Which description of the Diffie-Hellman protocol is true?
A.
It uses symmetrical encryption to provide data confidentiality over an unsecured communications
channel.
B.
It uses asymmetrical encryption to provide authentication over an unsecured communications
channel.
C.
It is used within the IKE Phase 1 exchange to provide peer authentication.
D.
It provides a way for two peers to establish a shared-secret key, which only they will know, even
though they are communicating over an unsecured channel.
E.
It is a data integrity algorithm that is used within the IKE exchanges to guarantee the integrity of
the message of the IKE exchanges.
Explanation:
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/securit
y_manager/4.1/user/guide/vpipsec.html
Modulus GroupThe Diffie-Hellman group to use for deriving a shared secret between the two IPsec peers without
transmitting it to each other. A larger modulus provides higher security but requires more processing
time. The two peers must have a matching modulus group. Options are:
•1—Diffie-Hellman Group 1 (768-bit modulus).
•2—Diffie-Hellman Group 2 (1024-bit modulus).
•5—Diffie-Hellman Group 5 (1536-bit modulus, considered good protection for 128-bit keys, but
group 14 is better). If you are using AES encryption, use this group (or higher). The ASA supports this
group as the highest group.
•7—Diffie-Hellman Group 7 (163-bit elliptical curve field size).
•14—Diffie-Hellman Group 14 (2048-bit modulus, considered good protection for 128-bit keys).
•15—Diffie-Hellman Group 15 (3072-bit modulus, considered good protection for 192-bit keys).
•16—Diffie-Hellman Group 16 (4096-bit modulus, considered good protection for 256-bit keys).