OSPF Authentication Configuration | Exam 400-251: CCIE Security | Cisco

OSPF Authentication Configuration

Prev Question Next Question

Question

Which two statements about the OSPF authentication configuration are true? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

BF.

The correct answers for this question are C and F.

Explanation:

A. OSPF authentication is not required in area 0. Authentication is an optional feature in OSPF and can be configured on a per-interface basis. It is not related to the OSPF area.

B. There are two types of OSPF authentication options available: plain text authentication and MD5 authentication.

C. In MD5 authentication, the password is encrypted when it is sent. The MD5 authentication algorithm uses a secret key to encrypt the password, and the encrypted password is sent across the network. This provides a level of security as the password cannot be easily intercepted.

D. Null authentication means no authentication is used. The password is not included in the OSPF packet, and the authentication process is bypassed. Therefore, there is no clear-text password in null authentication.

E. Type-3 authentication is not a valid OSPF authentication type. OSPF only supports plain text authentication and MD5 authentication.

F. In MD5 authentication, the password never goes across the network. Instead, the password is used to generate an encrypted message digest, which is sent across the network. The receiving router then uses the same password to generate its own message digest and compares it to the received message digest. If they match, the authentication is successful. This means that the password itself is never sent across the network, providing a higher level of security.

In summary, OSPF authentication is an optional feature that can be used to secure OSPF routing updates. OSPF supports two types of authentication: plain text and MD5. In MD5 authentication, the password is encrypted when it is sent, and the password itself is never sent across the network, providing a higher level of security.