View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam

NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials-Question 1 Discussion

If you implement IKEv2 in a VPN topology, which two statements are true? (Choose two answers)

A. Unlike IKEv1, it supports mode config.
B. It includes stronger Diffie-Hellman (DH) groups, such as Elliptic Curve (ECP) groups.
C. It exchanges a minimum of two messages to establish a secure tunnel.
D. It supports the extensible authentication protocol (EAP).

Correct Answer: B,D

Brave-Dump Clients Votes

BD 100%

Comments

Brave-Dumps.com Admin 2025-09-16 16:30:51

Selected Answers: B, D

EFE 7.6 Study guide pages 195 & 196

Adam 2026-01-18 03:24:24

Selected Answers: B, D

A is wrong because both IKEv1 and IKEv2 support mode config (set mode-cfg enable)
C is wrong because it requires at least 2 exchanges (IKE_SA_INIT and IKE_AUTH), and each of these exchanges has 2 messages (request and response), so 4 messages in total. Additional exchanges are (Create_Child_SA & Information Exchange), considering first Child SA is included in second exchange IKE_AUTH.
B should actually be wrong, as both IKEv1 and IKEv2 support same DH groups despite what is mentioned in Study Guide. Seems to be outdated info when ECC DH Groups were supported only in IKEv2.
What do you think?

Kalanidhi Mani Tripathi 2026-04-09 16:32:00
B is correct as IKEv1 rarely supports elliptic curve DH Groups