NSE 7 – SD-WAN 6.4 — Question 52

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

Answer options

• A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
• B. XAuth is enabled as an additional level of authentication, which requires a username and password.
• C. Three packets are exchanged between an initiator and a responder instead of six packets.
• D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Correct answer: A, C

Explanation

In main mode, the initiator sends a peer ID and security policies in the first message, unlike aggressive mode, which does not include this information. Additionally, main mode requires six packets for negotiation, while aggressive mode only requires three, making option C correct and highlighting the efficiency of aggressive mode.