nerdexam
Cisco

350-701 · Question #91

Drag and Drop Question Drag and drop the descriptions from the left onto the correct protocol versions on the right. Answer:

The correct answer is uses six packets in main mode to establish phase 1; uses three packets in aggressive mode to establish phase 1; standard includes NAT-T; uses four packets to establish phase 1 and phase 2; uses EAP for authenticating remote access clients. IKEv1 uses six packets in main mode and three packets in aggressive mode to establish Phase 1, making it more verbose but main mode more secure due to identity protection. IKEv2 streamlined the process by combining Phase 1 and Phase 2 into just four packets total, natively includ

Submitted by klara.se· Mar 30, 2026Network Security / VPN and Cryptographic Protocols - understanding the differences between IKE version 1 and IKE version 2 in terms of packet exchange, NAT traversal support, and authentication mechanisms (commonly tested on CompTIA Security+, CySA+, or Cisco CCNP Security)

Question

Drag and Drop Question Drag and drop the descriptions from the left onto the correct protocol versions on the right. Answer:

Exhibit

350-701 question #91 exhibit

Answer Area

Drag items

standard includes NAT-Tuses six packets in main mode to establish phase 1uses four packets to establish phase 1 and phase 2uses three packets in aggressive mode to establish phase 1uses EAP for authenticating remote access clients

Correct arrangement

  • uses six packets in main mode to establish phase 1
  • uses three packets in aggressive mode to establish phase 1
  • standard includes NAT-T
  • uses four packets to establish phase 1 and phase 2
  • uses EAP for authenticating remote access clients

Explanation

IKEv1 uses six packets in main mode and three packets in aggressive mode to establish Phase 1, making it more verbose but main mode more secure due to identity protection. IKEv2 streamlined the process by combining Phase 1 and Phase 2 into just four packets total, natively includes NAT-T (NAT Traversal) as part of its standard, and supports EAP (Extensible Authentication Protocol) for authenticating remote access clients - features that were add-ons or absent in IKEv1. The correct arrangement maps IKEv1 to its main mode (6 packets) and aggressive mode (3 packets) characteristics, while IKEv2 gets the NAT-T, 4-packet, and EAP descriptions.

Topics

#IKEv1#IKEv2#IPsec#VPN Protocols

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice