nerdexam
Exams210-260Questions#44
Cisco

210-260 · Question #44

210-260 Question #44: Real Exam Question with Answer & Explanation

The correct answer is A: IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5. Phase 1 of IPsec is used to establish a secure channel between the two peers that will be used for further data transmission. The ASAs will exchange secret keys, they authenticate each other and will negotiate about the IKE security policies. This is what happens in phase 1: Auth

Question

Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto isakmp as command. What does the given output show?

Options

  • AIPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5
  • BIPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5
  • CIPSec Phase 1 is down due to a QM_IDLE state
  • DIPSEc Phase 2 is down due to a QM_IDLE state

Explanation

Phase 1 of IPsec is used to establish a secure channel between the two peers that will be used for further data transmission. The ASAs will exchange secret keys, they authenticate each other and will negotiate about the IKE security policies. This is what happens in phase 1: Authenticate and protect the identities of the IPsec peers. Negotiate a matching IKE policy between IPsec peers to protect the IKE exchange. Perform an authenticated Diffie-Hellman exchange to have matching shared secret keys. Setup a secure tunnel for IKE phase 2.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-260 Practice