SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IPSEC Encryption is performed by
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'
AH/ESP
Difffie-Hellman
IPSEC (aggressive mode)
GRE
3. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'
AH
IPSEC (aggressive mode)
IPSEC BENEFIT
SHA
4. Can be implemented efficiently on a wide range of processors and in hardware.
SHA
AES
ISAKMP
IPSEC (main mode)
5. Uses the D-H algorithm to come to agreement over a public network.
HMAC
IPSEC BENEFIT
RSA
IKE
6. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
Tunneling
Antireplay
DSA
RSA/DSA
7. IPsec implements using a shim header between L2 and L3
DSA
Difffie-Hellman
AH/ESP
IPSEC (main mode)
8. 'Message digest algorithms have a drawback whereby a hacker (man in the middle) can intercept a message containing the packet and hash values - then re-create and transmit a modified packet with the same calculated hash to the target destination.'
Hashing
AES
RSA
IPSEC
9. 'Finally - the receiving devices decrypt the data with the first key.'
Difffie-Hellman
Hashing
ISAKMP
3DES
10. More CPU intensive
Difffie-Hellman
SHA
IPSEC
RSA
11. Data integrity is the process of making sure data is not tampered with while it
MD5
IPSEC BENEFIT
IPSEC (phase2)
IKE
12. 'produces a 160-bit hash output - which makes it more difficult to decipher.'
SHA
DES
DES
ESP
13. A
Tunneling
IKE
Hashing
'IPSEC (phase1 -step3)'
14. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
Tunnel Mode (ipsec)
SHA
AH/ESP
Hashing
15. Used for integrity checks on peer and data sent by peer and for authentication checks.
Difffie-Hellman
AH
SHA
Asymetric Encryption Protocols
16. Has a trailer which identifies IPsec information and ESP integrity-check information.
AES
ESP
IPSEC BENEFIT
Difffie-Hellman
17. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
SHA
ESP
RSA
AES
18. Uses protocol number 51.
Hashing
AH
3DES
RSA
19. This mode does not support identity protection or protection against clogging attacks and spoofing.
IPSEC (aggressive mode)
Difffie-Hellman
AES
Hashing
20. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
Difffie-Hellman
RSA
AH
RSA
21. 'When using the hash-based key function -'
HMAC-MD5/HMAC-SHA
hash-based message authentication codes (HMAC).
'IPSEC (phase1 -step3)'
IPSEC (main mode)
22. Act of encapsulating a packet within another packet.
hash-based message authentication codes (HMAC).
Tunneling
HMAC
DSA
23. It uses UDP 500 and is defined by RFC 2409.
IKE
IPSEC (main mode)
IPSEC (main mode)
AH/ESP
24. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'
RSA
Difffie-Hellman
MD5
DSA
25. Provides authentication and encryption of the payload.
ESP
DSA
IPSEC (phase2)
MD5
26. One of the most popular tunneling protocols is
IPSEC (aggressive mode)
hash algorithms
GRE
IKE
27. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.
AES
IPSEC (aggressive mode)
SHA
3DES
28. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
'IPSEC (phase1 -step2)'
Asymetric Encryption Protocols
RSA
3DES
29. No additional Layer 3 header is created. The original Layer 3 header is used.
Transport Mode (Ipsec)
Difffie-Hellman
3DES
Hashing
30. 'A 56-bit encryption algorithm - meaning the number of possible keys
DES
ESP
Difffie-Hellman
IPSEC (aggressive mode)
31. ID exchange and authentication of D-H key by using the reply to the received nonce or string of bits
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
32. ' is defined in RFC 3174. has as output a 160-bit value -'
3DES
RSA
SHA
MD5
33. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
IPSEC BENEFIT
DES
3DES
AH
34. 'requires that the sender and receiver have key pairs. By combining the sender
IKE
ESP
'IPSEC (phase1 -step3)'
Difffie-Hellman
35. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
Asymetric Encryption Protocols
Origin Auth (DH auth)
Difffie-Hellman
ISAKMP
36. Does not provide payload encryption.
Difffie-Hellman
RSA/DSA
'IPSEC (phase1 -step1)'
AH
37. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
RSA
AH
ESP
Difffie-Hellman
38. 'provides everything required to securely connect over a public media - such as the Internet.'
3DES
AH/ESP
IKE
IPSEC
39. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
hash algorithms
DSA
Tunnel Mode (ipsec)
DES
40. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
IPSEC (aggressive mode)
'IPSEC (phase1 -step2)'
IPSEC (phase2)
AH/ESP
41. Verify whether the data has been altered.
Hashing
Difffie-Hellman
Tunnel Mode (ipsec)
AH/ESP
42. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.
AH/ESP
MD5
RSA
IPSEC (main mode)
43. Integrity checks are done
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
44. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
Asymetric Encryption Protocols
IKE
SHA
SHA
45. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
Difffie-Hellman
Antireplay
Origin Auth (DH auth)
MD5
46. Is a two-phase protocol: The first phase establishes a secure authenticated channel and the second phase is where SAs are negotiated on behalf of the IPsec services.
3DES
MD5
DSA
IKE
47. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
3DES
3DES
Difffie-Hellman
AES
48. It also provides protection for ISAKMP peer identities with encryption.
AH/ESP
IKE
IPSEC (main mode)
IPSEC (aggressive mode)
49. That authenticate data packets and ensure that data is not tampered with or modified.
hash-based message authentication codes (HMAC).
DSA
SHA
hash algorithms
50. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
IKE
Difffie-Hellman
IPSEC (aggressive mode)
MD5