SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Uses the D-H algorithm to come to agreement over a public network.
IPSEC BENEFIT
IKE
'DES - 3DES - or AES.'
ISAKMP
2. 'defines the mode of communication - creation - and management of security associations.'
IKE
ISAKMP
DES
AH
3. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'
Hashing
message authentication codes (MAC).
IKE
IKE
4. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
3DES
DES
MD5
ISAKMP
5. Provides authentication and encryption of the payload.
RSA/DSA
3DES
MD5
ESP
6. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
ISAKMP
3DES
Hashing
MD5
7. No additional Layer 3 header is created. The original Layer 3 header is used.
3DES
AH
Transport Mode (Ipsec)
AH/ESP
8. 'A 56-bit encryption algorithm - meaning the number of possible keys
RSA/DSA
DES
IPSEC (main mode)
IPSEC (aggressive mode)
9. IPSec SAs are negotiated and protected by the existing IPsec SA.
IPSEC (phase2)
ISAKMP
IKE
IKE
10. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
AES
Tunnel Mode (ipsec)
IKE
RSA
11. Has a trailer which identifies IPsec information and ESP integrity-check information.
Hashing
Hashing
ESP
Hashing
12. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
Difffie-Hellman
Origin Auth (DH auth)
IPSEC (main mode)
IPSEC (phase2)
13. Main disadvantage of asymmetric algorithms is that they are slow.
3DES
RSA/DSA
AES
AH
14. Used in IPsec for two discreet purposes:
RSA
AES
message authentication codes (MAC).
Hashing
15. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'
IKE
SHA
DSA
AES
16. 'Finally - the receiving devices decrypt the data with the first key.'
AH/ESP
Difffie-Hellman
AH/ESP
3DES
17. This mode does not support identity protection or protection against clogging attacks and spoofing.
IPSEC
AH
IPSEC (aggressive mode)
RSA
18. Common key size is 1024 bits.
RSA
hash algorithms
IKE
AH
19. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
20. DoS attacks are more probable with this mode.
RSA/DSA
IPSEC (aggressive mode)
Difffie-Hellman
Transport Mode (Ipsec)
21. 'requires that the sender and receiver have key pairs. By combining the sender
DSA
Difffie-Hellman
3DES
SHA
22. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
HMAC
RSA
AES
Asymetric Encryption Protocols
23. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
IPSEC (main mode)
ISAKMP
RSA
SHA
24. It also provides protection for ISAKMP peer identities with encryption.
IPSEC (aggressive mode)
'DES - 3DES - or AES.'
IPSEC (aggressive mode)
IPSEC (main mode)
25. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
IPSEC (aggressive mode)
3DES
Difffie-Hellman
IPSEC (main mode)
26. The receiving device then encrypts the data with the second key.
Difffie-Hellman
IPSEC (main mode)
3DES
Difffie-Hellman
27. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
AES
DES
RSA
3DES
28. Uses protocol number 51.
RSA
3DES
AH
IPSEC (aggressive mode)
29. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
SHA
AES
Tunnel Mode (ipsec)
AH
30. The DES algorithm that performs 3 times sequentially.
IKE
ISAKMP
3DES
DES
31. IPSEC tunnels data through IP using one of two protocols?
AES
AH/ESP
'DES - 3DES - or AES.'
IPSEC (phase2)
32. 'MACs with hash algorithms -'
Difffie-Hellman
3DES
hash-based message authentication codes (HMAC).
Hashing
33. The receiving device decrypts the data with the third key.
DSA
ESP
MD5
3DES
34. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
3DES
AES
3DES
Difffie-Hellman
35. Used for integrity checks on peer and data sent by peer and for authentication checks.
DES
AH
Hashing
IPSEC (aggressive mode)
36. ' is defined in RFC 3174. has as output a 160-bit value -'
SHA
DSA
AH
IPSEC (aggressive mode)
37. A variable block- length and key-length cipher.
AH/ESP
AES
Difffie-Hellman
IKE
38. 'including Internet Security Association and Key Management Protocol (ISAKMP) - Secure Key Exchange Mechanism for the Internet (SKEME) - and Oakley.'
'DES - 3DES - or AES.'
IKE
IPSEC BENEFIT
Difffie-Hellman
39. RFC 2631 on the workings of the key generation/exchange process.
ESP
Difffie-Hellman
DSA
IKE
40. Uses protocol number 50.
MD5
IKE
'MD5 - SHA-1 - or RSA'
ESP
41. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
IKE
Asymetric Encryption Protocols
'IPSEC (phase1 -step1)'
3DES
42. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
SHA
AH/ESP
IPSEC (main mode)
Antireplay
43. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
SHA
IPSEC (aggressive mode)
MD5
Transport Mode (Ipsec)
44. Key exchange for IPSEC
RSA
IKE
IPSEC BENEFIT
3DES
45. Is a two-phase protocol: The first phase establishes a secure authenticated channel and the second phase is where SAs are negotiated on behalf of the IPsec services.
IKE
HMAC-MD5/HMAC-SHA
RSA
'IPSEC (phase1 -step2)'
46. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
SHA
Origin Auth (DH auth)
IPSEC (phase2)
Difffie-Hellman
47. The protocol of choice for key management and establishing security associations between peers on the Internet.
ISAKMP
RSA
ESP
AH
48. The sending device encrypts for a final time with another 56-bit key.
Origin Auth (DH auth)
AH
hash-based message authentication codes (HMAC).
3DES
49. Act of encapsulating a packet within another packet.
Hashing
Tunneling
IPSEC
AH
50. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
ESP
DSA
ESP
hash algorithms