Cisco
300-415 · Question #291
300-415 Question #291: Real Exam Question with Answer & Explanation
The correct answer is C: Authentication is 2048-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-SHA1.. In Cisco SD-WAN, an IPsec tunnel uses a 2048-bit key for authentication, AES-256 cipher for encryption, and ESP with HMAC-SHA1 for integrity, providing a robust security posture.
Security and Quality of Service
Question
Which set of key security components of authentication, encryption, and integrity is used to establish an IPsec tunnel in the Cisco SD-WAN solution?
Options
- AAuthentication is 1024-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-MD5.
- BAuthentication is 1024-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-MD5.
- CAuthentication is 2048-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-SHA1.
- DAuthentication is 2048-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-SHA1.
Explanation
In Cisco SD-WAN, an IPsec tunnel uses a 2048-bit key for authentication, AES-256 cipher for encryption, and ESP with HMAC-SHA1 for integrity, providing a robust security posture.
Common mistakes.
- A. This option uses a weaker 1024-bit key and AES-128 cipher, and HMAC-MD5 for integrity, which are generally less secure than the commonly recommended standards for enterprise SD-WAN.
- B. This option uses a weaker 1024-bit key and HMAC-MD5 for integrity, both of which are not as strong as 2048-bit keys and HMAC-SHA1 or higher for robust security.
- D. While using a strong 2048-bit key and HMAC-SHA1, the AES-128 cipher for encryption is less secure than AES-256, which is typically preferred for strong IPsec encryption.
Concept tested. Cisco SD-WAN IPsec security components
Topics
#IPsec#SD-WAN Security#Encryption#Authentication
Community Discussion
No community discussion yet for this question.