CCIE Sec Encryption Ipsec MCQs
CCIE Sec Encryption Ipsec MCQs
Our team has conducted extensive research to compile a set of CCIE Sec Encryption Ipsec MCQs. We encourage you to test your CCIE Sec Encryption Ipsec knowledge by answering these 30 multiple-choice questions provided below.
Simply scroll down to begin!
1: Encryption - where Peer X uses Peer Y
A. DSA
B. RSA
C. ESP
D. Tunnel Mode (ipsec)
2: group 2 identifies a 1024-bit key - group 2 is more secure - but slower to execute.
A. Difffie-Hellman
B. 3DES
C. Hash-based message authentication codes (HMAC).
D. IKE
3: has a Next Protocol field which identifies the next Layer 4 transport protocol in use - TCP or UDP
A. Difffie-Hellman
B. IKE
C. AH/ESP
D. 'IPSEC (phase1 -step3)'
4: That authenticate data packets and ensure that data is not tampered with or modified.
A. Asymetric Encryption Protocols
B. HMAC
C. AH
D. Hash algorithms
5: Digital signatures. Peer X encrypts a hash value with his private key and then sends the data to Peer Y. Peer Y obtains Peer X
A. 'MD5 - SHA-1 - or RSA'
B. ISAKMP
C. RSA
D. SHA
6: The sending device encrypts for a final time with another 56-bit key.
A. 3DES
B. IPSEC (aggressive mode)
C. RSA
D. Hashing
7: Used in IPsec for two discreet purposes:
A. AH
B. RSA
C. 3DES
D. Hashing
8: Verify whether the data has been altered.
A. Hash-based message authentication codes (HMAC).
B. Tunneling
C. Hashing
D. RSA
9: Uses protocol number 51.
A. SHA
B. Difffie-Hellman
C. ESP
D. AH
10: Common key size is 1024 bits.
A. 3DES
B. RSA
C. IPSEC (main mode)
D. IPSEC BENEFIT
11: The sending device decrypts the data with the second key - which is also 56 bits in length.
A. Hash algorithms
B. AH
C. DSA
D. 3DES
12: Provide authentication in Internet Key Exchange (IKE) Phase 2.
A. DES
B. IPSEC (main mode)
C. IPSEC (main mode)
D. HMAC
13: Uses the D-H algorithm to come to agreement over a public network.
A. AH
B. Asymetric Encryption Protocols
C. HMAC-MD5/HMAC-SHA
D. IKE
14: is a block-cipher algorithm - which means that it performs operations on fixed-length data streams of 64-bit blocks. The key ostensibly consists of 64 bits; however - only 56 are actually used by the algorithm.
A. Antireplay
B. MD5
C. RSA
D. DES
15: is a more secure version of MD5 - and hash-based message authentication codes (HMAC) provides further security with the inclusion of a key-based hash.
A. AH/ESP
B. Asymetric Encryption Protocols
C. SHA
D. Difffie-Hellman
16: No additional Layer 3 header is created. The original Layer 3 header is used.
A. Difffie-Hellman
B. AH/ESP
C. 3DES
D. Transport Mode (Ipsec)
17: The protocol of choice for key management and establishing security associations between peers on the Internet.
A. ISAKMP
B. RSA
C. IPSEC (main mode)
D. IKE
18: can be achieved using one of three methods: preshared keys - encrypted nonces - or digital signatures.
A. Origin Auth (DH auth)
B. Difffie-Hellman
C. GRE
D. IKE
19: You use this encryption method by keeping one key private and giving the other key to anyone in the public Internet. It does not matter who has your public key; it is useless without the private key.
A. Asymmetric Encryption Protocols
B. IKE
C. 3DES
D. IPSEC (aggressive mode)
20: Can be implemented efficiently on a wide range of processors and in hardware.
A. AES
B. 'IPSEC (phase1 -step1)'
C. IPSEC (aggressive mode)
D. IPSEC (aggressive mode)
21: group 5 identifies a 1536-bit key - provides for highest security but is the slowest of all groups.
A. Difffie-Hellman
B. IKE
C. DSA
D. 'IPSEC (phase1 -step2)'
22: Finally - the receiving devices decrypt the data with the first key.
A. 3DES
B. AES
C. AH
D. IPSEC (aggressive mode)
23: The DES algorithm that performs 3 times sequentially.
A. 3DES
B. Hashing
C. IPSEC BENEFIT
D. ISAKMP
24: DSA is roughly the same speed as RSA when creating signatures - but 10 to 40 times slower when verifying signatures. Because verification happens more frequently than creation - this issue is worth noting when deploying DSA in any environment.
A. Hash algorithms
B. 3DES
C. DSA
D. RSA
25: A variable block- length and key-length cipher.
A. RSA
B. SHA
C. AES
D. 3DES
26: defines the mode of communication - creation - and management of security associations.
A. Difffie-Hellman
B. DES
C. ISAKMP
D. RSA
27: Has a trailer which identifies IPsec information and ESP integrity-check information.
A. Difffie-Hellman
B. ESP
C. Hash algorithms
D. IPSEC (aggressive mode)
28: group 1 identifies a 768-bit key - group 1 is faster to execute - but it is less secure -
A. Anti Replay
B. Difffie-Hellman
C. 'IPSEC (phase1 -step3)'
D. Tunnel Mode (ipsec)
29: Negotiation of the ISAKMP policy by offering and acceptance of protection suites
A. IKE
B. IPSEC (main mode)
C. 'IPSEC (phase1 -step2)'
D. Hashing
30: often called public-key algorithms - do not rely on a randomly generated shared encryption key; instead - they create two static keys. These static keys are completely different - but mathematically bound to each other; what one key encrypts - the o
A. 3DES
B. DSA
C. Asymmetric Encryption Protocols
D. RSA
31: Key exchange for IPSEC
A. IPSEC (aggressive mode)
B. IKE
C. MD5
D. AES
List of CCIE Sec Encryption Ip...
Available in:
CCIE Sec Encryption Ipsec MCQs
