Which four statements about SeND for IPv6 are correct? (Choose four.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F. G.ACDE.
SeND stands for Secure Neighbor Discovery. It is an extension to the IPv6 protocol that provides security mechanisms for neighbor discovery and address resolution. SeND is designed to protect against various attacks that can be launched against the Neighbor Discovery Protocol (NDP), which is used by IPv6 hosts and routers to discover and communicate with each other on a local network.
The correct statements about SeND for IPv6 are:
A. It protects against rogue RAs. SeND provides protection against rogue Router Advertisements (RAs) by introducing a mechanism called RA Guard. RA Guard is implemented on switches or routers that act as Layer 2 switches and blocks any RAs that are not authorized by network administrators.
C. It defines secure extensions for NDP. SeND defines secure extensions for NDP, such as Secure Neighbor Discovery (SEND) options, which provide cryptographic protection for NDP messages.
E. It provides a method for secure default router election on hosts. SeND provides a secure method for hosts to elect a default router on the network. This is achieved through the use of Cryptographically Generated Addresses (CGAs) and the Secure Neighbor Discovery (SEND) protocol.
F. Neighbor identity protection is provided by Cryptographically Generated Addresses that are derived from a Diffie-Hellman key exchange. SeND provides neighbor identity protection by using Cryptographically Generated Addresses (CGAs). CGAs are IPv6 addresses that are derived from a public key generated using the Diffie-Hellman key exchange.
The incorrect statements are:
B. NDP exchanges are protected by IPsec SAs and provide for anti-replay. This statement is not entirely correct. SeND provides security mechanisms for NDP, but it does not use IPsec Security Associations (SAs) or anti-replay protection for NDP messages.
D. It authorizes routers to advertise certain prefixes. This statement is not entirely correct. SeND does not authorize routers to advertise certain prefixes, but it provides a secure method for hosts to verify the authenticity of the RAs and prefixes advertised by routers.
G. It is facilitated by the Certification Path Request and Certification Path Response ND messages. This statement is not entirely correct. SeND does not use Certification Path Request and Certification Path Response ND messages, but it uses Secure Neighbor Discovery (SEND) options for cryptographic protection of NDP messages.