ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 95 discussion

Actual exam question from Cisco's 350-701
Question #: 95
Topic #: 1
[All 350-701 Questions]


Refer to the exhibit. A network administrator configured a site-to-site VPN tunnel between two Cisco IOS routers, and hosts are unable to communicate between two sites of VPN. The network administrator runs the debug crypto isakmp sa command to track VPN status. What is the problem according to this command output?

  • A. interesting traffic was not applied
  • B. encryption algorithm mismatch
  • C. authentication key mismatch
  • D. hashing algorithm mismatch
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by _nomad_ at Dec. 13, 2021, 5:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dr4gn00t
Highly Voted 3 years, 3 months ago
Selected Answer: C
Googling for MM_KEY_EXCH retransmission seems to indicate mismatch between shared secret
upvoted 19 times
...
denverfly
Highly Voted 3 years, 3 months ago
Answer:C https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html n the show crypto isakmp sa output, the state should always be QM_IDLE. If the state is MM_KEY_EXCH, it means either the configured pre-shared key is not correct or the peer IP addresses are different.
upvoted 14 times
CyberSecurity80
3 years, 2 months ago
I agree with this. Even though the command is "show crypto isakmp sa" not "ebug crypto isakmp sa command" but same idea
upvoted 1 times
...
...
Premium_Pils
Most Recent 9 months ago
Selected Answer: C
based on below explanation for MM_KEY_EXCH retransmission
upvoted 1 times
...
Marshpillowz
1 year, 1 month ago
Selected Answer: C
C is correct
upvoted 1 times
...
JavierAcuna
2 years ago
C MM_KEY_EXCH ANswer is C
upvoted 2 times
...
Carlis
2 years, 1 month ago
MM_KEY_EXCH indicates key exchange mismatch MM_NO_STATE would indicate isakmp policy mismatch (e.g.encryption)
upvoted 3 times
...
iratus_umbra
2 years, 1 month ago
Selected Answer: C
100% C is correct.
upvoted 1 times
...
Vlad_Is_Love_ua
2 years, 2 months ago
Selected Answer: C
C is CORRECT, because MM_KEY_EXCH = MisMatch Key Exchange
upvoted 2 times
Stevens0103
1 year, 3 months ago
MM_KEY_EXCH = Main Mode Key Exchange
upvoted 2 times
...
...
ddev3737
2 years, 3 months ago
C because B would right but paranoid keepalives message only occurs after MM_KEY_EXC error message
upvoted 2 times
Stevens0103
1 year, 3 months ago
Keepalives are messages exchanged between the peers to ensure that the VPN tunnel is still alive and functioning. The "paranoid keepalives" message suggests that the peer (10.10.12.2) does not support or engage in the paranoid keepalives mechanism. The "MM_KEY_EXCH" messages, on the other hand, specifically refer to Main Mode Key Exchange during IKE negotiation. These messages are part of the process of establishing a secure communication channel between the VPN peers. They are distinct aspects of the overall VPN establishment process.
upvoted 1 times
...
...
psuoh
2 years, 3 months ago
More likely mismatched authentication key issue... https://www.networkworld.com/article/2288666/chapter-4--common-ipsec-vpn-issues.html?page=3
upvoted 1 times
...
Emlia1
2 years, 4 months ago
Selected Answer: C
It's C
upvoted 2 times
...
Hereim
2 years, 6 months ago
It should be B - since the error message states "peer does not do paranoid keepalives" meaning PFS is tuned on at one end and off on the other end. If it was key mismatch we should see that in the debug.
upvoted 1 times
...
SulSulEi
2 years, 8 months ago
Selected Answer: C
Answet is C, please check below, https://www.google.com/amp/s/www.networkworld.com/article/2288666/chapter-4--common-ipsec-vpn-issues.amp.html
upvoted 2 times
...
surforlife
2 years, 9 months ago
all over the retry MM_KEY_EXCH, it means Mismatch Key Exchange! "C" is correct
upvoted 2 times
west33637
2 years, 4 months ago
thats main mode key exchange. not mismatch
upvoted 1 times
...
...
Bezos
2 years, 10 months ago
Selected Answer: C
C is the answer https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html
upvoted 3 times
...
getafix
2 years, 11 months ago
Selected Answer: B
Debugging isakmp logs show the actual message of key mismatch if there is a key mismatch. The exhibit in the question does not show the "key mismatch" message. The resulting logs would be due to a proposal mismatch
upvoted 2 times
...
Sattm1
3 years ago
Selected Answer: C
B and D show specific items that could be wrong - but we don't know which (or it could be mismatched secrets/auth methods). Here's a very basic ISAKMP config: C is the generic key mismatch - aka ISAKMP has failed- and that's all we see in the logs R3(config)# crypto isakmp policy 10 R3(config-isakmp)# authentication pre-share R3(config-isakmp)# encryption 3des R3(config-isakmp)# hash sha R3(config-isakmp)# group 2
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago