Exam Prep Questions

Previous page
Table of content
Next page

Question 1

Select the transforms that are considered to be stronger.

  • A. esp-null

  • B. esp-md5-hmac

  • C. esp-des

  • D. esp-3des

  • E. esp-sha-hmac

A1:

Answers: D, E. 3DES uses a 168-bit encryption key, and SHA uses a 160-bit hashing key. esp-null does not provide any confidentiality services. esp-md5-hmac has a 128-bit encryption key, and esp-des uses 56-bit encryption key.

Question 2

Select the parameters that you can configure in an IKE Phase 1 policy.

  • A. PFS

  • B. Remote peer IP address

  • C. Crypto ACL

  • D. Hash algorithm

  • E. Encryption algorithm

A2:

Answers: D, E. In addition, you can configure the D-H group number, the authentication method, and the IKE SA lifetime. PFS, the remote peer's IP address, and crypto ACLs are all IKE Phase 2 configurations.

Question 3

Which of the following statements are true regarding crypto ACLs?

  • A. A deny entry means traffic is dropped.

  • B. A permit entry means that traffic is encrypted.

  • C. A deny entry means traffic is bypassed.

  • D. Crypto ACLs can use either standard or extended ACLs.

  • E. You cannot use a named ACL with crypto ACLs.

A3:

Answers: B, C. Crypto ACLs can only be named or numbered extended IP access lists. A deny entry means traffic bypasses the router's IPSec engine. Crypto ACLs can only be extended named or numbered access lists.

Question 4

What is the purpose of applying a crypto map to an interface?

  • A. Decides which traffic should be protected by IPSec

  • B. Decides where traffic is sent

  • C. Activates the IPSec policy

  • D. Decides what IPSec protection suite should be used for traffic

  • E. Ties together the IKE and IPSec policies

A4:

Answer: C. Applying a crypto map to an interface is the last step of IPSec configuration. All the other answers are the purpose of crypto maps. This question asks why crypto maps are applied to a router's interface.

Question 5

Choose the correct combination of transforms you can be used in a transform set.

  • A. Up to one ESP transform.

  • B. Up to two ESP transforms.

  • C. Up to one AH transform.

  • D. Up to two AH transforms.

  • E. Any combination of transforms is acceptable.

A5:

Answers: B, C. Instead of using both AH and ESP transforms, you can use only an AH transform or use only ESP transforms if you choose. You can, however, use up to one AH transform and up to two ESP transforms in each transform set.



Previous page
Table of content
Next page
CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud
BUY ON AMAZON
Managing Enterprise Systems with the Windows Script Host
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Microsoft VBScript Professional Projects
Cultural Imperative: Global Trends in the 21st Century
GDI+ Programming with C#
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy