Network Auth & Security Chapter 8

Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality? Question options: AH IP protocol 50 ESP DH

AH

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols? Question options: OSPF IPsec IKE GRE PPP

GRE

Which are the five security associations to configure in ISAKMP policy configuration mode? Question options: Hash, Authentication, Group, Lifetime, Encryption Hash, Authentication, GRE, Lifetime, ESP Hash, Authorization, Group, Lifetime, Encryption Hash, Accounting, Group, Lifetime, ESP

Hash, Authentication, Group, Lifetime, Encryption

During which part of establishing an IPsec VPN tunnel between two sites would NAT-T detection occur? Question options: IKE Phase 1 IKE Phase 2 ISAKMP Phase 1 ISAKMP Phase 2 IKE&NIXON 56 IKE Phase 12

IKE Phase 1

What takes place during IKE Phase 2 when establishing an IPsec VPN? Question options: IPsec security associations are exchanged. Traffic is exchanged between IPsec peers. ISAKMP security associations are exchanged. Interesting traffic is identified.

IPsec security associations are exchanged.

Which statement describes the operation of the IKE protocol? Question options: It uses IPsec to establish the key exchange process. It uses sophisticated hashing algorithms to transmit keys directly across a network. It calculates shared keys based on the exchange of a series of data packets. It uses TCP port 50 to exchange IKE information between the security gateways.

It calculates shared keys based on the exchange of a series of data packets.

Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel? Question options: a permit access list entry a security association transform sets hashing algorithms

a permit access list entry

The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks? Question options: authentication confidentiality Diffie-Hellman integrity nonrepudiation

confidentiality

What is the first step in establishing an IPsec VPN? Question options: detection of interesting traffic negotiation of ISAKMP policies creation of a secure tunnel to negotiate a security association policy creation of an IPsec tunnel between two IPsec peers

detection of interesting traffic

Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit? Question options: confidentiality integrity authentication secure key exchange

integrity

What is a benefit of having users or remote employees use a VPN to connect to the existing network rather than growing the network infrastructure? Question options: security scalability cost savings compatibility

scalability

Which VPN implementation allows traffic that originates from a remote-access client to be separated into trusted VPN traffic and untrusted traffic destined for the public Internet? Question options: hairpinning split tunneling GRE MPL

split tunneling

What is defined by an ISAKMP policy? Question options: the security associations that IPsec peers are willing to use the preshared keys that will be exchanged between IPsec peers access lists that identify interesting traffic the IP addresses of IPsec peers

the security associations that IPsec peers are willing to use