Fortinet Exam NSE7_SDW-7.2 Topic 1 Question 27 Discussion

Actual exam question for Fortinet's NSE7_SDW-7.2 exam

Question #: 27
Topic #: 1

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

AA peer ID is included in the first packet from the initiator, along with suggested security policies.

BXAuth is enabled as an additional level of authentication, which requires a username and password.

CThree packets are exchanged between an initiator and a responder instead of six packets.

DThe use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Show Suggested Answer

Suggested Answer: A, C

by Marylyn at Jan 13, 2025, 12:35 PM

Limited Time Offer

25%

Off

Get Premium NSE7_SDW-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Arminda

2 months ago

I'm pretty sure A and D are the right answers, but who comes up with these strange IPsec acronyms anyway? IKE, Diffie Hellman, what is this, a secret agent convention?

upvoted 0 times

Claudia

1 months ago

Yeah, A and D are the correct answers. It does feel like we're decoding secret agent messages sometimes with all these acronyms.

upvoted 0 times

...

Eric

1 months ago

I think you're right, A and D make sense. And yeah, the acronyms can be pretty confusing.

upvoted 0 times

...

Sharika

2 months ago

B is a trick answer, XAuth is a separate authentication mechanism, not part of the IKE negotiation modes. I hope the real exam doesn't have as many distractors as this practice question!

upvoted 0 times

Casie

1 months ago

Yeah, B was definitely a tricky one. I agree, I hope the real exam is more straightforward.

upvoted 0 times

...

Farrah

1 months ago

C) Three packets are exchanged between an initiator and a responder instead of six packets.

upvoted 0 times

...

Nan

1 months ago

A) A peer ID is included in the first packet from the initiator, along with suggested security policies.

upvoted 0 times

...

Arlean

2 months ago

C is definitely wrong, that's not how the packet exchange works in either mode. Gotta love these tricky networking questions, always keeping you on your toes!

upvoted 0 times

Luisa

1 months ago

A) A peer ID is included in the first packet from the initiator, along with suggested security policies.

upvoted 0 times

...

An

1 months ago

I know, these questions can be tricky sometimes!

upvoted 0 times

...

Isadora

2 months ago

D) The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

upvoted 0 times

...

Carolann

2 months ago

A) A peer ID is included in the first packet from the initiator, along with suggested security policies.

upvoted 0 times

...

Mona

2 months ago

I'm not sure about XAuth, but I think D is incorrect because Diffie Hellman keys are used in both main and aggressive mode.

upvoted 0 times

...

Magnolia

2 months ago

I agree with Stevie, because in main mode the peer ID is included in the first packet and only three packets are exchanged.

upvoted 0 times

...

Stevie

2 months ago

I think the answer is A and C.

upvoted 0 times

...

Alecia

2 months ago

A and D are correct. Main mode is more secure but takes longer, while aggressive mode is faster but less secure. I still can't believe we need to remember all these IPsec details for the exam!

upvoted 0 times

Rolland

1 months ago

I know, it's a lot to remember for the exam!

upvoted 0 times

...

Edda

2 months ago

D) The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

upvoted 0 times

...

Reiko

2 months ago

A) A peer ID is included in the first packet from the initiator, along with suggested security policies.

upvoted 0 times

...