Valid CISSP Dumps shared by EduDump.com for Helping Passing CISSP Exam! EduDump.com now offer the newest CISSP exam dumps, the EduDump.com CISSP exam questions have been updated and answers have been corrected get the newest EduDump.com CISSP dumps with Test Engine here:
What is NOT an authentication method within IKE and IPsec?
Correct Answer: A
Explanation/Reference: Explanation: CHAP (Challenge Handshake Authentication Protocol) is not used within IKE and IPSec. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication - either pre-shared or distributed using DNS and a Diffie-Hellman key exchange - to set up a shared session secret from which cryptographic keys are derived. IKE phase one's purpose is to establish a secure authenticated communication channel by using the Diffie-Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption. Incorrect Answers: B: Pre-shared key is an authentication method that can be used within IKE and IPsec. C: Certificate-based authentication is an authentication method that can be used within IKE and IPsec. D: Public key authentication is an authentication method that can be used within IKE and IPsec. References: https://en.wikipedia.org/wiki/Internet_Key_Exchange