What can cause an IKEv2 tunnel to go down after it was initially brought up successfully? (Choose one answer)

A. A mismatched proposal was detected during the IKE_AUTH exchange.
B. A mismatched Diffie-Hellman group was detected during the IKE_SA_INIT exchange.
C. A mismatched pre-shared key was detected during the IKE_AUTH exchange.
D. Mismatched quick-mode selectors were detected during the Create_Child_SA exchange.

Correct Answer: D

Brave-Dump Clients Votes

D 80%

B 20%

Comments

Brave-Dumps.com Admin 2025-10-23 22:03:38

Selected Answers: B

Verified by Network Security Support Engineer Study Guide page 511

Fatma Salih 2026-01-13 12:42:07

Selected Answers: D

I think the answer is D. If there was a DH mismatch, the tunnel wouldn't come up in the 1st place.

Adam 2026-01-15 06:55:20

Selected Answers: D

IKEv2 exchanges:
1- IKE_SA_INIT exchange -> equivalent of IKEv1 phase1
2- IKE_Auth exchange -> authentication + first Child SA (equivalent of IKEv1 phase2 without DH Group)
3- Create_Child_SA exchange -> creates a new child SA or rekeys an existing child SA (with DH Group)
4- Informational exchange

As option B mentions DH Group mismatch in IKE_SA_INIT (phase1), then phase 1 won't be up initially to begin with, so option B should be wrong.

James 2026-01-24 21:53:26

Selected Answers: D

If the tunnel was initially brought up successfully, both of these phases must have succeeded.

Anonymous User 2026-04-05 17:55:38

Selected Answers: D

A, B, and C: All of these (mismatched proposals, DH groups, or Pre-Shared Keys) are checked during the initial handshake (IKE_SA_INIT or IKE_AUTH). If any of these were misconfigured, the tunnel would fail immediately at the start and would never be "initially brought up successfully."