Check Point Certified Security Administrator (CCSA) R80 — Question 362

Which of the following actions do NOT take place in IKE Phase 1?

Answer options

• A. Peers agree on encryption method.
• B. Diffie-Hellman key is combined with the key material to produce the symmetrical IPsec key.
• C. Peers agree on integrity method.
• D. Each side generates a session key from its private key and peer's public key.

Correct answer: B

Explanation

The correct answer is B because the combination of the Diffie-Hellman key with key material to create the symmetric IPsec key happens in IKE Phase 2, not Phase 1. In Phase 1, peers do agree on the encryption and integrity methods (options A and C), and they also generate a session key (option D) using their keys.