SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
Tunnel Mode (ipsec)
Difffie-Hellman
DES
Hashing
2. The DES algorithm that performs 3 times sequentially.
3DES
IPSEC (main mode)
AH
RSA/DSA
3. IPSEC Encryption is performed by
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. Uses IKE for key exchange.
GRE
ISAKMP
hash algorithms
ESP
5. Has a trailer which identifies IPsec information and ESP integrity-check information.
Hashing
ESP
ISAKMP
Difffie-Hellman
6. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
AH/ESP
RSA
3DES
AES
7. Uses the D-H algorithm to come to agreement over a public network.
IPSEC (main mode)
IKE
3DES
'MD5 - SHA-1 - or RSA'
8. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
Difffie-Hellman
RSA
IPSEC (phase2)
Origin Auth (DH auth)
9. Uses protocol number 51.
IPSEC BENEFIT
AH/ESP
DES
AH
10. Provides authentication and encryption of the payload.
SHA
Asymetric Encryption Protocols
ESP
'IPSEC (phase1 -step3)'
11. 'MACs with hash algorithms -'
DES
MD5
hash-based message authentication codes (HMAC).
Difffie-Hellman
12. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
ISAKMP
'DES - 3DES - or AES.'
Asymetric Encryption Protocols
AH
13. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
Hashing
IPSEC (aggressive mode)
DSA
DSA
14. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
3DES
Asymetric Encryption Protocols
MD5
MD5
15. IPSec SAs are negotiated and protected by the existing IPsec SA.
Difffie-Hellman
DES
IPSEC (phase2)
AES
16. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'
RSA/DSA
3DES
IKE
IPSEC (aggressive mode)
17. That authenticate data packets and ensure that data is not tampered with or modified.
Difffie-Hellman
hash algorithms
Hashing
HMAC
18. Used in IPsec for two discreet purposes:
Hashing
DSA
RSA
Tunneling
19. 'When using the hash-based key function -'
message authentication codes (MAC).
IPSEC BENEFIT
SHA
HMAC-MD5/HMAC-SHA
20. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
21. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.
IPSEC (main mode)
RSA
RSA
Asymetric Encryption Protocols
22. The sending device encrypts for a final time with another 56-bit key.
IPSEC (main mode)
MD5
Hashing
3DES
23. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
IKE
AES
IPSEC (aggressive mode)
SHA
24. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
Difffie-Hellman
3DES
3DES
RSA
25. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
'IPSEC (phase1 -step3)'
RSA
ESP
Difffie-Hellman
26. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'
IKE
IPSEC (aggressive mode)
AH
DES
27. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
Difffie-Hellman
IPSEC (main mode)
IPSEC (aggressive mode)
HMAC
28. 'Finally - the receiving devices decrypt the data with the first key.'
3DES
MD5
Difffie-Hellman
ISAKMP
29. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
SHA
IPSEC (main mode)
'DES - 3DES - or AES.'
RSA
30. Used in government installs and was created to work with the SHA-1 hash algorithm.
AES
DSA
Difffie-Hellman
Hashing
31. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
3DES
'IPSEC (phase1 -step1)'
'IPSEC (phase1 -step3)'
ESP
32. Main disadvantage of asymmetric algorithms is that they are slow.
SHA
Difffie-Hellman
HMAC
RSA/DSA
33. 'provides everything required to securely connect over a public media - such as the Internet.'
'IPSEC (phase1 -step2)'
Difffie-Hellman
Difffie-Hellman
IPSEC
34. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
RSA
Hashing
Difffie-Hellman
GRE
35. It also provides protection for ISAKMP peer identities with encryption.
IPSEC (main mode)
HMAC-MD5/HMAC-SHA
3DES
AH
36. Invented by Ron Rivest of RSA Security (RFC 1321).
IPSEC (aggressive mode)
'DES - 3DES - or AES.'
MD5
Difffie-Hellman
37. Common key size is 1024 bits.
'MD5 - SHA-1 - or RSA'
'IPSEC (phase1 -step1)'
IPSEC
RSA
38. A variable block- length and key-length cipher.
Tunnel Mode (ipsec)
IPSEC BENEFIT
'IPSEC (phase1 -step1)'
AES
39. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
RSA
IPSEC (phase2)
AH
3DES
40. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'
'IPSEC (phase1 -step1)'
RSA
message authentication codes (MAC).
hash algorithms
41. ' is defined in RFC 3174. has as output a 160-bit value -'
Asymetric Encryption Protocols
SHA
Asymetric Encryption Protocols
HMAC-MD5/HMAC-SHA
42. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
ESP
Antireplay
3DES
IKE
43. Used for integrity checks on peer and data sent by peer and for authentication checks.
3DES
AH
Transport Mode (Ipsec)
3DES
44. Uses protocol number 50.
ESP
message authentication codes (MAC).
Tunneling
GRE
45. 'Encryption - where Peer X uses Peer Y
RSA
'DES - 3DES - or AES.'
IPSEC
IKE
46. Can be implemented efficiently on a wide range of processors and in hardware.
AES
RSA
IPSEC (main mode)
AH/ESP
47. ID exchange and authentication of D-H key by using the reply to the received nonce or string of bits
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
RSA
Hashing
DSA
ESP
49. Data integrity is the process of making sure data is not tampered with while it
AH/ESP
hash-based message authentication codes (HMAC).
IPSEC BENEFIT
'DES - 3DES - or AES.'
50. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
IPSEC BENEFIT
3DES
'IPSEC (phase1 -step3)'
AH