SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
hash algorithms
DES
RSA
SHA
2. A variable block- length and key-length cipher.
SHA
Difffie-Hellman
AES
ISAKMP
3. Uses the D-H algorithm to come to agreement over a public network.
IKE
MD5
Difffie-Hellman
IPSEC (aggressive mode)
4. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
IKE
message authentication codes (MAC).
Transport Mode (Ipsec)
IPSEC (aggressive mode)
5. A
ESP
AH/ESP
Hashing
ESP
6. Data integrity is the process of making sure data is not tampered with while it
IPSEC BENEFIT
IPSEC (aggressive mode)
AES
Difffie-Hellman
7. 'defines the mode of communication - creation - and management of security associations.'
IPSEC (phase2)
SHA
ISAKMP
AH
8. Provide authentication in Internet Key Exchange (IKE) Phase 2.
Asymetric Encryption Protocols
DES
IPSEC (aggressive mode)
HMAC
9. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
HMAC
AES
3DES
Asymetric Encryption Protocols
10. Uses protocol number 51.
IKE
AH
Difffie-Hellman
SHA
11. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
3DES
AH/ESP
Difffie-Hellman
MD5
12. Has a trailer which identifies IPsec information and ESP integrity-check information.
IKE
ESP
DSA
3DES
13. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.
Asymetric Encryption Protocols
Difffie-Hellman
IPSEC (aggressive mode)
RSA
14. It also provides protection for ISAKMP peer identities with encryption.
IPSEC (main mode)
AH
3DES
HMAC
15. The receiving device decrypts the data with the third key.
Antireplay
3DES
hash-based message authentication codes (HMAC).
SHA
16. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
Tunnel Mode (ipsec)
RSA
MD5
AH/ESP
17. Used in government installs and was created to work with the SHA-1 hash algorithm.
RSA
3DES
3DES
DSA
18. Does not provide payload encryption.
AH
ESP
Tunneling
RSA
19. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
IPSEC
DES
Difffie-Hellman
ESP
20. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
RSA
RSA
SHA
IKE
21. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
AH/ESP
Hashing
hash-based message authentication codes (HMAC).
RSA/DSA
22. 'Encryption - where Peer X uses Peer Y
ESP
IKE
RSA
AH/ESP
23. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
hash-based message authentication codes (HMAC).
Hashing
IPSEC BENEFIT
3DES
24. The protocol of choice for key management and establishing security associations between peers on the Internet.
IPSEC (phase2)
ISAKMP
3DES
IKE
25. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
Difffie-Hellman
AH/ESP
Origin Auth (DH auth)
RSA
26. 'in most cases - this mode is preferred with certificates.'
'IPSEC (phase1 -step3)'
3DES
IPSEC (main mode)
Difffie-Hellman
27. 'When using the hash-based key function -'
'DES - 3DES - or AES.'
3DES
AES
HMAC-MD5/HMAC-SHA
28. 'Finally - the receiving devices decrypt the data with the first key.'
SHA
Hashing
3DES
DSA
29. Is a two-phase protocol: The first phase establishes a secure authenticated channel and the second phase is where SAs are negotiated on behalf of the IPsec services.
Hashing
IKE
HMAC
SHA
30. One of the most popular tunneling protocols is
Tunneling
RSA
GRE
MD5
31. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'
'IPSEC (phase1 -step1)'
MD5
Difffie-Hellman
IPSEC (main mode)
32. RFC 2631 on the workings of the key generation/exchange process.
Difffie-Hellman
IPSEC (aggressive mode)
3DES
RSA
33. 'including Internet Security Association and Key Management Protocol (ISAKMP) - Secure Key Exchange Mechanism for the Internet (SKEME) - and Oakley.'
ISAKMP
IKE
Transport Mode (Ipsec)
AH/ESP
34. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
DES
AES
'DES - 3DES - or AES.'
DSA
35. Act of encapsulating a packet within another packet.
3DES
RSA
Tunneling
ESP
36. Invented by Ron Rivest of RSA Security (RFC 1321).
IPSEC
3DES
MD5
Antireplay
37. You check it by hashing data and appending the hash value to the data as you send it across the network to a peer.
SHA
GRE
Antireplay
Hashing
38. Key exchange for IPSEC
Difffie-Hellman
Hashing
IPSEC (aggressive mode)
IKE
39. This mode does not support identity protection or protection against clogging attacks and spoofing.
IPSEC (phase2)
IPSEC (aggressive mode)
IPSEC (main mode)
3DES
40. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'
message authentication codes (MAC).
AES
DES
IPSEC (aggressive mode)
41. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
DSA
ISAKMP
Difffie-Hellman
GRE
42. 'requires that the sender and receiver have key pairs. By combining the sender
Difffie-Hellman
DES
3DES
ISAKMP
43. It uses UDP 500 and is defined by RFC 2409.
IKE
AES
3DES
hash-based message authentication codes (HMAC).
44. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.
IKE
Hashing
IPSEC BENEFIT
IPSEC (main mode)
45. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
RSA
IKE
IPSEC BENEFIT
3DES
46. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
AES
IPSEC BENEFIT
'IPSEC (phase1 -step2)'
DES
47. Uses protocol number 50.
ESP
'IPSEC (phase1 -step3)'
AES
IPSEC (aggressive mode)
48. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
RSA
Difffie-Hellman
HMAC
3DES
49. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
ESP
AH
IPSEC (main mode)
MD5
50. ID exchange and authentication of D-H key by using the reply to the received nonce or string of bits
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
