SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'
MD5
Difffie-Hellman
Asymetric Encryption Protocols
HMAC
2. Negotiation of a shared secret key for encryption of the IKE session using the D-H algorithm
3. IPsec implements using a shim header between L2 and L3
Difffie-Hellman
'IPSEC (phase1 -step2)'
AH/ESP
Transport Mode (Ipsec)
4. Main disadvantage of asymmetric algorithms is that they are slow.
Antireplay
IPSEC BENEFIT
DSA
RSA/DSA
5. Used in IPsec for two discreet purposes:
AES
RSA
IPSEC (main mode)
DSA
6. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
3DES
IPSEC (aggressive mode)
IPSEC (aggressive mode)
Asymetric Encryption Protocols
7. The receiving device then encrypts the data with the second key.
Difffie-Hellman
Difffie-Hellman
3DES
AH
8. Uses the D-H algorithm to come to agreement over a public network.
3DES
IPSEC (main mode)
IKE
SHA
9. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
Difffie-Hellman
MD5
GRE
Difffie-Hellman
10. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.
IKE
RSA
IPSEC (main mode)
IPSEC (aggressive mode)
11. No additional Layer 3 header is created. The original Layer 3 header is used.
Difffie-Hellman
'IPSEC (phase1 -step1)'
Transport Mode (Ipsec)
IKE
12. ' is defined in RFC 3174. has as output a 160-bit value -'
SHA
Difffie-Hellman
Difffie-Hellman
Difffie-Hellman
13. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
SHA
Tunneling
ESP
MD5
14. It uses UDP 500 and is defined by RFC 2409.
IKE
ESP
MD5
RSA
15. Provide authentication in Internet Key Exchange (IKE) Phase 2.
IPSEC (phase2)
Asymetric Encryption Protocols
HMAC
Hashing
16. 'A 56-bit encryption algorithm - meaning the number of possible keys
DES
Origin Auth (DH auth)
Hashing
ISAKMP
17. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.
SHA
3DES
IPSEC (aggressive mode)
IPSEC (main mode)
18. IPSEC Encryption is performed by
19. 'defines the mode of communication - creation - and management of security associations.'
ISAKMP
AH/ESP
DES
IPSEC (main mode)
20. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
ISAKMP
3DES
Tunnel Mode (ipsec)
IKE
21. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
MD5
Hashing
IPSEC (aggressive mode)
3DES
22. Integrity checks are done
23. The protocol of choice for key management and establishing security associations between peers on the Internet.
IKE
ESP
ISAKMP
Hashing
24. Verify whether the data has been altered.
DSA
IPSEC (aggressive mode)
Hashing
IPSEC BENEFIT
25. More CPU intensive
SHA
RSA
IPSEC (main mode)
AH
26. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
IPSEC (main mode)
Difffie-Hellman
hash algorithms
AES
27. The receiving device decrypts the data with the third key.
Difffie-Hellman
MD5
3DES
ISAKMP
28. One of the most popular tunneling protocols is
3DES
GRE
IPSEC (main mode)
3DES
29. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'
IPSEC (phase2)
IPSEC BENEFIT
ISAKMP
DSA
30. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'
ESP
SHA
IPSEC (aggressive mode)
3DES
31. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
Hashing
'IPSEC (phase1 -step3)'
AES
Origin Auth (DH auth)
32. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'
AH
SHA
message authentication codes (MAC).
IKE
33. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
IPSEC (aggressive mode)
Transport Mode (Ipsec)
IKE
MD5
34. The DES algorithm that performs 3 times sequentially.
AES
IKE
3DES
Difffie-Hellman
35. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
3DES
SHA
IPSEC (aggressive mode)
DES
36. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
37. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
3DES
MD5
3DES
AH/ESP
38. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
AES
Asymetric Encryption Protocols
message authentication codes (MAC).
MD5
39. 'Encryption - where Peer X uses Peer Y
HMAC-MD5/HMAC-SHA
IKE
IPSEC (aggressive mode)
RSA
40. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'
DES
Antireplay
SHA
Difffie-Hellman
41. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
IKE
ESP
DSA
Difffie-Hellman
42. 'in most cases - this mode is preferred with certificates.'
Tunneling
IPSEC (main mode)
DSA
ESP
43. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
Tunnel Mode (ipsec)
3DES
RSA
AH/ESP
44. RFC 2631 on the workings of the key generation/exchange process.
DSA
hash algorithms
Difffie-Hellman
SHA
45. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
hash algorithms
MD5
Tunneling
Difffie-Hellman
46. 'Finally - the receiving devices decrypt the data with the first key.'
AH
3DES
DES
HMAC
47. Used for integrity checks on peer and data sent by peer and for authentication checks.
IPSEC BENEFIT
3DES
AH
Asymetric Encryption Protocols
48. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
Antireplay
IPSEC (aggressive mode)
HMAC
Difffie-Hellman
49. 'produces a 160-bit hash output - which makes it more difficult to decipher.'
IPSEC (aggressive mode)
message authentication codes (MAC).
AES
SHA
50. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
AES
IPSEC (aggressive mode)
Difffie-Hellman
AH