SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Uses protocol number 50.
ESP
AH
IKE
ISAKMP
2. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
IPSEC (aggressive mode)
3DES
IKE
IPSEC (phase2)
3. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
RSA
IPSEC (aggressive mode)
IPSEC (main mode)
3DES
4. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'
AH
ISAKMP
IPSEC (aggressive mode)
AES
5. IPSEC Encryption is performed by
6. It uses UDP 500 and is defined by RFC 2409.
IKE
RSA
3DES
ISAKMP
7. Provides authentication and encryption of the payload.
'IPSEC (phase1 -step2)'
Difffie-Hellman
ESP
RSA/DSA
8. Verify whether the data has been altered.
Hashing
ESP
RSA
3DES
9. Can be implemented efficiently on a wide range of processors and in hardware.
IPSEC (main mode)
SHA
AES
'IPSEC (phase1 -step3)'
10. 'requires that the sender and receiver have key pairs. By combining the sender
SHA
IPSEC BENEFIT
HMAC-MD5/HMAC-SHA
Difffie-Hellman
11. The receiving device then encrypts the data with the second key.
3DES
Asymetric Encryption Protocols
IPSEC (main mode)
Difffie-Hellman
12. RFC 2631 on the workings of the key generation/exchange process.
HMAC-MD5/HMAC-SHA
Difffie-Hellman
IKE
Hashing
13. Negotiation of a shared secret key for encryption of the IKE session using the D-H algorithm
14. A variable block- length and key-length cipher.
Asymetric Encryption Protocols
3DES
AES
'DES - 3DES - or AES.'
15. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
DES
IPSEC (aggressive mode)
MD5
Asymetric Encryption Protocols
16. DoS attacks are more probable with this mode.
IKE
IPSEC (aggressive mode)
IPSEC BENEFIT
Antireplay
17. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
RSA
IKE
ESP
AES
18. One of the most popular tunneling protocols is
GRE
AH/ESP
RSA
SHA
19. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
RSA
3DES
AH/ESP
Difffie-Hellman
20. Used in government installs and was created to work with the SHA-1 hash algorithm.
Difffie-Hellman
DSA
'IPSEC (phase1 -step1)'
DES
21. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
Difffie-Hellman
IPSEC (aggressive mode)
Hashing
HMAC-MD5/HMAC-SHA
22. That authenticate data packets and ensure that data is not tampered with or modified.
3DES
DES
IPSEC (aggressive mode)
hash algorithms
23. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
AH/ESP
RSA
IPSEC (aggressive mode)
SHA
24. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
'DES - 3DES - or AES.'
RSA
3DES
IPSEC (main mode)
25. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'
'IPSEC (phase1 -step2)'
RSA/DSA
IPSEC BENEFIT
DSA
26. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
Difffie-Hellman
Difffie-Hellman
AH/ESP
ISAKMP
27. The receiving device decrypts the data with the third key.
3DES
MD5
'IPSEC (phase1 -step1)'
SHA
28. 'A 56-bit encryption algorithm - meaning the number of possible keys
RSA
AES
DSA
DES
29. Common key size is 1024 bits.
DES
RSA
SHA
Asymetric Encryption Protocols
30. Has a trailer which identifies IPsec information and ESP integrity-check information.
ESP
HMAC-MD5/HMAC-SHA
'IPSEC (phase1 -step2)'
SHA
31. Uses the D-H algorithm to come to agreement over a public network.
IKE
IPSEC (main mode)
IPSEC (aggressive mode)
IPSEC (phase2)
32. Does not provide payload encryption.
IPSEC (aggressive mode)
Difffie-Hellman
AH
IPSEC (main mode)
33. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
Hashing
3DES
IPSEC (phase2)
DES
34. IPSEC tunnels data through IP using one of two protocols?
AES
SHA
AH/ESP
RSA
35. The DES algorithm that performs 3 times sequentially.
IPSEC (main mode)
3DES
RSA
AH
36. Key exchange for IPSEC
MD5
MD5
IKE
Origin Auth (DH auth)
37. No additional Layer 3 header is created. The original Layer 3 header is used.
DSA
Transport Mode (Ipsec)
Tunnel Mode (ipsec)
hash-based message authentication codes (HMAC).
38. More CPU intensive
IPSEC BENEFIT
SHA
RSA
Asymetric Encryption Protocols
39. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
3DES
IPSEC BENEFIT
Difffie-Hellman
IPSEC (main mode)
40. 'including Internet Security Association and Key Management Protocol (ISAKMP) - Secure Key Exchange Mechanism for the Internet (SKEME) - and Oakley.'
IKE
Difffie-Hellman
'IPSEC (phase1 -step1)'
HMAC
41. The sending device encrypts for a final time with another 56-bit key.
RSA/DSA
3DES
Difffie-Hellman
IPSEC (aggressive mode)
42. 'in most cases - this mode is preferred with certificates.'
3DES
3DES
IPSEC (main mode)
Asymetric Encryption Protocols
43. A
DES
AH
Hashing
DSA
44. Act of encapsulating a packet within another packet.
3DES
RSA
Tunneling
Hashing
45. Provide authentication in Internet Key Exchange (IKE) Phase 2.
AH
HMAC
AH
AH
46. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
message authentication codes (MAC).
RSA
IKE
Asymetric Encryption Protocols
47. IPsec implements using a shim header between L2 and L3
AH/ESP
GRE
IKE
Hashing
48. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
3DES
SHA
message authentication codes (MAC).
IKE
49. 'Encryption - where Peer X uses Peer Y
IKE
RSA
Difffie-Hellman
Hashing
50. Main disadvantage of asymmetric algorithms is that they are slow.
AH/ESP
RSA/DSA
ESP
IPSEC (main mode)