SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CCIE Sec Encryption Ipsec
Start Test
Study First
Subjects
:
cisco
,
it-skills
,
ccie
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Takes variable-length clear-text data to produce fixed-length hashed data that is unreadable.
Hashing
IPSEC BENEFIT
Difffie-Hellman
MD5
2. No additional Layer 3 header is created. The original Layer 3 header is used.
AES
DES
Transport Mode (Ipsec)
3DES
3. IPSEC tunnels data through IP using one of two protocols?
Asymetric Encryption Protocols
'IPSEC (phase1 -step3)'
GRE
AH/ESP
4. 'establishes ISAKMP SA in three messages -because it negotiates a ISAKMP policy and a DJ nonce exchange together.'
3DES
IPSEC (aggressive mode)
AES
IPSEC (main mode)
5. It also provides protection for ISAKMP peer identities with encryption.
DSA
IPSEC (main mode)
hash algorithms
Asymetric Encryption Protocols
6. The sending device encrypts for a final time with another 56-bit key.
Asymetric Encryption Protocols
IKE
3DES
AES
7. IPSEC performs this function by using a sequence field in the IPsec header combined with integrity checks.
Difffie-Hellman
message authentication codes (MAC).
Antireplay
IPSEC BENEFIT
8. Integrity checks are done
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
9. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.
IPSEC (main mode)
'MD5 - SHA-1 - or RSA'
Transport Mode (Ipsec)
IPSEC BENEFIT
10. That authenticate data packets and ensure that data is not tampered with or modified.
IPSEC BENEFIT
MD5
IPSEC (phase2)
hash algorithms
11. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).
IKE
IPSEC (main mode)
Difffie-Hellman
IPSEC (aggressive mode)
12. Verify whether the data has been altered.
Hashing
AH
IKE
ISAKMP
13. Can be implemented efficiently on a wide range of processors and in hardware.
IPSEC BENEFIT
AH/ESP
Tunneling
AES
14. Benefits are that the preshared authentication can be based on ID versus IP address and the speed of the process.
IKE
Hashing
IPSEC (aggressive mode)
3DES
15. The protocol of choice for key management and establishing security associations between peers on the Internet.
SHA
IKE
hash algorithms
ISAKMP
16. 'The sending device decrypts the data with the second key - which is also 56 bits in length.'
3DES
'IPSEC (phase1 -step2)'
DSA
AH/ESP
17. It uses UDP 500 and is defined by RFC 2409.
ISAKMP
IKE
Difffie-Hellman
3DES
18. RFC 2631 on the workings of the key generation/exchange process.
AH
Difffie-Hellman
RSA
3DES
19. A variable block- length and key-length cipher.
IPSEC (aggressive mode)
AES
Difffie-Hellman
SHA
20. Main disadvantage of asymmetric algorithms is that they are slow.
3DES
IKE
RSA/DSA
SHA
21. Invented by Ron Rivest of RSA Security (RFC 1321).
hash algorithms
DES
MD5
IPSEC (main mode)
22. 'defines the mode of communication - creation - and management of security associations.'
ISAKMP
IPSEC (main mode)
IPSEC (main mode)
MD5
23. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'
Difffie-Hellman
AH/ESP
Asymetric Encryption Protocols
IKE
25. Provides authentication and encryption of the payload.
Difffie-Hellman
HMAC-MD5/HMAC-SHA
ESP
Hashing
26. Key exchange for IPSEC
Hashing
AH/ESP
RSA
IKE
27. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'
DSA
3DES
'MD5 - SHA-1 - or RSA'
IPSEC (phase2)
28. Used for integrity checks on peer and data sent by peer and for authentication checks.
IPSEC BENEFIT
AH/ESP
DES
AH
29. Negotiation of the ISAKMP policy by offering and acceptance of protection suites
3DES
DES
IPSEC (main mode)
Hashing
30. Common key size is 1024 bits.
RSA
RSA/DSA
HMAC-MD5/HMAC-SHA
IPSEC (phase2)
31. IPsec implements using a shim header between L2 and L3
IPSEC (main mode)
AH/ESP
hash-based message authentication codes (HMAC).
Antireplay
32. Uses IKE for key exchange.
Transport Mode (Ipsec)
RSA
SHA
ISAKMP
33. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.
DES
IKE
3DES
RSA
34. 'Finally - the receiving devices decrypt the data with the first key.'
Asymetric Encryption Protocols
DES
3DES
IKE
35. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.
IPSEC (aggressive mode)
IPSEC (main mode)
HMAC-MD5/HMAC-SHA
3DES
36. DoS attacks are more probable with this mode.
DSA
AH/ESP
ESP
IPSEC (aggressive mode)
37. 'A 56-bit encryption algorithm - meaning the number of possible keys
IPSEC (main mode)
IKE
DES
RSA
38. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'
IPSEC (aggressive mode)
RSA
Difffie-Hellman
DSA
39. Is a two-phase protocol: The first phase establishes a secure authenticated channel and the second phase is where SAs are negotiated on behalf of the IPsec services.
MD5
IKE
HMAC
IPSEC (main mode)
40. This mode does not support identity protection or protection against clogging attacks and spoofing.
MD5
ESP
HMAC
IPSEC (aggressive mode)
41. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'
SHA
MD5
SHA
AH/ESP
42. 'provides everything required to securely connect over a public media - such as the Internet.'
IKE
'IPSEC (phase1 -step3)'
Origin Auth (DH auth)
IPSEC
43. ' is defined in RFC 3174. has as output a 160-bit value -'
'IPSEC (phase1 -step3)'
SHA
AH/ESP
Difffie-Hellman
44. 'Encryption - where Peer X uses Peer Y
Hashing
RSA
AH
IKE
45. 'often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
Asymetric Encryption Protocols
message authentication codes (MAC).
IKE
SHA
46. 'group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.'
RSA
IKE
Difffie-Hellman
ISAKMP
47. Has a trailer which identifies IPsec information and ESP integrity-check information.
AES
3DES
'MD5 - SHA-1 - or RSA'
ESP
48. Uses protocol number 50.
'MD5 - SHA-1 - or RSA'
ESP
AES
RSA
49. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'
AES
IPSEC (aggressive mode)
'IPSEC (phase1 -step1)'
DSA
50. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'
'MD5 - SHA-1 - or RSA'
3DES
IPSEC (aggressive mode)
ESP