SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IPsec implements using a shim header between L2 and L3
AH/ESP
RSA
IPSEC BENEFIT
IKE
2. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
AES
AH/ESP
3DES
Origin Auth (DH auth)
3. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
'IPSEC (phase1 -step3)'
Tunnel Mode (ipsec)
DES
Difffie-Hellman
4. Uses protocol number 50.
'IPSEC (phase1 -step1)'
ESP
IPSEC BENEFIT
RSA/DSA
5. Used for integrity checks on peer and data sent by peer and for authentication checks.
Difffie-Hellman
SHA
RSA
AH
6. Is a two-phase protocol: The first phase establishes a secure authenticated channel and the second phase is where SAs are negotiated on behalf of the IPsec services.
Tunnel Mode (ipsec)
IPSEC (main mode)
SHA
IKE
7. The sending device encrypts for a final time with another 56-bit key.
GRE
AH
RSA
3DES
8. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'
AH/ESP
HMAC
RSA
DES
9. 'Encryption - where Peer X uses Peer Y
3DES
RSA
AH/ESP
IKE
10. 'provides everything required to securely connect over a public media - such as the Internet.'
IPSEC
'IPSEC (phase1 -step3)'
Hashing
IPSEC (aggressive mode)
11. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
IPSEC (aggressive mode)
GRE
SHA
hash algorithms
12. The protocol of choice for key management and establishing security associations between peers on the Internet.
ISAKMP
SHA
IKE
IKE
13. IPSEC Encryption is performed by
14. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
3DES
3DES
IPSEC (main mode)
RSA
15. Can be implemented efficiently on a wide range of processors and in hardware.
AES
DES
Asymetric Encryption Protocols
AH
16. IPSec SAs are negotiated and protected by the existing IPsec SA.
IPSEC (phase2)
AH
DSA
IPSEC (aggressive mode)
17. IPSEC tunnels data through IP using one of two protocols?
IPSEC (aggressive mode)
AH/ESP
ISAKMP
3DES
18. Does not provide payload encryption.
DSA
AH
Difffie-Hellman
RSA
19. That authenticate data packets and ensure that data is not tampered with or modified.
'IPSEC (phase1 -step1)'
hash algorithms
RSA
SHA
20. Key exchange for IPSEC
ESP
SHA
IPSEC (main mode)
IKE
21. One of the most popular tunneling protocols is
IPSEC BENEFIT
Antireplay
IPSEC (aggressive mode)
GRE
22. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
AH
HMAC
3DES
message authentication codes (MAC).
23. The receiving device then encrypts the data with the second key.
'IPSEC (phase1 -step1)'
HMAC-MD5/HMAC-SHA
3DES
'DES - 3DES - or AES.'
24. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.
IPSEC (aggressive mode)
Asymetric Encryption Protocols
IKE
hash-based message authentication codes (HMAC).
25. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
Tunnel Mode (ipsec)
Difffie-Hellman
Difffie-Hellman
Transport Mode (Ipsec)
26. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
ESP
Origin Auth (DH auth)
'IPSEC (phase1 -step3)'
3DES
27. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
Difffie-Hellman
RSA
DES
IPSEC (main mode)
28. The DES algorithm that performs 3 times sequentially.
IPSEC (aggressive mode)
3DES
ISAKMP
'DES - 3DES - or AES.'
29. Uses protocol number 51.
RSA
AH
RSA
IPSEC (phase2)
30. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
DES
AH/ESP
Antireplay
IPSEC (phase2)
31. Act of encapsulating a packet within another packet.
Tunnel Mode (ipsec)
Tunneling
3DES
Difffie-Hellman
32. DoS attacks are more probable with this mode.
3DES
ISAKMP
Hashing
IPSEC (aggressive mode)
33. ' is defined in RFC 3174. has as output a 160-bit value -'
RSA
SHA
HMAC-MD5/HMAC-SHA
Difffie-Hellman
34. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
DSA
GRE
AH/ESP
AH
35. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
Difffie-Hellman
Origin Auth (DH auth)
IPSEC (main mode)
RSA
36. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
AH/ESP
AES
3DES
Hashing
37. Uses the D-H algorithm to come to agreement over a public network.
Difffie-Hellman
RSA
IKE
DES
38. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
39. Data integrity is the process of making sure data is not tampered with while it
DSA
IPSEC BENEFIT
SHA
AH
40. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
Asymetric Encryption Protocols
3DES
IPSEC (main mode)
Tunneling
41. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
DSA
3DES
AH
AES
42. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
3DES
IPSEC (main mode)
IPSEC (aggressive mode)
'IPSEC (phase1 -step2)'
43. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
3DES
MD5
Hashing
IKE
44. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'
Tunneling
AH
message authentication codes (MAC).
Hashing
45. The receiving device decrypts the data with the third key.
'IPSEC (phase1 -step2)'
SHA
DSA
3DES
46. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
IPSEC BENEFIT
MD5
Difffie-Hellman
IPSEC
47. More CPU intensive
message authentication codes (MAC).
SHA
Hashing
Difffie-Hellman
48. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
Hashing
IPSEC (aggressive mode)
3DES
DSA
49. Used in IPsec for two discreet purposes:
RSA
Hashing
'IPSEC (phase1 -step3)'
AH/ESP
50. It uses UDP 500 and is defined by RFC 2409.
'IPSEC (phase1 -step1)'
Difffie-Hellman
3DES
IKE
