FCSS – Enterprise Firewall Administrator 7.6 — Question 17

If you implement IKEv2 in a VPN topology, which two statements are true? (Choose two.)

Answer options

• A. Unlike IKEv1, it supports mode config.
• B. It includes stronger Diffie-Hellman (DH) groups, such as Elliptic Curve (ECP) groups.
• C. It supports the extensible authentication protocol (EAP).
• D. It exchanges a minimum of two messages to establish a secure tunnel.

Correct answer: B, C

Explanation

The correct answers, B and C, are accurate because IKEv2 indeed supports stronger Diffie-Hellman groups and the extensible authentication protocol. Option A is incorrect as IKEv2 does not support mode config, and option D is false because IKEv2 can establish a secure tunnel with fewer than two messages.