What name is given to the option of specifying that keys should be exchanged at intervals during
phase 2 of the IKE (ISAKMP) process?
A.
Regular key exchange
B.
Perfect forward secrecy
C.
Perfect key secrecy
D.
Perfect forward exchange
Explanation:
: In phase 2, the SA (Security association) negotiated in phase 1 is used by the peers to negotiate
an SA for encrypting the IPSEC traffic. Keys can be modified as often as required during a
connection lifetime by performing phase 2. Phase 2 provides additional security by refreshing the
keys to ensure the reliability of the SA´s and prevent a man-in-the-middle-attack, this can be
achieved by using the option “Perfect Forward secrecy” in the encryption properties of the VPN.
See Page 7.14 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1) .