Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 478

Which two are required by IPSec in transport mode? (Choose two.)

Answer options

• A. Auto generated key
• B. NAT Traversal
• C. IKEv1
• D. DH-group 20 (ECP-384 bits)

Correct answer: A, D

Explanation

The correct answers are A and D because IPSec in transport mode requires an auto-generated key for secure communication and DH-group 20 (ECP-384 bits) for key exchange. Options B and C are not required in transport mode; NAT Traversal is related to issues with NAT devices, and IKEv1 is not a strict requirement for this mode.