nerdexam
Exams300-730Questions#219
Cisco

300-730 · Question #219

300-730 Question #219: Real Exam Question with Answer & Explanation

The correct answer is D: QM_IDLE. The 'show crypto isakmp sa' command displays the state of IKEv1 Phase 1 security associations. QM_IDLE indicates that Phase 1 (Main Mode) completed successfully and the ISAKMP SA is active.

Question

Which state means IKEv1 Phase 1 is up when the show crypto isakmp sa command is run?

Options

  • AQM_AUTH_AWAIT
  • BMM_KEY_EXCH
  • CMM_SA_SETUP
  • DQM_IDLE

Explanation

The 'show crypto isakmp sa' command displays the state of IKEv1 Phase 1 security associations. QM_IDLE indicates that Phase 1 (Main Mode) completed successfully and the ISAKMP SA is active.

Common mistakes.

  • A. QM_AUTH_AWAIT indicates the device is waiting for authentication during Quick Mode, meaning Phase 1 is not yet fully complete.
  • B. MM_KEY_EXCH indicates the peers are in the middle of Diffie-Hellman key exchange during Main Mode, so Phase 1 is still in progress.
  • C. MM_SA_SETUP indicates the ISAKMP SA parameters are still being negotiated in Main Mode, so Phase 1 has not completed.

Concept tested. IKEv1 Phase 1 ISAKMP SA state interpretation

Reference. https://www.cisco.com/c/en/us/support/docs/security/ios-ipsec/5409-ipsec-debug-00.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice