CISSP-ISSAP · Question #142
You work as a Chief Security Officer for Tech Perfect Inc. You have configured IPSec and ISAKMP protocol in the company's network in order to establish a secure communication infrastructure. ccording
The correct answer is B. It provides key generation mechanisms. C. It authenticates communicating peers. D. It protects against threats, such as DoS attack, replay attack, etc.. ISAKMP (RFC 2408) directly provides three security services to the network: key generation mechanisms (B) to produce cryptographic keying material, peer authentication (C) to verify the identity of communicating endpoints before any secure channel is established, and threat mitig
Question
You work as a Chief Security Officer for Tech Perfect Inc. You have configured IPSec and ISAKMP protocol in the company's network in order to establish a secure communication infrastructure. ccording to the Internet RFC 2408, which of the following services does the ISAKMP protocol offer to the network? Each correct answer represents a part of the solution. Choose all that apply.
Options
- AIt relies upon a system of security associations.
- BIt provides key generation mechanisms.
- CIt authenticates communicating peers.
- DIt protects against threats, such as DoS attack, replay attack, etc.
How the community answered
(27 responses)- A22% (6)
- B78% (21)
Explanation
ISAKMP (RFC 2408) directly provides three security services to the network: key generation mechanisms (B) to produce cryptographic keying material, peer authentication (C) to verify the identity of communicating endpoints before any secure channel is established, and threat mitigation (D), including built-in protections against replay attacks, denial-of-service, and man-in-the-middle attacks through message construction and state machine design.
Option A is the distractor because it inverts the relationship - ISAKMP does not rely upon security associations; rather, it establishes and manages them. Saying ISAKMP "relies on" SAs describes a dependency, not a service it offers to the network.
Memory tip: Think of ISAKMP as the negotiation engine - it Authenticates who you're talking to, Keys the session, and Shields against network-layer attacks (A-K-S). Security Associations are the output of ISAKMP's work, not its input - so "relies upon SAs" should immediately stand out as backward.
Topics
Community Discussion
No community discussion yet for this question.