SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IPSec SAs are negotiated and protected by the existing IPsec SA.
IPSEC (phase2)
RSA
3DES
3DES
2. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
DSA
Difffie-Hellman
'IPSEC (phase1 -step2)'
AH/ESP
3. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'
message authentication codes (MAC).
AH/ESP
hash algorithms
RSA
4. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
MD5
RSA
Tunnel Mode (ipsec)
DES
5. Provide authentication in Internet Key Exchange (IKE) Phase 2.
Difffie-Hellman
HMAC
DSA
MD5
6. DoS attacks are more probable with this mode.
SHA
Antireplay
IPSEC BENEFIT
IPSEC (aggressive mode)
7. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.
DSA
IKE
RSA
IPSEC (main mode)
8. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
Hashing
RSA
IPSEC (aggressive mode)
DES
9. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
10. Uses protocol number 50.
AH
3DES
ESP
AES
11. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
SHA
IPSEC (aggressive mode)
Origin Auth (DH auth)
DSA
12. Used in government installs and was created to work with the SHA-1 hash algorithm.
3DES
Hashing
IPSEC (main mode)
DSA
13. It uses UDP 500 and is defined by RFC 2409.
AH
IPSEC (aggressive mode)
SHA
IKE
14. Main disadvantage of asymmetric algorithms is that they are slow.
RSA
RSA/DSA
SHA
3DES
15. ' is defined in RFC 3174. has as output a 160-bit value -'
SHA
AH/ESP
IKE
Hashing
16. Uses IKE for key exchange.
IPSEC (aggressive mode)
MD5
SHA
ISAKMP
17. 'MACs with hash algorithms -'
hash-based message authentication codes (HMAC).
SHA
RSA
SHA
18. That authenticate data packets and ensure that data is not tampered with or modified.
hash algorithms
IPSEC (main mode)
AES
Hashing
19. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
MD5
RSA
MD5
Difffie-Hellman
20. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
'IPSEC (phase1 -step2)'
IPSEC BENEFIT
'MD5 - SHA-1 - or RSA'
Difffie-Hellman
21. 'A 56-bit encryption algorithm - meaning the number of possible keys
IPSEC (phase2)
Asymetric Encryption Protocols
DES
IPSEC BENEFIT
22. A variable block- length and key-length cipher.
Transport Mode (Ipsec)
DES
Difffie-Hellman
AES
23. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
AES
Difffie-Hellman
message authentication codes (MAC).
Asymetric Encryption Protocols
24. No additional Layer 3 header is created. The original Layer 3 header is used.
Tunnel Mode (ipsec)
Transport Mode (Ipsec)
3DES
SHA
25. Is a two-phase protocol: The first phase establishes a secure authenticated channel and the second phase is where SAs are negotiated on behalf of the IPsec services.
Transport Mode (Ipsec)
Hashing
HMAC-MD5/HMAC-SHA
IKE
26. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
IKE
AES
Difffie-Hellman
Hashing
27. IPsec implements using a shim header between L2 and L3
ISAKMP
MD5
3DES
AH/ESP
28. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
3DES
DES
IKE
'MD5 - SHA-1 - or RSA'
29. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
RSA
ISAKMP
Difffie-Hellman
IPSEC (aggressive mode)
30. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
message authentication codes (MAC).
DSA
3DES
IPSEC (aggressive mode)
31. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
Difffie-Hellman
GRE
MD5
IPSEC (phase2)
32. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
hash-based message authentication codes (HMAC).
3DES
AH/ESP
Antireplay
33. Can be implemented efficiently on a wide range of processors and in hardware.
MD5
IKE
3DES
AES
34. 'provides everything required to securely connect over a public media - such as the Internet.'
hash algorithms
IPSEC
3DES
RSA
35. It also provides protection for ISAKMP peer identities with encryption.
IPSEC (aggressive mode)
3DES
IPSEC (main mode)
3DES
36. The DES algorithm that performs 3 times sequentially.
DSA
IPSEC (aggressive mode)
3DES
GRE
37. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
Tunnel Mode (ipsec)
Tunneling
ISAKMP
IPSEC BENEFIT
38. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
3DES
SHA
Difffie-Hellman
HMAC-MD5/HMAC-SHA
39. Used for integrity checks on peer and data sent by peer and for authentication checks.
ESP
AH
DSA
Hashing
40. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'
IPSEC (aggressive mode)
Hashing
AH
Difffie-Hellman
41. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
3DES
HMAC
IPSEC (phase2)
Tunnel Mode (ipsec)
42. 'Encryption - where Peer X uses Peer Y
RSA
SHA
Hashing
AH
43. The receiving device then encrypts the data with the second key.
Hashing
3DES
Transport Mode (Ipsec)
AH
44. Does not provide payload encryption.
IPSEC (aggressive mode)
AH
DES
IPSEC (aggressive mode)
45. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
AES
3DES
RSA
IPSEC BENEFIT
46. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
Origin Auth (DH auth)
RSA
MD5
ISAKMP
47. IPSEC Encryption is performed by
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. One of the most popular tunneling protocols is
SHA
3DES
IPSEC BENEFIT
GRE
49. You check it by hashing data and appending the hash value to the data as you send it across the network to a peer.
Hashing
HMAC
AH
'IPSEC (phase1 -step2)'
50. The sending device encrypts for a final time with another 56-bit key.
3DES
Difffie-Hellman
hash-based message authentication codes (HMAC).
DSA