Which two statements are correct about IPsec security associations? (Choose two.)
Which two statements are correct about IPsec security associations? (Choose two.)
IPsec security associations are unidirectional, meaning that each direction (inbound and outbound) has its own separate security association. These security associations are established during IKE Phase 2 negotiations. IKE Phase 1 is used to establish a secure channel between the two endpoints, but the actual IPsec security associations are set up in Phase 2.
The correct answer is BD
The correct answer is BD
unidirection and phase 2
A & C are correct IKE occurs over two phases. In the first phase, it negotiates security attributes and establishes shared secrets to form the bidirectional IKE SA. In the second phase, inbound and outbound IPsec SAs are established. The IKE SA secures the exchanges in the second phase. IKE also generates keying material, provides Perfect Forward Secrecy, and exchanges identities.
A & D looks correct
A. While it might seem that IPsec SAs are bidirectional because they facilitate two-way communication, technically, each SA is unidirectional. Two SAs (inbound and outbound) are used to achieve bidirectional communication. C. IKE Phase 1 is responsible for setting up a secure, authenticated channel (the IKE SA) but does not establish the IPsec SAs themselves. Those are established in IKE Phase 2.
I agree with 66dc178 each SA is unidirectional that equal one bidirectional communication in a nutshell answer is BD for me and IKE is completely bidirectional.