Implementing Cisco Network Security (IINS, legacy) — Question 57

Refer to the exhibit. While troubleshooting site-to-site VPN, you issue the show crypto ipsec sa command. What does the given output show?

Answer options

• A. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1
• B. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5
• C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5

Correct answer:

Explanation

The correct answer is B, as the show crypto ipsec sa command specifically displays information about IPSec Phase 2, which establishes the secure tunnel between the two endpoints. Option A is incorrect because it refers to ISAKMP, which is associated with Phase 1, and option C is wrong since it mentions IKE version 2, which is not directly related to the IPSec SA output.