When using Elliptic Curve Diffie-Hellman (ECDH), the following groups are commonly used:
DH Group 19 → 256-bit ECDH (NIST P-256)
DH Group 20 → 384-bit ECDH (NIST P-384)
DH Group 21 → 521-bit ECDH (NIST P-521)
Among the given options, Group 19 (256-bit ECDH) is the correct choice when ECDH is required in a VPN configuration.
If ECDH is required, Group 24 is NOT suitable (you should use Groups 19, 20, or 21 instead).
If you are using traditional DH and need more security than Group 14, then Group 24 can be a good choice because It is not an ECDH group; instead, it is a traditional DH MODP group.
It provides enhanced security over DH Group 14 (2048-bit MODP) by incorporating a 256-bit prime order subgroup, mitigating some vulnerabilities related to small subgroup attacks.
B.
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-overview.html#:~:text=19%E2%80%94Diffie%2D-,Hellman%20Group%2019%3A,-National%20Institute%20of
https://community.cisco.com/t5/security-knowledge-base/diffie-hellman-groups/ta-p/3147010/page/2/show-comments/true#:~:text=Diffie%2DHellman%20group-,19,-%2D%20256%20bit
"B" is correct. Explanation:
In the context of VPN configurations, especially when using ECDH (Elliptic Curve Diffie-Hellman), the specific Diffie-Hellman (DH) group numbers may vary depending on the implementation or device. However, in common VPN standards like IKEv2 (Internet Key Exchange version 2), the Diffie-Hellman group numbers for ECDH are standardized.
For ECDH, the Diffie-Hellman group number is typically represented as "Group 19" or "Group 256." The number 19 corresponds to the elliptic curve group called ECP-256, which uses a 256-bit key.
Therefore, the correct choice for ECDH in a VPN configuration is often referred to as Group 19 or Group 256. Both representations can be used interchangeably. Always refer to your specific VPN device documentation or configuration settings to ensure compatibility and accurate representation of the Diffie-Hellman group when implementing ECDH in your VPN setup.
I disagree with you.
Please note that to implement the NSA Suite B cryptography specification, you use IKEv2 and select one of the elliptic curve Diffie-Hellman (ECDH) options: 19, 20, or 21. Therefore from the option given in this question, the correct answer is group 19 for ECDH.
Reference: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/vpn-overview.html
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.300-730 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ahmadpbi
1 month, 2 weeks agoemaurri
6 months agopfrank
1 year, 2 months agokylesam2017
1 year, 4 months agokylesam2017
1 year, 5 months agomlv_2023
1 year, 6 months agoQueeny
1 year, 5 months ago