NSE 7 – SD-WAN 6.4 — Question 20

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

Answer options

• A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
• B. XAuth is enabled as an additional level of authentication, which requires a username and password.
• C. A total of six packets are exchanged between an initiator and a responder instead of three packets.
• D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Correct answer: A, C

Explanation

Option A is correct because main mode includes a peer ID in the initial packet, while aggressive mode does not. Option C is also correct as main mode exchanges six packets, whereas aggressive mode only requires three. The other options do not accurately describe the differences between the two modes.