NSE 4 – FortiGate 5.4 — Question 50

What is IPsec Perfect Forwarding Secrecy (PFS)?

Answer options

• A. A phase-1 setting that allows the use of symmetric encryption.
• B. A phase-2 setting that allows the recalculation of a new common secret key each time the session key expires.
• C. A `key-agreement' protocol.
• D. A `security-association-agreement' protocol.

Correct answer: B

Explanation

The correct answer is B because Perfect Forwarding Secrecy (PFS) ensures that a new key is derived for each session, enhancing security by limiting the impact of a single key compromise. Option A is incorrect as it refers to a phase-1 setting, which does not pertain to PFS. Options C and D describe protocols that are not specifically related to the concept of PFS within IPsec.