FCSS – Enterprise Firewall Administrator 7.4 — Question 21

Which two statements about IKEv2 are true if an administrator decides to implement IKEv2 in the VPN topology? (Choose two.)

Answer options

• A. It includes stronger Diffie-Hellman (DH) groups, such as Elliptic Curve (ECP) groups.
• B. It supports interoperability with devices using IKEv1.
• C. It exchanges a minimum of two messages to establish a secure tunnel.
• D. It supports the extensible authentication protocol (EAP).

Correct answer: A, D

Explanation

Answer A is correct because IKEv2 introduces stronger DH groups, including ECP, enhancing security. Answer D is also correct since IKEv2 supports EAP, allowing for more flexible authentication methods. Answers B and C are incorrect; while IKEv2 may have some compatibility features, it does not directly ensure interoperability with IKEv1, and it typically establishes a secure tunnel with fewer than two messages.