Encryption

Review Questions

You can find the solutions to these questions in Appendix A, "Answers to Review Questions."

1.

Which of the following are not security threats to an IP telephony system? (Choose two.)

  1. Loss of privacy
  2. Impersonation
  3. Integrity
  4. Loss of integrity
  5. Loss of control
  6. DoS
2.

Which of the following represent correct mappings of applicationprotocolsecurity features? (Choose two.)

  1. Secure signalingSRTPdevice authentication, integrity
  2. Secure signalingTLSdevice authentication, integrity, privacy
  3. Secure mediaSRTPprivacy, confidentiality, security
  4. Secure mediaTLSprivacy, confidentiality, security
  5. Secure mediaTLSprivacy, integrity
  6. Secure mediaSRTPprivacy, integrity
3.

Which two statements about trusted introducing are incorrect?

  1. The trusted introducer has to be trusted by all other members of the system.
  2. The trusted introducer has to trust all other members of the system.
  3. The trusted introducer guarantees the authenticity of entities it is introducing to others.
  4. Only the trusted introducer has to trust the root of the system.
  5. The trusted introducer is the root of a system.
  6. Any entity of the system can guarantee the authenticity of any other member.
   
4.

Which two statements about PKI topologies in Cisco IP telephony are true?

  1. MICs are self-signed by the IP phone.
  2. Cisco IP Phone 7940, 7960, and 7970 models can have MICs and LSCs.
  3. The CAPF has a self-signed certificate.
  4. Only Cisco IP Phone 7940, 7960, and 7970 (and subsequent) models can have LSCs.
  5. The CTL is signed by the Cisco manufacturing CA.
  6. MICs are signed by CAPF.
5.

Which are the two valid options to secure enrollment in a PKI?

  1. Perform the enrollment from a trusted device only.
  2. Perform the enrollment in both directions.
  3. Perform the enrollment over a trusted network.
  4. Use self-signed certificates on all devices.
  5. Do not send the private key in the enrollment.
  6. Perform mutual out-of-band authentication between the PKI user and CA.
6.

Which statement about enrollment in the IP telephony PKI is true?

  1. MICs are issued by CAPF itself or by an external CA.
  2. LSCs are issued by the Cisco CTL client or by CAPF.
  3. CAPF enrollment supports the use of authentication strings.
  4. CAPF itself has to enroll with the Cisco CTL client.
  5. Enrollment of IP phones occurs automatically if the cluster is in secure-only mode.
  6. LSCs can be issued by an external CA when using the CTL client as a proxy.
7.

Which of the following entities uses a smart token for key storage?

  1. CTL
  2. CTL client
  3. CAPF in proxy mode
  4. CAPF in CA mode
  5. Cisco IP Phone 7940 and 7960
  6. Cisco IP Phone 7970
   
8.

What are the authentication features of TLS in Cisco IP telephony?

  1. Two-way device authentication
  2. Two-way device authentication and signed media messages
  3. One-way device authentication and signed signaling message
  4. Two-way device authentication and signed signaling messages
  5. One-way device authentication and signed media messages
  6. Signed signaling messages
9.

During an encrypted call between two IP phones, which two of the following does not happen?

  1. Mutual certificate exchange between Cisco CallManager and each IP phone
  2. Mutual certificate exchange between the IP phones
  3. SRTP packet authentication and encryption
  4. Encrypted transmission of SRTP session keys between the IP phones
  5. TLS packet authentication and encryption
  6. Encrypted transmission of TLS session keys between Cisco CallManager and the IP phones
10.

Which is the most accurate list of tasks required to configure a Cisco CallManager cluster for security?

  1. Enable services, set cluster to mixed mode, create a signed CTL, and deploy certificates to the IP phones.
  2. Enable services, set cluster to secure-only mode, create a signed CTL, and deploy certificates to the IP phones.
  3. Enable extended services, set cluster to authenticated or encrypted mode, create a signed CTL, and deploy certificates to the IP phones.
  4. Disable extended services, set cluster to mixed mode, create a signed CTL, and deploy certificates to the IP phones.
  5. Enable services, set cluster to mixed mode, create a signed CTL, deploy certificates to the IP phones, and set the device security mode.
  6. Run the auto-secure feature.

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions

Index

show all menu





Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net