SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Common key size is 1024 bits.
DSA
hash-based message authentication codes (HMAC).
RSA
Transport Mode (Ipsec)
2. It uses UDP 500 and is defined by RFC 2409.
AH
IKE
IPSEC (main mode)
ESP
3. 'including Internet Security Association and Key Management Protocol (ISAKMP) - Secure Key Exchange Mechanism for the Internet (SKEME) - and Oakley.'
ESP
ISAKMP
Tunnel Mode (ipsec)
IKE
4. 'produces a 160-bit hash output - which makes it more difficult to decipher.'
hash-based message authentication codes (HMAC).
Difffie-Hellman
RSA/DSA
SHA
5. 'Encryption - where Peer X uses Peer Y
Transport Mode (Ipsec)
DSA
RSA
MD5
6. More CPU intensive
SHA
Difffie-Hellman
MD5
RSA
7. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
SHA
hash algorithms
Tunneling
AH
8. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
GRE
Hashing
IPSEC
IPSEC (aggressive mode)
9. ID exchange and authentication of D-H key by using the reply to the received nonce or string of bits
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
10. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'
SHA
AH
'IPSEC (phase1 -step2)'
DES
11. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
MD5
3DES
IPSEC (main mode)
3DES
12. RFC 2631 on the workings of the key generation/exchange process.
Hashing
DES
Difffie-Hellman
ESP
13. 'defines the mode of communication - creation - and management of security associations.'
HMAC
Transport Mode (Ipsec)
ISAKMP
Asymetric Encryption Protocols
14. A variable block- length and key-length cipher.
IPSEC BENEFIT
MD5
AES
DES
15. Main disadvantage of asymmetric algorithms is that they are slow.
ISAKMP
'IPSEC (phase1 -step2)'
AES
RSA/DSA
16. 'When using the hash-based key function -'
HMAC-MD5/HMAC-SHA
Origin Auth (DH auth)
Hashing
RSA
17. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
IKE
MD5
ESP
IPSEC BENEFIT
18. IPSEC tunnels data through IP using one of two protocols?
AH/ESP
GRE
Hashing
IKE
19. 'MACs with hash algorithms -'
AH/ESP
hash-based message authentication codes (HMAC).
ISAKMP
Difffie-Hellman
20. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
3DES
3DES
DES
DSA
21. A
GRE
Difffie-Hellman
Hashing
IPSEC (aggressive mode)
22. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
AH/ESP
MD5
RSA
3DES
23. ' is defined in RFC 3174. has as output a 160-bit value -'
SHA
hash-based message authentication codes (HMAC).
IPSEC BENEFIT
AH/ESP
24. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
AH/ESP
Transport Mode (Ipsec)
Hashing
Difffie-Hellman
25. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
ISAKMP
3DES
Difffie-Hellman
IPSEC (main mode)
26. The receiving device decrypts the data with the third key.
3DES
RSA
IPSEC (main mode)
Origin Auth (DH auth)
27. Provide authentication in Internet Key Exchange (IKE) Phase 2.
IPSEC BENEFIT
Hashing
DSA
HMAC
28. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
Difffie-Hellman
Asymetric Encryption Protocols
hash-based message authentication codes (HMAC).
IPSEC (main mode)
29. Does not provide payload encryption.
3DES
AH
Difffie-Hellman
RSA
30. Used in IPsec for two discreet purposes:
IKE
RSA
3DES
IKE
31. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
RSA
3DES
Difffie-Hellman
AH
32. The protocol of choice for key management and establishing security associations between peers on the Internet.
ISAKMP
RSA
IKE
IKE
33. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
DSA
Difffie-Hellman
'IPSEC (phase1 -step1)'
IPSEC (phase2)
34. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
SHA
Difffie-Hellman
Origin Auth (DH auth)
Tunnel Mode (ipsec)
35. One of the most popular tunneling protocols is
HMAC-MD5/HMAC-SHA
GRE
DSA
RSA
36. Data integrity is the process of making sure data is not tampered with while it
AH
IPSEC BENEFIT
message authentication codes (MAC).
ESP
37. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. 'requires that the sender and receiver have key pairs. By combining the sender
ESP
IPSEC BENEFIT
AES
Difffie-Hellman
39. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
'MD5 - SHA-1 - or RSA'
IKE
IPSEC (main mode)
AES
40. Used in government installs and was created to work with the SHA-1 hash algorithm.
Hashing
HMAC-MD5/HMAC-SHA
ESP
DSA
41. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
Difffie-Hellman
AH/ESP
'IPSEC (phase1 -step2)'
IKE
42. The receiving device then encrypts the data with the second key.
3DES
IPSEC (main mode)
SHA
IKE
43. That authenticate data packets and ensure that data is not tampered with or modified.
hash algorithms
Difffie-Hellman
RSA
Hashing
44. It also provides protection for ISAKMP peer identities with encryption.
MD5
IPSEC (main mode)
Difffie-Hellman
ISAKMP
45. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
DSA
HMAC-MD5/HMAC-SHA
IKE
ESP
46. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
Hashing
Difffie-Hellman
hash algorithms
IPSEC (aggressive mode)
47. Has a trailer which identifies IPsec information and ESP integrity-check information.
ESP
RSA
'IPSEC (phase1 -step1)'
IPSEC (aggressive mode)
48. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
3DES
DES
message authentication codes (MAC).
Hashing
49. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
AES
Antireplay
RSA
'IPSEC (phase1 -step3)'
50. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'
3DES
IPSEC (main mode)
3DES
Difffie-Hellman