SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You check it by hashing data and appending the hash value to the data as you send it across the network to a peer.
Difffie-Hellman
Hashing
AES
3DES
2. IPSec SAs are negotiated and protected by the existing IPsec SA.
AH
IPSEC (main mode)
AH
IPSEC (phase2)
3. The DES algorithm that performs 3 times sequentially.
3DES
DSA
MD5
IPSEC (aggressive mode)
4. This mode does not support identity protection or protection against clogging attacks and spoofing.
IPSEC BENEFIT
DSA
3DES
IPSEC (aggressive mode)
5. 'When using the hash-based key function -'
HMAC-MD5/HMAC-SHA
DSA
ESP
3DES
6. 'defines the mode of communication - creation - and management of security associations.'
SHA
IPSEC BENEFIT
SHA
ISAKMP
7. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.
SHA
IPSEC BENEFIT
'IPSEC (phase1 -step2)'
IPSEC (main mode)
8. IPSEC tunnels data through IP using one of two protocols?
ESP
Transport Mode (Ipsec)
AH/ESP
RSA
9. Has a trailer which identifies IPsec information and ESP integrity-check information.
ISAKMP
SHA
ESP
IKE
10. 'Encryption - where Peer X uses Peer Y
RSA
Antireplay
'IPSEC (phase1 -step2)'
IPSEC BENEFIT
11. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
AH
RSA
Difffie-Hellman
DSA
12. The receiving device then encrypts the data with the second key.
IPSEC (main mode)
IPSEC BENEFIT
IPSEC (main mode)
3DES
13. The receiving device decrypts the data with the third key.
IKE
3DES
hash algorithms
IPSEC (main mode)
14. Uses IKE for key exchange.
IKE
'MD5 - SHA-1 - or RSA'
IPSEC (phase2)
ISAKMP
15. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
Difffie-Hellman
ESP
SHA
Hashing
16. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
Hashing
DSA
'IPSEC (phase1 -step2)'
SHA
17. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
MD5
Tunneling
Hashing
'IPSEC (phase1 -step2)'
18. 'including Internet Security Association and Key Management Protocol (ISAKMP) - Secure Key Exchange Mechanism for the Internet (SKEME) - and Oakley.'
IKE
MD5
RSA
'IPSEC (phase1 -step2)'
19. Verify whether the data has been altered.
Asymetric Encryption Protocols
Hashing
RSA
3DES
20. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
Antireplay
Difffie-Hellman
'DES - 3DES - or AES.'
Origin Auth (DH auth)
21. 'Finally - the receiving devices decrypt the data with the first key.'
IPSEC (main mode)
DSA
3DES
'IPSEC (phase1 -step3)'
22. Data integrity is the process of making sure data is not tampered with while it
MD5
IPSEC BENEFIT
DES
IPSEC (main mode)
23. Uses protocol number 51.
ESP
RSA
ISAKMP
AH
24. 'provides everything required to securely connect over a public media - such as the Internet.'
IKE
Difffie-Hellman
IPSEC
Asymetric Encryption Protocols
25. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.
AH/ESP
DSA
DSA
IPSEC (aggressive mode)
26. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
MD5
ESP
Origin Auth (DH auth)
IKE
27. It uses UDP 500 and is defined by RFC 2409.
ESP
RSA
IKE
3DES
28. Can be implemented efficiently on a wide range of processors and in hardware.
AES
Origin Auth (DH auth)
RSA
RSA
29. 'MACs with hash algorithms -'
Tunneling
hash-based message authentication codes (HMAC).
message authentication codes (MAC).
IKE
30. 'requires that the sender and receiver have key pairs. By combining the sender
IPSEC (main mode)
AH
IPSEC (main mode)
Difffie-Hellman
31. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
'DES - 3DES - or AES.'
ESP
AH/ESP
Difffie-Hellman
32. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
Difffie-Hellman
IPSEC (phase2)
IPSEC (aggressive mode)
'IPSEC (phase1 -step1)'
33. Uses protocol number 50.
IPSEC (main mode)
Difffie-Hellman
hash-based message authentication codes (HMAC).
ESP
34. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
35. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
Tunneling
SHA
3DES
MD5
36. Used in government installs and was created to work with the SHA-1 hash algorithm.
DSA
Asymetric Encryption Protocols
IPSEC (main mode)
3DES
37. One of the most popular tunneling protocols is
3DES
GRE
IPSEC (aggressive mode)
IPSEC (main mode)
38. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'
IPSEC (aggressive mode)
Antireplay
DSA
IPSEC (main mode)
39. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
DES
IKE
hash algorithms
MD5
40. It also provides protection for ISAKMP peer identities with encryption.
Difffie-Hellman
ESP
Difffie-Hellman
IPSEC (main mode)
41. Provide authentication in Internet Key Exchange (IKE) Phase 2.
3DES
IKE
HMAC
AH
42. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
IPSEC (aggressive mode)
HMAC
3DES
IPSEC
43. A variable block- length and key-length cipher.
'IPSEC (phase1 -step1)'
SHA
IPSEC (aggressive mode)
AES
44. Key exchange for IPSEC
Origin Auth (DH auth)
RSA/DSA
SHA
IKE
45. A
AH
Hashing
DES
hash algorithms
46. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
'DES - 3DES - or AES.'
AES
3DES
HMAC-MD5/HMAC-SHA
47. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
'MD5 - SHA-1 - or RSA'
3DES
IKE
Tunnel Mode (ipsec)
48. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'
IPSEC BENEFIT
Difffie-Hellman
MD5
DES
49. Negotiation of a shared secret key for encryption of the IKE session using the D-H algorithm
50. 'produces a 160-bit hash output - which makes it more difficult to decipher.'
IKE
SHA
AES
Difffie-Hellman