Friday, June 3, 2011

CCNA Security Final

Open the magic gate:D

What minimum key length is recommended when implementing asymmetric encryption? 2048
Who has possession of the private key? Requestor of the certificate
What are the drawbacks of asymmetric encryption? (Choose two.) 1)Speed 2) Key length weakness
What is the main use for asymmetric encryption? Generating shared secret keys
Who and what possess the public key? 1)Digital certificate 2)Holder of the private key 3) Anyone who requests it
Which are examples of asymmetric encryption algorithms? (Choose two.) Diffie-Hellman (DH) and RSA
What are some uses for digital certificates? (Choose two.) The three main uses for digital certificates are identity, secure communications, and user authentication.
What protocol allows for the automatic enrollment of a digital certificate request? Simple Certificate Enrollment Protocol (SCEP)
What is the most widely used standard for digital certificates? X.509
If the private key on the Root CA is compromised, what devices have to have their certificate replaced? (Choose all that apply.) 1) Root CA server 2)PC with user certificate 3) Cross-Certify CA
How many certificates are involved in the user authentication process? It depends
How many prime numbers are used in the Diffie-Hellman algorithm? One
What is the key length of Diffie-Hellman Group 2? Group 2 is 1024-bit. Group 1 is 768-bit, and Group 3 is 1536-bit.
What components are required for a PKI to be successful? (Choose all that apply.) A trusted third party (TTP) that is given authority is necessary in a PKI. Secrecy is incorrect because PKI stands for Public Key Infrastructure. The public key is assumed to be known to everyone.
What are some drawbacks to a single server CA structure? (Choose two.) 1)Single point of failure 2)Not scalable
What two technologies make up a PKI? 1)Digital certificates 2)Certificate authorities
What fields in a certificate request should not be abbreviated? 1) state 2)city
The Subject field of a certificate contains what information? Company information
What protocol is considered a hybrid encryption protocol? SSH
What are some types of CA servers in a PKI environment? Root CA, intermediate CA, CRL, and RA a

Which IPsec protocol does both encryption and authentication? ESP
What is the default encryption type when using SDM to configure an IPsec VPN tunnel? 3DES
In Cisco Easy VPN, what is the advantage of network extension plus mode over network extension mode? A loopback address is configured.
If you were working in the IOS command-line interface and needed to check on the status of a VPN tunnel, what command would you enter? show crypto ipsec sa
If you were working in IOS command-line interface, in a single command, what could you do to determine the interesting traffic for a particular VPN tunnel? show crypto map
What is the “peer address” when discussing a VPN tunnel? The remote device VPN endpoint
What is split tunneling? The ability to access both local resources and those over the VPN
True or False? You can have only one transform set to define the type of authentication and encryption. False
Name a debug command that’s commonly used when troubleshooting VPN connectivity. (Choose all that apply.) 1)debug crypto isakmp 2) debug crypto ipsec
What command is used to designate that you will use Diffie-Hellman Group 2 for your key exchange? group 2
What is the name of the set of both the encryption algorithm and the integrity protocol used in the crypto map? Transform set
Which of the following modes encrypts the entire packet and adds a new header for IPsec? Tunnel mode
When configuring a crypto map for a VPN tunnel, what is the command to configure the remote end IP that you need to communicate with? set peer ip address 
What purpose does the preshared key serve? Authentication

Using the following steps, which is the correct order that these are performed in?
1. Traffic matches interesting traffic ACL.
2. Phase 2 or IPsec tunnel is set up.
3. Traffic flows over the VPN tunnel.
4. Phase 1 ISAKMP SA is formed.
1,4,2,3

When configuring a site-to-site VPN, what is the type that is designated when using a crypto map? IPSEC-ISAKMP
You’ve just configured a VPN tunnel with a remote site. When looking at the output from the show crypto isakmp sa, you notice the message MM_NO_STATE. What might be the problem? (Choose all that apply.) 1) Access lists don’t match. 2)Preshared keys don’t match
What is another name for a Phase 2 IKE tunnel? (Choose two.) 1)Phase 2 SA 2)IPsec tunnel
What protocol would you use if you needed both encryption and authentication and what port number would you open? (Choose two.) 1)ESP 2) 50

No comments:

Search This Blog