SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret
IPSEC (main mode)
3DES
IKE
Difffie-Hellman
2. The receiving device then encrypts the data with the second key.
MD5
3DES
IKE
Hashing
3. Uses the D-H algorithm to come to agreement over a public network.
IKE
ISAKMP
IPSEC (aggressive mode)
Hashing
4. A
SHA
Hashing
'IPSEC (phase1 -step3)'
Difffie-Hellman
5. Has a trailer which identifies IPsec information and ESP integrity-check information.
ESP
RSA
AES
RSA
6. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
MD5
DSA
ESP
IKE
7. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
IKE
Tunnel Mode (ipsec)
Hashing
Difffie-Hellman
8. More CPU intensive
3DES
SHA
IPSEC
IPSEC (aggressive mode)
9. 'key lengths are 128 - 192 - or 256 bits to encrypt blocks of equal length.'
3DES
'IPSEC (phase1 -step3)'
IPSEC (main mode)
AES
10. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
Difffie-Hellman
IPSEC (main mode)
AH/ESP
message authentication codes (MAC).
11. Used in IPsec for two discreet purposes:
Difffie-Hellman
IPSEC (aggressive mode)
RSA
MD5
12. Negotiation of a shared secret key for encryption of the IKE session using the D-H algorithm
13. Data integrity is the process of making sure data is not tampered with while it
IPSEC (aggressive mode)
Difffie-Hellman
Hashing
IPSEC BENEFIT
14. 'is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.'
IPSEC (main mode)
IKE
AH/ESP
DES
15. Key exchange for IPSEC
IKE
3DES
IPSEC (aggressive mode)
Antireplay
16. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.
IKE
Tunnel Mode (ipsec)
message authentication codes (MAC).
RSA
17. Used for integrity checks on peer and data sent by peer and for authentication checks.
RSA
ESP
AH
MD5
18. IPsec implements using a shim header between L2 and L3
HMAC
RSA
AH
AH/ESP
19. That authenticate data packets and ensure that data is not tampered with or modified.
RSA/DSA
hash algorithms
'MD5 - SHA-1 - or RSA'
IKE
20. 'requires that the sender and receiver have key pairs. By combining the sender
IPSEC (aggressive mode)
Difffie-Hellman
DSA
SHA
21. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'
RSA
IPSEC (aggressive mode)
HMAC-MD5/HMAC-SHA
IPSEC (aggressive mode)
22. It uses UDP 500 and is defined by RFC 2409.
Hashing
IPSEC (main mode)
hash-based message authentication codes (HMAC).
IKE
23. 'Finally - the receiving devices decrypt the data with the first key.'
3DES
AH
IKE
Difffie-Hellman
24. The sending device encrypts for a final time with another 56-bit key.
Hashing
3DES
IPSEC (aggressive mode)
hash-based message authentication codes (HMAC).
25. Uses IKE for key exchange.
3DES
ISAKMP
RSA/DSA
AES
26. Main disadvantage of asymmetric algorithms is that they are slow.
ISAKMP
RSA/DSA
IKE
Tunnel Mode (ipsec)
27. Used in government installs and was created to work with the SHA-1 hash algorithm.
SHA
DSA
IPSEC (main mode)
SHA
28. IPSec SAs are negotiated and protected by the existing IPsec SA.
3DES
IKE
IPSEC (phase2)
DES
29. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'
ISAKMP
message authentication codes (MAC).
IPSEC BENEFIT
AES
30. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'
Hashing
Difffie-Hellman
3DES
AES
31. 'in most cases - this mode is preferred with certificates.'
IPSEC (main mode)
MD5
'IPSEC (phase1 -step2)'
IPSEC
32. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
Origin Auth (DH auth)
AH/ESP
Difffie-Hellman
SHA
33. Provide authentication in Internet Key Exchange (IKE) Phase 2.
'DES - 3DES - or AES.'
IPSEC (aggressive mode)
HMAC
3DES
34. 'When using the hash-based key function -'
MD5
IPSEC (phase2)
HMAC-MD5/HMAC-SHA
3DES
35. Common key size is 1024 bits.
ISAKMP
hash-based message authentication codes (HMAC).
AH
RSA
36. Provides authentication and encryption of the payload.
RSA
IKE
DES
ESP
37. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
38. ID exchange and authentication of D-H key by using the reply to the received nonce or string of bits
39. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'
AH/ESP
DSA
Asymetric Encryption Protocols
IKE
40. IPSEC Encryption is performed by
41. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
IPSEC (aggressive mode)
SHA
'IPSEC (phase1 -step3)'
AH
42. 'MACs with hash algorithms -'
RSA
DES
hash-based message authentication codes (HMAC).
DES
43. 'Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
ISAKMP
Difffie-Hellman
RSA
IPSEC (main mode)
44. 'produces a 160-bit hash output - which makes it more difficult to decipher.'
RSA/DSA
DSA
'IPSEC (phase1 -step3)'
SHA
45. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
AH/ESP
RSA
SHA
IPSEC (main mode)
46. 'defines the mode of communication - creation - and management of security associations.'
ESP
Tunneling
ISAKMP
3DES
47. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
IPSEC (main mode)
Difffie-Hellman
IPSEC (aggressive mode)
3DES
48. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
'IPSEC (phase1 -step1)'
IKE
MD5
3DES
49. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'
IPSEC (aggressive mode)
SHA
Asymetric Encryption Protocols
Origin Auth (DH auth)
50. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'
Tunneling
IPSEC (phase2)
Difffie-Hellman
IPSEC (aggressive mode)