IKE Quiz

Play an AI-generated podcast conversation about this lesson

Which SA is negotiated during phase 1?

Both IKE SA and IPsec SA

Neither IKE SA nor IPsec SA

IPsec SA

IKE SA (correct)

Which SA is used for encrypting the data sent through the tunnel?

IPsec SA (correct)

Neither IKE SA nor IPsec SA

IKE SA

Both IKE SA and IPsec SA

Which version of IKE is considered the legacy version?

Both IKE-v1 and IKE-v2

IKE-v1 (correct)

Neither IKE-v1 nor IKE-v2

IKE-v2

Which version of IKE is considered simpler to operate?

IKE-v2 Signup and view all the answers

Which version of IKE exclusively supports the network ID feature?

IKE-v2 Signup and view all the answers

Which version of IKE is best suited for SD-WAN deployments?

IKE-v2 Signup and view all the answers

Which version of IKE supports denying access to spokes without using a certificate signature?

IKE-v1 Signup and view all the answers

Which version of IKE supports establishing multiple AD-VPN shortcuts between the same pair of local and remote gateway addresses?

IKE-v2 Signup and view all the answers

Which version of IKE is often preferred for security-wise deployments?

IKE-v2 Signup and view all the answers

Which topology is commonly used in SD-WAN deployments using IPsec overlays?

Hub-and-spoke topology Signup and view all the answers

Which protocol negotiates the private keys, authentication method, and encryption for creating an IPsec tunnel?

IKE-v2 Signup and view all the answers

What is the outcome of Phase 1 in IKE?

IKE SA Signup and view all the answers

What is the outcome of Phase 2 in IKE?

IPsec SA Signup and view all the answers

Which version of IKE is known for its wider adoption and is considered legacy?

IKE-v1 Signup and view all the answers

Which version of IKE is known for its simpler operation, more features, and increasing adoption?

IKE-v2 Signup and view all the answers

Which version of IKE is usually preferred for SD-WAN and has a network ID feature for AD-VPN?

IKE-v2 Signup and view all the answers

What are SAs in the context of IPsec?

Security Associations Signup and view all the answers

What happens if both sides cannot agree on the security rules for sending data and verifying each other's identity in an IPsec tunnel?

The tunnel is terminated Signup and view all the answers

What needs to happen when SAs expire in an IPsec tunnel?

They need to be renewed Signup and view all the answers

How many distinct phases does IKE use?

2 Signup and view all the answers

Which direction is most of the IPsec overlay traffic initiated from?

Spoke to hub Signup and view all the answers

Where are the workloads located that are protected by the hub?

On both the hub and the spokes Signup and view all the answers

Why is SD-WAN usually deployed on the spokes only?

Because most of the traffic is initiated in the spoke-to-hub direction Signup and view all the answers

In which direction is traffic also initiated, requiring SD-WAN on the hub side?

Hub to spoke Signup and view all the answers

What routing protocol is used to exchange routing information through the overlays?

BGP Signup and view all the answers

What are the IP subnets used for the overlays established over the ISP1 underlay?

10.201.1.0/24 Signup and view all the answers

What are the IP subnets used for the overlays established over the ISP2 underlay?

10.202.1.0/24 Signup and view all the answers

What is the goal for all sites in terms of exchanging prefixes over overlays?

To exchange prefixes over all available overlays Signup and view all the answers

Why is dynamic routing preferred over static routing in this scenario?

Because of scalability reasons and AD-VPN requirements Signup and view all the answers

What is AD-VPN?

A type of VPN that uses dynamic routing Signup and view all the answers

IKE Quiz

Choose a study mode

Podcast

Questions and Answers

Which SA is negotiated during phase 1?

Which SA is used for encrypting the data sent through the tunnel?

Which version of IKE is considered the legacy version?

Which version of IKE is considered simpler to operate?

Which version of IKE exclusively supports the network ID feature?

Which version of IKE is best suited for SD-WAN deployments?

Which version of IKE supports denying access to spokes without using a certificate signature?

Which version of IKE supports establishing multiple AD-VPN shortcuts between the same pair of local and remote gateway addresses?

Which version of IKE is often preferred for security-wise deployments?

Which topology is commonly used in SD-WAN deployments using IPsec overlays?

Which protocol negotiates the private keys, authentication method, and encryption for creating an IPsec tunnel?

What is the outcome of Phase 1 in IKE?

What is the outcome of Phase 2 in IKE?

Which version of IKE is known for its wider adoption and is considered legacy?

Which version of IKE is known for its simpler operation, more features, and increasing adoption?

Which version of IKE is usually preferred for SD-WAN and has a network ID feature for AD-VPN?

What are SAs in the context of IPsec?

What happens if both sides cannot agree on the security rules for sending data and verifying each other's identity in an IPsec tunnel?

What needs to happen when SAs expire in an IPsec tunnel?

How many distinct phases does IKE use?

Which direction is most of the IPsec overlay traffic initiated from?

Where are the workloads located that are protected by the hub?

Why is SD-WAN usually deployed on the spokes only?

In which direction is traffic also initiated, requiring SD-WAN on the hub side?

What routing protocol is used to exchange routing information through the overlays?

What are the IP subnets used for the overlays established over the ISP1 underlay?

What are the IP subnets used for the overlays established over the ISP2 underlay?

What is the goal for all sites in terms of exchanging prefixes over overlays?

Why is dynamic routing preferred over static routing in this scenario?

What is AD-VPN?

More Like This

Mastering Bandwidth SLA

Introduction to Internet Key Exchange (IKE)

Upgrade to continue