nerdexam
Exams300-730Questions#61
Cisco

300-730 · Question #61

300-730 Question #61: Real Exam Question with Answer & Explanation

The correct answer is D: preshared key. A preshared key (PSK) mismatch causes IKE Phase 1 authentication to fail. In IKEv1 Main Mode, both peers derive a SKEYID from the preshared key and use it to create a HASH payload that proves knowledge of the shared secret. If the keys differ, the HASH values will not match and t

Question

Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?

Options

  • Acrypto access list
  • BPhase 1 policy
  • Ctransform set
  • Dpreshared key

Explanation

A preshared key (PSK) mismatch causes IKE Phase 1 authentication to fail. In IKEv1 Main Mode, both peers derive a SKEYID from the preshared key and use it to create a HASH payload that proves knowledge of the shared secret. If the keys differ, the HASH values will not match and the peer will reject authentication - the debug typically shows 'ISAKMP: hash verification failed' or 'Authentication failed' during Phase 1. A crypto ACL mismatch (A) would allow Phase 1 to succeed but fail Phase 2 on proxy ID negotiation. A Phase 1 policy mismatch (B) would show 'no proposal chosen' before authentication even begins, as encryption and hash algorithms are negotiated first. A transform set mismatch (C) would fail Phase 2 SA negotiation after Phase 1 completes successfully.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-730 Practice