What should you implement to ensure a higher degree of key material security?

Your company has a requirement that if security is compromised on phase 1 of a Diffie-Hellman
key exchange that a secondary option will strengthen the security on the IPsec tunnel. What
should you implement to ensure a higher degree of key material security?

Your company has a requirement that if security is compromised on phase 1 of a Diffie-Hellman
key exchange that a secondary option will strengthen the security on the IPsec tunnel. What
should you implement to ensure a higher degree of key material security?

A.
Diffie-Hellman Phase II ESP

B.
PFS Group 5

C.
Transform-set SHA-256

D.
XAUTH with AAA authentication

E.
Diffie-Hellman Group 5 Phase I

Explanation:
IPsec Phases
IPsec has two phases:
IPsec session keys are derived from the initial keying material that was obtained during the Phase
1 Diffie- Hellman key exchange. The IPsec session keys can be optionally created using new,
independent Diffie-Hellman key exchanges by enabling the Perfect Forward Secrecy (PFS) option.
This Phase 2 exchange is called the IKE Quick Mode. IKE Quick Mode is one of two modes of IKE
Phase 2, with the other being the Group Domain of Interpretation (GDOI) Mode used by GET
VPN.



Leave a Reply 0

Your email address will not be published. Required fields are marked *