Test your basic knowledge |

CCIE Sec Encryption Ipsec

Subjects : cisco, it-skills, ccie
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 'MACs with hash algorithms -'






2. Uses protocol number 51.






3. 'When using the hash-based key function -'






4. 'provides everything required to securely connect over a public media - such as the Internet.'






5. 'requires that the sender and receiver have key pairs. By combining the sender






6. 'defines the mode of communication - creation - and management of security associations.'






7. Negotiation of a shared secret key for encryption of the IKE session using the D-H algorithm

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


8. IPSEC tunnels data through IP using one of two protocols?






9. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'






10. IPSec SAs are negotiated and protected by the existing IPsec SA.






11. Provides authentication and encryption of the payload.






12. The sending device encrypts for a final time with another 56-bit key.






13. The receiving device then encrypts the data with the second key.






14. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret






15. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.






16. One of the most popular tunneling protocols is






17. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.






18. Invented by Ron Rivest of RSA Security (RFC 1321).






19. 'produces a 160-bit hash output - which makes it more difficult to decipher.'






20. Used in IPsec for two discreet purposes:






21. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.






22. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'






23. IPsec implements using a shim header between L2 and L3






24. Provide authentication in Internet Key Exchange (IKE) Phase 2.






25. No additional Layer 3 header is created. The original Layer 3 header is used.






26. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.






27. 'Encryption - where Peer X uses Peer Y






28. Negotiation of the ISAKMP policy by offering and acceptance of protection suites

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


29. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'






30. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'






31. The receiving device decrypts the data with the third key.






32. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'






33. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'






34. A






35. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.






36. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X






37. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'






38. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.






39. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'






40. It uses UDP 500 and is defined by RFC 2409.






41. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.






42. Integrity checks are done

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


43. Main disadvantage of asymmetric algorithms is that they are slow.






44. ID exchange and authentication of D-H key by using the reply to the received nonce or string of bits

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


45. Act of encapsulating a packet within another packet.






46. Key exchange for IPSEC






47. A variable block- length and key-length cipher.






48. The protocol of choice for key management and establishing security associations between peers on the Internet.






49. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'






50. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests