US/junose10.3/information-products/topic-collections/swconfig-ip-services/id-79352.html
This section is not available anymore. Please use the main Exam Page.JN0-1330 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kumaravinash92
4 years, 4 months agoBabai
4 years, 6 months ago