Cisco Certified Network Associate (CCNA) Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Cisco Certified Network Associate (CCNA) Practice Exam. Test your knowledge with our interactive quizzes featuring multiple choice questions, hints, and explanations. Equip yourself for success!

Practice this question and more.


Which protocol within the IPsec framework is responsible for establishing security associations?

  1. Encapsulation Security Payload (ESP)

  2. Internet Key Exchange (IKE)

  3. Security Association (SA)

  4. Authentication Header (AH)

The correct answer is: Internet Key Exchange (IKE)

Internet Key Exchange (IKE) is the correct answer as it plays a crucial role in the IPsec framework by establishing security associations (SAs). Security associations are the agreements that define the parameters for secure communication between two parties. IKE facilitates this process by negotiating and managing the keys and algorithms required for encryption and authentication. It operates in two phases, ensuring that both entities agree on the necessary security measures before traffic begins. While Encapsulation Security Payload (ESP) and Authentication Header (AH) are used for securing data packets in transit by providing confidentiality, integrity, and authenticity, they do not establish the security associations themselves. Rather, ESP encapsulates the actual data and encrypts it, while AH provides integrity and authenticity for the packets. Security Association (SA) refers to the parameters agreed upon but does not define how those associations are established; this is the function performed by IKE. Thus, IKE is essential for setting up the groundwork that allows secure data transmission to take place using ESP or AH.