Which of the following are used for integrity checks?
A. MD-5
B. DES
C. SHA-1
D. AES
A1:
Answers: A, C. MD5 and SHA-1 can be used for integrity checks. Hashes produce a fingerprint of some data by taking the data and running in through an algorithm. The same data always produces the same value. If even one bit in the data has been changed, the fingerprint will be completely different. DES and AES are confidentiality algorithms, not integrity algorithms.
Question 2
Which of the following are used for the confidentiality of an IPSec session?
A. RSA
B. MD-5
C. DES
D. 3DES
A2:
Answers: C, D. Confidentiality or privacy is used to ensure that data, if sniffed, cannot be easily recognized. Encryption turns plaintext into ciphertext . MD-5 is an integrity algorithm. RSA is used for authentication purposes.
Question 3
The Diffie-Hellman algorithm occurs during which phase of an IPSec session?
A. IKE Phase 1
B. IKE Phase 2
C. After IKE Phase 1 and before IKE Phase 2
D. D-H occurs before IKE Phase 1
A3:
Answer: A. D-H isn't used for encryption or digital signatures; instead, it is used to obtain a shared secret "key agreement" between two parties over an unsecure medium such as the Internet. The D-H exchange happens in IKE Phase 1 before the peers authenticate.
Question 4
Which of the following must be permitted to allow an IPSec session to occur through a firewall?
A. IKE protocol 49
B. Protocol 51
C. Protocol 50
D. UDP port 500
A4:
Answers: B, C, and D. When running IPSec in your environment, you must be sure that IPSec traffic itself is not filtered. To verify this fact, you must make sure the protocols are not filtered between the two IPSec peers. There is no IKE protocol 49.
Question 5
Which of the following are considered asymmetric algorithms?
A. RSA
B. DES
C. SHA-1
D. D-H
A5:
Answers: A, D. Asymmetric algorithms do not rely on a randomly generated shared encryption key that changes per session; instead, they create two static keys. Both DES and SHA-1 are symmetrical algorithms.
