FCSS – Network Security Specialist 7.6 — Question 32

What can cause an IKEv2 tunnel to go down after it was initially brought up successfully?

Answer options

• A. A mismatched proposal was detected during the IKE_AUTH exchange.
• B. A mismatched pre-shared key was detected during the IKE_AUTH exchange.
• C. Mismatched quick-mode selectors were detected during the Create_Child_SA exchange.
• D. A mismatched Diffie-Hellman group was detected during the IKE_SA_INIT exchange.

Correct answer: C

Explanation

Answer C is correct because mismatched quick-mode selectors during the Create_Child_SA exchange can prevent the tunnel from re-establishing after it has initially been set up. Options A and B relate to the IKE_AUTH exchange, which occurs before the tunnel is fully established, and option D concerns the IKE_SA_INIT exchange, which is also prior to tunnel establishment.