Check Point Certified Security Administrator (CCSA) R80 — Question 257

Which is NOT an encryption algorithm that can be used in an IPSEC Security Association (Phase 2)?

Answer options

• A. AES-GCM-256
• B. AES-CBC-256
• C. AES-GCM-128
• D. DES

Correct answer: B

Explanation

The correct answer is B, as AES-CBC-256 is not commonly supported in IPSEC Phase 2 configurations. The other options, including AES-GCM-256, AES-GCM-128, and DES, are recognized encryption algorithms that can be utilized in this context.