SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer
50
questions in
15 minutes
.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Negotiation of a shared secret key for encryption of the IKE session using the D-H algorithm
2. Uses IKE for key exchange.
Tunnel Mode (ipsec)
Hashing
AH
ISAKMP
3. IPsec implements using a shim header between L2 and L3
3DES
AH/ESP
IPSEC (aggressive mode)
DSA
4. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
Hashing
AES
AH/ESP
IKE
5. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
Difffie-Hellman
Difffie-Hellman
IPSEC (aggressive mode)
IPSEC BENEFIT
6. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
7. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.
3DES
IPSEC (main mode)
'MD5 - SHA-1 - or RSA'
IKE
8. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
IKE
Tunnel Mode (ipsec)
3DES
SHA
9. 'When using the hash-based key function -'
ESP
IKE
HMAC-MD5/HMAC-SHA
Difffie-Hellman
10. Uses protocol number 50.
Transport Mode (Ipsec)
Difffie-Hellman
ESP
IPSEC BENEFIT
11. Can be implemented efficiently on a wide range of processors and in hardware.
AES
3DES
MD5
IPSEC (phase2)
12. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
Tunnel Mode (ipsec)
'MD5 - SHA-1 - or RSA'
3DES
Difffie-Hellman
13. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
message authentication codes (MAC).
ESP
AES
IPSEC (main mode)
14. Main disadvantage of asymmetric algorithms is that they are slow.
RSA/DSA
IPSEC (aggressive mode)
AH/ESP
ESP
15. One of the most popular tunneling protocols is
Difffie-Hellman
IKE
GRE
DES
16. Key exchange for IPSEC
IKE
Tunneling
3DES
Hashing
17. 'Finally - the receiving devices decrypt the data with the first key.'
Antireplay
3DES
DSA
Tunneling
18. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
Difffie-Hellman
DES
IPSEC (aggressive mode)
ESP
19. 'in most cases - this mode is preferred with certificates.'
AES
3DES
IPSEC (main mode)
Tunnel Mode (ipsec)
20. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
AH
HMAC-MD5/HMAC-SHA
Asymetric Encryption Protocols
hash algorithms
21. You check it by hashing data and appending the hash value to the data as you send it across the network to a peer.
Hashing
DSA
hash-based message authentication codes (HMAC).
Transport Mode (Ipsec)
22. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
Antireplay
ESP
AH/ESP
IPSEC (aggressive mode)
23. It also provides protection for ISAKMP peer identities with encryption.
Hashing
RSA
IPSEC (main mode)
MD5
24. Uses protocol number 51.
AH
IPSEC (aggressive mode)
GRE
Hashing
25. A
Asymetric Encryption Protocols
'MD5 - SHA-1 - or RSA'
DSA
Hashing
26. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
3DES
Hashing
MD5
3DES
27. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
hash-based message authentication codes (HMAC).
'IPSEC (phase1 -step3)'
AES
MD5
28. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
RSA
RSA
Tunnel Mode (ipsec)
DES
29. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
IPSEC (phase2)
ISAKMP
IPSEC (aggressive mode)
Difffie-Hellman
30. The receiving device decrypts the data with the third key.
3DES
IPSEC BENEFIT
IPSEC (main mode)
Hashing
31. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
'IPSEC (phase1 -step3)'
Asymetric Encryption Protocols
Hashing
AH/ESP
32. 'defines the mode of communication - creation - and management of security associations.'
IPSEC (aggressive mode)
ISAKMP
IPSEC BENEFIT
MD5
33. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
Origin Auth (DH auth)
IKE
AH/ESP
Hashing
34. 'requires that the sender and receiver have key pairs. By combining the sender
Difffie-Hellman
ESP
AH/ESP
3DES
35. Data integrity is the process of making sure data is not tampered with while it
IPSEC BENEFIT
IKE
'IPSEC (phase1 -step2)'
DSA
36. Provides authentication and encryption of the payload.
IKE
MD5
ESP
AH
37. DoS attacks are more probable with this mode.
'MD5 - SHA-1 - or RSA'
IPSEC (main mode)
RSA
IPSEC (aggressive mode)
38. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
Transport Mode (Ipsec)
MD5
message authentication codes (MAC).
Difffie-Hellman
39. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
3DES
AH/ESP
IPSEC (aggressive mode)
Difffie-Hellman
40. Common key size is 1024 bits.
GRE
AES
RSA
'IPSEC (phase1 -step3)'
41. ' is defined in RFC 3174. has as output a 160-bit value -'
'MD5 - SHA-1 - or RSA'
IPSEC BENEFIT
Difffie-Hellman
SHA
42. Used for integrity checks on peer and data sent by peer and for authentication checks.
IKE
RSA
AH
SHA
43. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'
DSA
3DES
IKE
DES
44. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'
hash-based message authentication codes (HMAC).
SHA
'MD5 - SHA-1 - or RSA'
'DES - 3DES - or AES.'
45. 'Encryption - where Peer X uses Peer Y
DSA
RSA
IPSEC (aggressive mode)
IPSEC (aggressive mode)
46. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
RSA
IKE
IPSEC (aggressive mode)
IPSEC (main mode)
47. RFC 2631 on the workings of the key generation/exchange process.
'IPSEC (phase1 -step1)'
IKE
Difffie-Hellman
MD5
48. Act of encapsulating a packet within another packet.
IPSEC (phase2)
AH
Tunneling
ISAKMP
49. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
3DES
DES
IPSEC (aggressive mode)
Tunnel Mode (ipsec)
50. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
IKE
IPSEC (main mode)
'IPSEC (phase1 -step2)'
3DES
