How do you configure a basic IPsec SA proposal with AES-256 and SHA-256 in MikroTik?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the MTCNA Foundation Exam. Prepare with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your certification!

Multiple Choice

How do you configure a basic IPsec SA proposal with AES-256 and SHA-256 in MikroTik?

Explanation:
Choosing the algorithm suite for the IPsec Security Association determines how data is encrypted and how its integrity is verified. For a basic, strong, interoperable setup in MikroTik, you configure a proposal with AES-256-CBC as the encryption method and SHA-256 as the authentication method. This combination provides robust encryption (256-bit keys) and strong integrity checks using a widely supported hash. In MikroTik, you set these on the proposal by specifying enc-algorithms to aes-256-cbc and auth-algorithms to sha256 for the default proposal. The other options mix weaker or deprecated algorithms (like 3DES or MD5) or replace the authentication with an AEAD approach (AES-256-GCM) that handles integrity differently and isn’t used with a separate SHA-256 authentication setting in the same way. Hence, the listed configuration with aes-256-cbc and sha256 best fits a straightforward, secure baseline.

Choosing the algorithm suite for the IPsec Security Association determines how data is encrypted and how its integrity is verified. For a basic, strong, interoperable setup in MikroTik, you configure a proposal with AES-256-CBC as the encryption method and SHA-256 as the authentication method. This combination provides robust encryption (256-bit keys) and strong integrity checks using a widely supported hash.

In MikroTik, you set these on the proposal by specifying enc-algorithms to aes-256-cbc and auth-algorithms to sha256 for the default proposal. The other options mix weaker or deprecated algorithms (like 3DES or MD5) or replace the authentication with an AEAD approach (AES-256-GCM) that handles integrity differently and isn’t used with a separate SHA-256 authentication setting in the same way. Hence, the listed configuration with aes-256-cbc and sha256 best fits a straightforward, secure baseline.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy