CompTIA SecurityX (CAS-005) — Question 56

A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating:
An error has occurred during Phase 1 handshake. Deleting keys and retrying...
Which of the following is most likely the reason the connection is failing?

Answer options

• A. The IKE hashing algorithm uses different key lengths on each VPN device.
• B. The IPSec settings allow more than one cipher suite on both devices.
• C. The Diffie-Hellman group on both sides matches but is a legacy group.
• D. The remote VPN is attempting to connect with a protocol other than SSL/TLS.

Correct answer: A

Explanation

The correct answer is A because a mismatch in key lengths for the IKE hashing algorithm can prevent the Phase 1 handshake from completing successfully. Options B, C, and D are less likely to be the cause, as they do not directly relate to the specific error message regarding the Phase 1 handshake failure.