Dumps4download 640-554 Exam Question 1
Which description of the Diffie-Hellman protocol is true?
A. It uses symmetrical encryption to provide data confidentiality over an unsecured communications channel.
B. It uses asymmetrical encryption to provide authentication over an unsecured communications channel.
C. It is used within the IKE Phase 1 exchange to provide peer authentication.
D. It provides a way for two peers to establish a shared-secret key, which only they will know, even though they are communicating over an unsecured channel.
E. It is a data integrity algorithm that is used within the IKE exchanges to guarantee the integrity of the message of the IKE exchanges.
Modulus Group The Diffie-Hellman group to use for deriving a shared secret between the two IPsec peers without transmitting it to each other. A larger modulus provides higher security but requires more processing time. The two peers must have a matching modulus group. Options are:
•1—Diffie-Hellman Group 1 (768-bit modulus).
•2—Diffie-Hellman Group 2 (1024-bit modulus).
•5—Diffie-Hellman Group 5 (1536-bit modulus, considered good protection for 128-bit keys,but group 14 is better). If you are using AES encryption, use this group (or higher). The ASA supports this group as the highest group.
•7—Diffie-Hellman Group 7 (163-bit elliptical curve field size).
•14—Diffie-Hellman Group 14 (2048-bit modulus, considered good protection for 128-bit keys).
•15—Diffie-Hellman Group 15 (3072-bit modulus, considered good protection for 192-bit keys).
•16—Diffie-Hellman Group 16 (4096-bit modulus, considered good protection for 256-bit keys).