1
Top of Form
Which are benefits of IKE? (Choose three.)
eliminates the need for dynamic allocation of peers
eliminates the need to manually specify all IPSec security parameters in crypto maps at both peers*
allows IPSec to provide anti-replay services*
allows the user to manually specify a lifetime for the IPSec SA*
eliminates encryption key changes during a session
Bottom of Form
2
Top of Form
Which two statements are true about the crypto isakmp identity {address hostname} command? (Choose two.)
the hostname parameter is used by default
the address parameter is used by default*
the command is entered at the interface level
the command is entered at the global level*
Bottom of Form
3
Top of Form
Which security technique is used to ensure that messages can only be read by intended receivers?
Encryption*
encoding
modulation
compression
Bottom of Form
4
Top of Form
When are transform sets negotiated?
during quick mode IKE phase two*
during crypto mode IKE phase two
during quick mode IKE phase one
during crypto mode IKE phase one
Bottom of Form
5
Top of Form
What does the command RTA(config-isakmp)#group 1 add to a crypto ISAKMP policy?
DES encryption
sha-1 message integrity algorithm
768 bit key exchange parameter*
1024 bit key exchange parameter
Bottom of Form
6
Top of Form
What are two reasons why transforms esp-md5-hmac and esp-sha-hmac are used more frequently than transforms ah-md5-hmac and ah-sha-hmac? (Choose two.)
They use fewer CPU resources.
They provide more data integrity.*
They are compatible with NAT and PAT.*
They eliminate the need for esp-null.
Bottom of Form
7
Top of Form
A network administrator is defining an IPSec security policy for the network. Phase one consists of determining the IKE policies between IPSec peers. What factors must the administrator consider when developing the policies in this first phase?
number and location of the peers*
routing protocols in use on the peers
crypto maps in use on the peers
peer details such as IPSec transform sets and IPSec modes
Bottom of Form
8
Top of Form
What two components make up a VPN? (Choose two.)
authentication
Encryption*
public network
private network
Tunneling*
Bottom of Form
9
Top of Form
In the command crypto isakmp key keystring address peer-address, what are two requirements for the keystring? (Choose two.)
up to 128 bits
up to 128 bytes*
alphanumeric characters only*
alphanumeric and special characters
Bottom of Form
10
Top of Form
Which technology provides optional anti-replay services?
Internet Key Exchange (IKE)
Internet Security Association and Key Management Protocol (ISAKMP)
Security Association (SA)
Encapsulating Security Payload (ESP)*
Bottom of Form
11
Top of Form
Which critical functions are provided by VPNs?(Choose three.)
confidentiality of information*
integrity of data*
authorization of users
authentication of users*
WAN management
Bottom of Form
12
Top of Form
Which statement characterizes IPSec transport mode in the diagram?
HOST A and HR server are using IPSec to encrypt data*
RTA , RTB, HOST A and HR SERVER are using IPSec to encrypt data
HOST A and HR SERVER are using RSA to encrypt data
RTA and RTB are using RSA to encrypt data
RTA and RTB are using IPSec to encrypt data
Bottom of Form
13
Top of Form
Crypto access-lists perform which two functions when protecting data? (Choose two.)
outbound - indicate data flow to be protected*
inbound - indicate data flow to be protected
outbound - select traffic to be sent in clear text
inbound - select traffic to be sent in clear text
outbound - filter and discard traffic that should have been protected
inbound - filter and discard traffic that should have been protected*
Bottom of Form
14
Top of Form
Which four encryption methods provide symmetric encryption? (Choose four.)
secret key*
DES*
RSA
3DES*
public key
AES*
Bottom of Form
15
Top of Form
Which algorithm methods provide asymmetric encryption?(Choose two.)
Secret Key
DES
RSA*
3DES
Public Key*
AES
Bottom of Form
16
Top of Form
Which statement characterizes the use of confidentiality and authentication of the Encapsulating Security Payload (ESP) in an IPSec packet?
both are required
confidentiality is required and authentication is optional
authentication is required and confidentiality is optional
both are optional but at least one must be selected*
Bottom of Form
17
Top of Form
Which command will show default and any configured IKE policies?
show running-config
show crypto isakmp policy*
show crypto map
show crypto ipsec transform-set
Bottom of Form
18
Top of Form
Which access list command will block ISAKMP access on an interface that is not used for IPSec to prevent possible denial-of-service attacks?
access-list 102 deny ahp host 172.30.2.2 host 172.30.1.2 eq isakmp
access-list 102 deny esp host 172.30.2.2 host 172.30.1.2 eq isakmp
access-list 102 deny udp host 172.30.2.2 host 172.30.1.2 eq isakmp*
access-list 102 deny tcp host 172.330.2.2 host 172.30.1.2 eq isakmp
Bottom of Form
19
Top of Form
Which IPSec element represents a policy contract between two peers or hosts?
AH
SA*
HMAC
ESP
Bottom of Form
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment