Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
|
What is the ultimate protector for bits-in-transit?
|
VPN
|
|
|
A properly implemented VPN provides?
a. C b. I c. both C & I |
c. both C & I
|
|
|
IPSec has an integrity only mode referred to as?
|
Authentication Header (AH)
|
|
|
When both integrity and confidentiality are desired, IPSec is run in what is called?
|
Encapsulating Security Payload (ESP) mode
|
|
|
IPSec encrypts what layers?
|
Everything above layer 3
|
|
|
What does a basic VPN setup include?
|
1) both endpoints authenticating one another using either a pre-shared secret or PKI, followed by
2) the two endpoints generating a symmetric secret (key) for faster encryption of data plane traffic, followed by 3) the actual encryption of data plane traffic |
|
|
Our (simulated) 2811 routers only offer one authentication method/choice. On a “real” router with full crypto functionality what alternate choice—besides “pre-share”—do you think would be available?
|
PKI (public-key infrastructure)
|
|
|
What is the longest lifetime you could configure the 2811 router to support?
a. one hour b. one day c. 100 hours d. 5 days |
b. one day
|
|
|
What was the modulus bit size (# bits) for DH group 5 that we set above?
|
1536
|
|
|
What did Cisco “assume” (default to) for the volume lifetime limit, given that we only specified lifetime by time vice volume?
|
No volume limit
|
|
|
What is the default protection suite for: encryption, hash, DH Group, and lifetime?
a. 128 bit AES, MD5, 3, 3600 b. 56 bit DES, SHA, 1, 3600 c. 56 bit DES, SHA, 1, 86400 d. 128 bit AES, MD5, 1, 86400 |
c. 56 bit DES, SHA, 1, 86400
|
|
|
What is synonymous with “protection suite” in this context?
|
transform sets
|
|
|
Looking at the information provided under the OSI Model tab of the new window that popped up, what is listed as layer 5 payload?
**(pausing at the first red packet to the RRouter) |
ISAKMP
|
|
|
Looking at the information provided under the OSI Model tab of the new window that popped up, what port number is associated with ISAKMP?
**(pausing at the first red packet to the RRouter) |
500
|
|
|
What protocol number do you see in the IP header?
**(pausing at the first red packet to the RRouter) a. udp b. tcp c. icmp d. isakmp |
a. udp
|
|
|
What is the cookie value associated with RRouter at this point?
**(pausing at the first red packet to the RRouter) |
0000000000000000 (x16)
|
|
|
What is the purpose of this ISAKMP message?
**(pausing at the first red packet to the RRouter) a. Authenticate LRouter to RRouter b. Propose an ISAKMP transform-set c. Exchange key-building values for secure ISAKMP communications d. Exchange key-building values for secure IPSec (data) communications |
b. Propose an ISAKMP transform-set
|
|
|
What ISAKMP transform-set (#) was proposed in this first ISAKMP packet?
**(pausing at the first red packet to the RRouter) |
20
|
|
|
What is the purpose of this ISAKMP message?
**(pausing at the first red packet going back to LRouter) a. Authenticate LRouter to RRouter b. Accept an ISAKMP transform-set c. Exchange key-building values for secure ISAKMP communications d. Exchange key-building values for secure IPSec (data) communications |
c. Exchange key-building values for secure ISAKMP communications
|
|
|
What is the purpose of this ISAKMP message?
**(pausing at the next red packet going back to LRouter) a. Authenticate LRouter to RRouter b. Propose or accept an ISAKMP transform-set c. Exchange key-building values for secure ISAKMP communications d. Exchange key-building values for secure IPSec (data) communications |
a. Authenticate LRouter to RRouter
|
|
|
How many layer 3 protocols (headers) are in this packet?
**(pausing ping packet arrives at RRouter) |
4
|
