NSE 7 – Enterprise Firewall 7.0 — Question 6

Which statement about IKE and IKE NAT-T is true?

Answer options

• A. IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.
• B. IKE is the standard implementation for IKEv1 and IKE NAT-T is an extension added in IKEv2.
• C. They both use UDP as their transport protocol and the port number is configurable.
• D. They each use their own IP protocol number.

Correct answer: C

Explanation

The correct answer is C because both IKE and IKE NAT-T indeed utilize UDP for transport, and the port numbers are configurable. Option A is incorrect as IKE NAT-T is not limited to NAT scenarios. Option B is wrong since IKE NAT-T is a component of IKEv2, not an extension added to it. Option D is also incorrect because both protocols utilize UDP, not separate IP protocol numbers.