03-12-2022 11:36 AM
Hello,
In my certification book, Chapter 8 question 2 says:
You are hired to configure a site-to-site VPN between a Cisco FTD device and a Cisco
IOS-XE router. Which of the following encryption and hashing protocols will you
select for optimal security?
a. AES-192, SHA, Diffie-Hellman Group 21
b. IDEA, SHA, Diffie-Hellman Group 2
c. AES-192, SHA, Diffie-Hellman Group 5
d. AES-256, SHA, Diffie-Hellman Group 21
The book shows the answer as A. It's wrong isn't it? I can't find any reference for AES-192 being better. I know it wouldn't have the same processing load as AES-256, but I would think the stronger encryption is better.
Solved! Go to Solution.
03-12-2022 11:43 AM
@sanchezeldorado yes I'd agree answer D would be more secure.
The closest Cisco document regarding preferred ciphers is this link https://gblogs.cisco.com/uki/deep-dive-a-vpn-journey/ albeit it's referring to IKEv2 proposals, it states AES-CBC-256 would be preferred over 192.
03-12-2022 11:43 AM
@sanchezeldorado yes I'd agree answer D would be more secure.
The closest Cisco document regarding preferred ciphers is this link https://gblogs.cisco.com/uki/deep-dive-a-vpn-journey/ albeit it's referring to IKEv2 proposals, it states AES-CBC-256 would be preferred over 192.
03-12-2022 12:53 PM
Thank you! Just wanted to make sure I wasn't crazy.
03-14-2022 03:32 AM
Yes AES-256 would be preferred over AES-192. Both FTD and IOS-XE support AES-256.
The book is a bit outdated. DH groups 16 or 20 would be preferred over 21.
The hashing algorithm should also specify what type of SHA (SHA-1, SHA-256, SHA-384, SHA-512 etc.).
06-12-2022 01:26 AM
Thanks posting this question and the discussion. I am preparing for 350-701 too and about to post this question for the community but found out the same question posted .
I confirmed answer D with 256 bit is more secured. I might send feedback for Cisco press including other observations- in case they publish 2nd version of errata.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide