If you need strong protection for the encryption of user data, what option would be the BEST
choice?
A.
Use Diffie-Hellman for key construction and pre-shared keys for Quick Mode. Choose SHA in
Quick Mode and encrypt with AES. Use AH protocol. Switch to Aggressive Mode.
B.
When you need strong encryption, IPsec is not the best choice. SSL VPN’s are a better choice.
C.
Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use ESP
protocol.
D.
Disable Diffie-Hellman by using stronger certificate based key-derivation. Use AES-256 bit on
all encrypted channels and add PFS to QuickMode. Use double encryption by implementing AH
and ESP as protocols.
C
C. Use certificates for Phase 1, SHA for all hashes, AES for all encryption and PFS, and use
ESP protocol.
why? how are certificates related?
It’s C
Certificates that is certificateion authentication are more secure compared to PSK Auth.(Pre-shared Keys) when establishing VPN
YOu may think why not B?
Well, because of the phrasing “IPSecVPN is not a good choice.” It’s not the IPSecVPN as a whole, but what authentication was used that is either Certificate Auth or PSK Auth
Certificates are used in IPSecVPN as well ss SSL-VPN(add to that SSL VPN only applies to remote-access users, for site-to-site IPSecVPN is used