156-215.80 · Question #261
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?
The correct answer is C. Certificates and pre-shared secret. IPsec VPN gateways use one of two IKE authentication methods to establish trust before exchanging keying material: digital certificates or a pre-shared secret (PSK).
Question
VPN gateways must authenticate to each other prior to exchanging information. What are the two types of credentials used for authentication?
Options
- A3DES and MD5
- BCertificates and IPsec
- CCertificates and pre-shared secret
- DIPsec and VPN Domains
How the community answered
(42 responses)- A7% (3)
- B2% (1)
- C88% (37)
- D2% (1)
Why each option
IPsec VPN gateways use one of two IKE authentication methods to establish trust before exchanging keying material: digital certificates or a pre-shared secret (PSK).
3DES and MD5 are encryption and hashing algorithms used for data integrity and confidentiality, not authentication credentials.
IPsec is the broader security framework/protocol suite, not an authentication credential type used by IKE.
IKE Phase 1 requires peers to authenticate each other before establishing a secure channel. The two supported authentication credential types in IKE are X.509 digital certificates (issued by a CA) and pre-shared secrets (a symmetric passphrase configured on both peers). These are the only two credential mechanisms defined by the IKE standard for peer authentication.
IPsec is a protocol, not a credential, and VPN Domains define the networks protected by the VPN - neither is an authentication credential.
Concept tested: IKE peer authentication methods - certificates vs PSK
Source: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_VPN_AdminGuide/Topics-VPNguide/Authentication-in-VPNs.htm
Topics
Community Discussion
No community discussion yet for this question.