Test your basic knowledge |

CCIE Sec Encryption Ipsec

Subjects : cisco, it-skills, ccie
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Verify whether the data has been altered.






2. You check it by hashing data and appending the hash value to the data as you send it across the network to a peer.






3. A






4. Invented by Ron Rivest of RSA Security (RFC 1321).






5. 'When using the hash-based key function -'






6. Uses protocol number 51.






7. Negotiation of the ISAKMP policy by offering and acceptance of protection suites






8. Can be implemented efficiently on a wide range of processors and in hardware.






9. Uses IKE for key exchange.






10. Turns clear-text data into cipher text with an encryption algorithm. The receiving station decrypts the data from cipher text into clear text. The encryption key is a shared secret key that encrypts and decrypts messages.






11. Common key size is 1024 bits.






12. Uses the D-H algorithm to come to agreement over a public network.






13. 'Three keys encrypt the data - which results in a 168-bit encryption key. The sending device encrypts the data with the first 56-bit key.'






14. This mode does not support identity protection or protection against clogging attacks and spoofing.






15. Where the original Layer 3 header and payload inside an IPsec packet is encapsulated. Tunnel mode does add overhead to each packet and uses some additional CPU resources.






16. Message of arbitrary length is taken as input and produces as output a 128-bit fingerprint or message digest of the input.






17. 'Finally - the receiving devices decrypt the data with the first key.'






18. 'Created by NIST in 1994 - is the algorithm used for digital signatures but not for encryption.'






19. 'is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.'






20. The DES algorithm that performs 3 times sequentially.






21. Data integrity is the process of making sure data is not tampered with while it






22. Main disadvantage of asymmetric algorithms is that they are slow.






23. A variable block- length and key-length cipher.






24. 'DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.'






25. 'has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP'






26. 'Encryption - where Peer X uses Peer Y






27. The receiving device decrypts the data with the third key.






28. 'It is not used for encryption or digital signatures; it is used to obtain a shared secret






29. 'MACs with hash algorithms -'






30. IPSEC Encryption is performed by


31. The protocol of choice for key management and establishing security associations between peers on the Internet.






32. Origin authentication validates the origin of a message upon receipt; this process is done during initial communications.






33. 'key exchange is vulnerable to a man-in-the-middle attack. You can rectify this problem by allowing the two parties to authenticate themselves to each other with a shared secret key - digital signatures - or public-key certificates.'






34. 'Developed in 1977 by Ronald Rivest - Adi Shamir - and Leonard Adleman (therefore - RSA).'






35. Hybrid protocol that defines the mechanism to derive authenticated keying material and negotiation of security associations (SA).






36. Used for integrity checks on peer and data sent by peer and for authentication checks.






37. DoS attacks are more probable with this mode.






38. Used in IPsec for two discreet purposes:






39. 'group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.'






40. Provide authentication in Internet Key Exchange (IKE) Phase 2.






41. Drawback of this is that the hash is passed unencrypted and is susceptible to PSK crack attacks.






42. The sending device encrypts for a final time with another 56-bit key.






43. Main mode establishes ISAKMP security association in six messages and performs authenticated D-H exchange.






44. 'can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.'






45. 'algorithm encrypts and decrypts data three times with 3 different keys - effectively creating a 168-bit key.'






46. 'The messages are authenticated - and the mechanisms that provide such integrity checks based on a secret key are usually called'






47. Uses protocol number 50.






48. 'group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -'






49. ' is defined in RFC 3174. has as output a 160-bit value -'






50. You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.