Which two functions are required for IPsec operation? (Choose two.)
A.
using SHA for encryption
B.
using PKI for pre-shared key authentication
C.
using IKE to negotiate the SA
D.
using AH protocols for encryption and authentication
E.
using Diffie-Hellman to establish a shared-secret key
Explanation:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
Configure ISAKMP
IKE exists only to establish SAs for IPsec. Before it can do this, IKE must negotiate an SA (an ISAKMP
SA) relationship with the peer. Since IKE negotiates its own policy, it is possible to configure multiple
policy statements with different configuration statements, then let the two hosts come to an
agreement. ISAKMP negotiates:
Oakley
This is a key exchange protocol that defines how to acquire authenticated keying material. The basic
mechanism for Oakley is the Diffie-Hellman key exchange algorithm. You can find the standard in
RFC 2412: The OAKLEY Key Determination Protocol leavingcisco.com.