SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 'A 56-bit encryption algorithm - meaning the number of possible keys
Origin Auth (DH auth)
DES
3DES
'MD5 - SHA-1 - or RSA'
2. You check it by hashing data and appending the hash value to the data as you send it across the network to a peer.
IKE
IPSEC (aggressive mode)
IPSEC (aggressive mode)
Hashing
3. 'requires that the sender and receiver have key pairs. By combining the sender
AES
ESP
ISAKMP
Difffie-Hellman
4. Invented by Ron Rivest of RSA Security (RFC 1321).
AH/ESP
Asymetric Encryption Protocols
MD5
Hashing
5. 'including Internet Security Association and Key Management Protocol (ISAKMP) - Secure Key Exchange Mechanism for the Internet (SKEME) - and Oakley.'
IKE
DES
ESP
RSA
6. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'
DES
AES
3DES
HMAC-MD5/HMAC-SHA
7. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
IPSEC (main mode)
AES
MD5
Asymetric Encryption Protocols
8. It uses UDP 500 and is defined by RFC 2409.
IKE
IPSEC
IPSEC (aggressive mode)
GRE
9. Integrity checks are done
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
10. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
IPSEC (main mode)
AES
Origin Auth (DH auth)
RSA
11. Does not provide payload encryption.
IPSEC (aggressive mode)
AH
RSA
Hashing
12. Data integrity is the process of making sure data is not tampered with while it
IPSEC BENEFIT
IPSEC (aggressive mode)
Hashing
ESP
13. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
IPSEC BENEFIT
Hashing
AH
IKE
14. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
AES
RSA
Transport Mode (Ipsec)
SHA
15. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
IKE
IPSEC (main mode)
3DES
IPSEC (aggressive mode)
16. Common key size is 1024 bits.
RSA
RSA/DSA
ESP
'IPSEC (phase1 -step3)'
17. RFC 2631 on the workings of the key generation/exchange process.
Difffie-Hellman
IPSEC BENEFIT
IPSEC
Hashing
18. The sending device encrypts for a final time with another 56-bit key.
ISAKMP
Difffie-Hellman
3DES
Transport Mode (Ipsec)
19. The receiving device then encrypts the data with the second key.
3DES
IPSEC (aggressive mode)
DSA
IPSEC BENEFIT
20. 'Encryption - where Peer X uses Peer Y
Hashing
3DES
3DES
RSA
21. Act of encapsulating a packet within another packet.
DES
AH
RSA
Tunneling
22. This mode does not support identity protection or protection against clogging attacks and spoofing.
Hashing
Difffie-Hellman
IKE
IPSEC (aggressive mode)
23. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
IKE
MD5
Asymetric Encryption Protocols
Difffie-Hellman
24. Key exchange for IPSEC
IPSEC (main mode)
IKE
3DES
DSA
25. ' is defined in RFC 3174. has as output a 160-bit value -'
AH/ESP
DES
MD5
SHA
26. A
Hashing
Difffie-Hellman
'IPSEC (phase1 -step1)'
IPSEC (aggressive mode)
27. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
AES
AH/ESP
Difffie-Hellman
IPSEC (aggressive mode)
28. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
Difffie-Hellman
AH
AH/ESP
ISAKMP
29. Used in government installs and was created to work with the SHA-1 hash algorithm.
Difffie-Hellman
DSA
AES
AH/ESP
30. 'Finally - the receiving devices decrypt the data with the first key.'
AH
ESP
ISAKMP
3DES
31. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
IPSEC BENEFIT
RSA
MD5
GRE
32. 'produces a 160-bit hash output - which makes it more difficult to decipher.'
hash algorithms
SHA
RSA
RSA
33. Verify whether the data has been altered.
MD5
DES
Hashing
AH/ESP
34. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
ISAKMP
SHA
IPSEC (main mode)
message authentication codes (MAC).
35. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
ISAKMP
3DES
DES
HMAC
36. Used in IPsec for two discreet purposes:
RSA
AES
AH
IKE
37. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
ESP
Difffie-Hellman
Hashing
3DES
38. Uses the D-H algorithm to come to agreement over a public network.
3DES
message authentication codes (MAC).
IPSEC (aggressive mode)
IKE
39. Can be implemented efficiently on a wide range of processors and in hardware.
RSA
AES
HMAC-MD5/HMAC-SHA
SHA
40. 'When using the hash-based key function -'
IKE
ESP
HMAC-MD5/HMAC-SHA
AH
41. IPSEC Encryption is performed by
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
42. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
43. It also provides protection for ISAKMP peer identities with encryption.
SHA
DSA
3DES
IPSEC (main mode)
44. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
SHA
3DES
MD5
'MD5 - SHA-1 - or RSA'
45. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.
IPSEC (aggressive mode)
IPSEC (main mode)
IKE
Difffie-Hellman
46. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
Origin Auth (DH auth)
GRE
Tunnel Mode (ipsec)
Difffie-Hellman
47. Uses protocol number 51.
AH
Hashing
IPSEC (main mode)
GRE
48. IPSEC tunnels data through IP using one of two protocols?
MD5
AH/ESP
IPSEC (main mode)
AH
49. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
DSA
AES
3DES
GRE
50. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
3DES
'DES - 3DES - or AES.'
RSA
IPSEC (aggressive mode)