CompTIA CASP+ (CAS-004) — Question 381

A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating:

An error has occurred during Phase 1 handshake. Deleting keys and retrying...

Which of the following is most likely the reason the connection is failing?

Answer options

• A. The IKE hashing algorithm uses different key lengths on each VPN device.
• B. The IPSec settings allow more than one cipher suite on both devices.
• C. The Diffie-Hellman group on both sides matches but is a legacy group.
• D. The remote VPN is attempting to connect with a protocol other than SSL/TLS.

Correct answer: A

Explanation

The correct answer is A because mismatched key lengths in the IKE hashing algorithm can prevent the Phase 1 handshake from succeeding. Options B, C, and D are less likely to be the cause of the failure since they do not directly affect the initial handshake process between the VPN devices.