Implementing Cisco SD-WAN Solutions (ENSDWI) — Question 304

Which set of key security components of authentication, encryption, and integrity is used to establish an IPsec tunnel in the Cisco SD-WAN solution?

Answer options

• A. Authentication is 1024-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-MD5.
• B. Authentication is 1024-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-MD5.
• C. Authentication is 2048-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-SHA1.
• D. Authentication is 2048-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-SHA1.

Correct answer: C

Explanation

The correct answer is C because it specifies a 2048-bit key for authentication, which enhances security, and uses AES-256 for encryption, which is stronger than AES-128. The integrity is maintained using ESP with HMAC-SHA1, which is more secure than HMAC-MD5 used in options A and B. Option D has a weaker encryption method (AES-128) compared to option C.