SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Uses protocol number 50.
IKE
ESP
DES
ISAKMP
2. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
AH/ESP
RSA
IKE
hash algorithms
3. Can be implemented efficiently on a wide range of processors and in hardware.
AES
'IPSEC (phase1 -step1)'
SHA
ESP
4. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
MD5
Tunnel Mode (ipsec)
'MD5 - SHA-1 - or RSA'
Antireplay
5. Act of encapsulating a packet within another packet.
3DES
Difffie-Hellman
ISAKMP
Tunneling
6. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
IKE
IPSEC BENEFIT
IPSEC (main mode)
3DES
7. The protocol of choice for key management and establishing security associations between peers on the Internet.
IPSEC (phase2)
AES
DSA
ISAKMP
8. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
AH
HMAC-MD5/HMAC-SHA
Difffie-Hellman
AES
9. 'provides everything required to securely connect over a public media - such as the Internet.'
IPSEC (aggressive mode)
IPSEC
ESP
AH
10. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
IKE
DES
3DES
Origin Auth (DH auth)
11. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'
'IPSEC (phase1 -step2)'
Hashing
DSA
'IPSEC (phase1 -step1)'
12. Provides authentication and encryption of the payload.
IPSEC (aggressive mode)
Asymetric Encryption Protocols
IKE
ESP
13. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
IPSEC BENEFIT
3DES
DSA
message authentication codes (MAC).
14. Uses IKE for key exchange.
AH
SHA
IKE
ISAKMP
15. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
AES
IKE
RSA/DSA
Difffie-Hellman
17. 'Encryption - where Peer X uses Peer Y
3DES
RSA
DES
Antireplay
18. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
'IPSEC (phase1 -step1)'
Asymetric Encryption Protocols
3DES
AH/ESP
19. 'MACs with hash algorithms -'
ISAKMP
'DES - 3DES - or AES.'
MD5
hash-based message authentication codes (HMAC).
20. Integrity checks are done
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
21. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
ESP
IPSEC BENEFIT
HMAC
RSA
22. Key exchange for IPSEC
IKE
SHA
Hashing
IPSEC BENEFIT
23. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
'MD5 - SHA-1 - or RSA'
Hashing
RSA
IPSEC (main mode)
24. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
'DES - 3DES - or AES.'
AES
DSA
Difffie-Hellman
25. 'When using the hash-based key function -'
IKE
HMAC-MD5/HMAC-SHA
IPSEC (aggressive mode)
Antireplay
26. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'
GRE
IKE
IPSEC (phase2)
IPSEC (aggressive mode)
27. The sending device encrypts for a final time with another 56-bit key.
hash algorithms
3DES
ISAKMP
IKE
28. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
3DES
Hashing
SHA
AH/ESP
29. IPSEC tunnels data through IP using one of two protocols?
AH/ESP
IPSEC (main mode)
SHA
HMAC
30. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
3DES
AH
AES
AES
31. 'requires that the sender and receiver have key pairs. By combining the sender
Hashing
Difffie-Hellman
AH
GRE
32. DoS attacks are more probable with this mode.
IPSEC (aggressive mode)
IPSEC (main mode)
ESP
AES
33. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
IPSEC (main mode)
Difffie-Hellman
DES
DSA
34. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
ISAKMP
IKE
Origin Auth (DH auth)
3DES
35. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
AH/ESP
Difffie-Hellman
ISAKMP
Tunnel Mode (ipsec)
36. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
IPSEC (phase2)
GRE
Difffie-Hellman
Tunnel Mode (ipsec)
37. 'produces a 160-bit hash output - which makes it more difficult to decipher.'
SHA
hash algorithms
'IPSEC (phase1 -step2)'
IKE
38. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
IPSEC (main mode)
MD5
AH
'MD5 - SHA-1 - or RSA'
39. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
Difffie-Hellman
IKE
Transport Mode (Ipsec)
DSA
40. Does not provide payload encryption.
AH
AES
ISAKMP
AH/ESP
41. 'A 56-bit encryption algorithm - meaning the number of possible keys
DES
SHA
ISAKMP
Difffie-Hellman
42. Negotiation of a shared secret key for encryption of the IKE session using the D-H algorithm
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
43. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
message authentication codes (MAC).
Asymetric Encryption Protocols
ESP
IPSEC (main mode)
44. It also provides protection for ISAKMP peer identities with encryption.
IPSEC (aggressive mode)
Hashing
IPSEC (main mode)
Hashing
45. The receiving device decrypts the data with the third key.
HMAC-MD5/HMAC-SHA
Difffie-Hellman
3DES
IPSEC (main mode)
46. IPsec implements using a shim header between L2 and L3
Asymetric Encryption Protocols
IPSEC (main mode)
MD5
AH/ESP
47. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
Hashing
MD5
IPSEC (aggressive mode)
ISAKMP
48. Uses the D-H algorithm to come to agreement over a public network.
IKE
Antireplay
AH/ESP
RSA
49. 'defines the mode of communication - creation - and management of security associations.'
IPSEC (aggressive mode)
ISAKMP
RSA
GRE
50. One of the most popular tunneling protocols is
GRE
MD5
DSA
3DES
