Exam 300-410 topic 1 question 365 discussion

A and D both are correct but remember to smoke before exam :P vIOS(config-isakmp)#hash ? md5 Message Digest 5 sha Secure Hash Standard sha256 Secure Hash Standard 2 (256 bit) sha384 Secure Hash Standard 2 (384 bit) sha512 Secure Hash Standard 2 (512 bit)

A & D is correct but SHA is safer than MD5. hence I choose A.

A is correct SHA is safer than MD5

A is correct answer Explanation In the “crypto isakmp key … address ” command, the address must be of the IP address of the other end (which is 200.1.1.3 in this case) so Option A and Option B are correct. The difference between these two options are in the hash SHA or MD5 method but both of them can be used although SHA is better than MD5 so we choose Option A the best answer. Note: Cisco no longer recommends using 3DES, MD5 and DH groups 1, 2 and 5. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_imgmt/configuration/xe-16- 5/sec-ipsec-management-xe-16-5-book/sec-ipsec-usability-enhance.html

D would be fast and simple, A more secure. no way to choose.

100 % "A", because sha is more safe than md5

SHA or SHA1 ? A doesn't look correct?

Agree with others. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ikevpn/configuration/xe-16-5/sec-ike-for-ipsec-vpns-xe-16-5-book/sec-key-exch-ipsec.html Cisco no longer recommends using DES, 3DES, MD5 (including HMAC variant), and Diffie-Hellman (DH) groups 1, 2 and 5; instead, you should use AES, SHA-256 and DH Groups 14 or higher.

correct answer A

I agree ... I think there is something missing in the question. Sha is safer, md5 is faster. Which one should be chosen? Only Cisco (if any) knows.

A and D is correct. i dont select one.