CISCO Networks 2015

36 Questions | Total Attempts: 33

SettingsSettingsSettings
Please wait...
CISCO Networks 2015

.


Questions and Answers
  • 1. 
    Witch three functional areas provided by IPSec?
    • A. 

      Authentication, Confidentiality and Digital Signatures

    • B. 

      Authentication, Confidentiality and Key management

    • C. 

      Authentication, Error detection and Error correction

    • D. 

      Authentication, Key generation and Certificate exchange

    • E. 

      Encryption, Decryption and Certificate validation

  • 2. 
    A symmetric key is:
    • A. 

      Always generated by the sender and bound to him

    • B. 

      Always generated by the receiver and bound to him

    • C. 

      Is shared by sender and receiver but not bound to them

    • D. 

      Is shared by sender and receiver but bound to sender

    • E. 

      Is shared by sender and receiver but bound to receiver

  • 3. 
    Snort is an example of: 
    • A. 

      A firewall

    • B. 

      A protocol based IDS

    • C. 

      A signature based IDS

    • D. 

      An action based IDS

    • E. 

      An anomaly based IDS

  • 4. 
    Wherfore is a nonce for authentication used?
    • A. 

      To secure the communication

    • B. 

      To encrypt the data

    • C. 

      To prevent MIM-attacks

    • D. 

      To secure the key exchange

    • E. 

      It is not used for security issues

  • 5. 
    What is the characteristic of an Intrusion Prevention System 
    • A. 

      Filter packets according rule list

    • B. 

      A device detecting only attacks

    • C. 

      A divice or service that actively responds to an attack

    • D. 

      An automatic firewall system

    • E. 

      A system prevents unauthorized users to connect to the VPN service

  • 6. 
    What does ESP mean?
    • A. 

      Encrypted Security Parameters

    • B. 

      Encryption System Protection

    • C. 

      Encapsulating Security Payload

    • D. 

      Encapsulating Security Protocol

    • E. 

      Encapsulating System Parameters

  • 7. 
    How many keys are used in crypto using a symmetric crypto and we have 12 users? 
    • A. 

      12

    • B. 

      66

    • C. 

      78

    • D. 

      121

    • E. 

      169

  • 8. 
    In RSA the public key is {e,n} and the private key is {d,n}, where n=p*q and p and q are primesWhich statement is true:
    • A. 

      E*d = 1 mod n

    • B. 

      E*d = 1 mod φ (n)

    • C. 

      E*d = n

    • D. 

      E*d = n + 1

    • E. 

      E*d = φ(n) + 1

  • 9. 
    If a hash function.H(.) is said to have strong collision resistance, then:
    • A. 

      Given H(x) it is hard to find x

    • B. 

      Given input x it is hard to find h = H(x)

    • C. 

      Given one pair (x, y) where h = H(x) = H(y) it is hard to find another input z such that H(z) = h

    • D. 

      Given x it is hard to find y such that h(y) = H(x)

    • E. 

      It is hard to find any pair (x, y) such that H(x) = H(y)

  • 10. 
    What is a principal of asymmetric crypto
    • A. 

      Key exchange uses diffrent communication technologies

    • B. 

      Encryption ≠ Decryptionkey (but linked)

    • C. 

      Encryption = Decryptionkey

    • D. 

      Encryption ≠ Decryptionkey (not linked)

    • E. 

      The keys will be changed everey 10 seconds

  • 11. 
    Which of the following statements is NOT TRUE in IKE: 
    • A. 

      IKE is used to negotiate ESP keys for symmetric encryption for confedentiality

    • B. 

      In aggressive mode there is a limited number of transactions used

    • C. 

      Oakley provides a framework for key exchange, but the actual key exchange is based on the ISAKMP protocol

    • D. 

      The ISAKMP SA is first established before AH or ESP SA´s are established

    • E. 

      The two IKE components are ISAKMP and Oakley

  • 12. 
    He security of Diffe-Hellman is based on the difficulty of:
    • A. 

      Discrete logarithms

    • B. 

      Encryption

    • C. 

      Factorization

    • D. 

      Modular exponentiations

    • E. 

      RSA

  • 13. 
    Which of the following statements is TRUE in IPSec:
    • A. 

      In transport mode the informasjon is unprotected from source to destination host

    • B. 

      In transport mode the “next header” field is a random number

    • C. 

      In tunnel mode the mutable fields in the IP header are set to one for the calculation of integrity Check Value (ICV)

    • D. 

      In tunnel mode a new IP header is attached

    • E. 

      Tunnel mode can be used for only for AH

  • 14. 
    What does the Diffie-Hellman key exchange protocol enable two users to establish?
    • A. 

      A public key using a secret-key scheme based on discrete logarithms

    • B. 

      A secret key using a public-key scheme based on hardness of integer factorization.

    • C. 

      A secret key using a public-key scheme based on discrete logarithms

    • D. 

      Both private and public keys using a public-key scheme based on hardness of integer factorization

    • E. 

      Both private and public keys using a secret-key scheme based on discrete logarithms

  • 15. 
    DES is an example of a _________-structure crypto system
    • A. 

      Feistel

    • B. 

      Permutation

    • C. 

      Round

    • D. 

      Substitution

    • E. 

      Blowfish

  • 16. 
    Suppose a firewall has the following rules implemented:  What will this firewall do? 
    • A. 

      Allows DNS lookup as a client

    • B. 

      Allows only for incoming connections to our SMTP server

    • C. 

      Allows only outgoing connections to an external SMTP server

    • D. 

      Allows our network to be tracerouted

    • E. 

      Block and blacklist bad guys who try to access our SMTP server

  • 17. 
    A digital signature is created as follows:
    • A. 

      Encrypting the message with the public key of the receiver; hashing the result; appending the hash to the encrypted message

    • B. 

      Encrypting the message with the public key of the receiver; hashing the result; appending the hash to the original message

    • C. 

      Hashing the message; adding the hash to the message; encrypting the result with the private key of the receiver

    • D. 

      Hashing the message; encrypting the hash value with the private key of the sender; appending the result to the message

    • E. 

      Hashing the message; encrypting the hash value with the public key of the receiver; appending the result to the message

  • 18. 
    What is NOT TRUE regarding the kerberos protocol?
    • A. 

      It is a symmetric crypto

    • B. 

      It is a client-server model

    • C. 

      Asymmetric crypto

    • D. 

      Prevents replay attacks

    • E. 

      Based on Needham Schroeder, trusted third party

  • 19. 
    What does the abbreviation “CFB mode” stand for?
    • A. 

      Cipher Fall Back mode

    • B. 

      Cipher Forward Blocking mode

    • C. 

      Cipher Fail Backup mode

    • D. 

      Cipher Feed Back mode

    • E. 

      Cipher Final Black mode

  • 20. 
    The 3 general means of authentication are by something you
    • A. 

      Do, have or know

    • B. 

      Know, are or will

    • C. 

      Know, give or are

    • D. 

      Must, shall, or can

    • E. 

      Speak, touch or see

  • 21. 
    A Security Association can uniquely be identified by the Security Parameter Index (SPI) and:
    • A. 

      The destination IP address and the security protocol identifier

    • B. 

      The source IP address

    • C. 

      The source IP address and the Integrity Check Value (ICV)

    • D. 

      The source IP address and the security protocol identifier

    • E. 

      The source IP address, the ICV and the security protocol identifier

  • 22. 
    The Ticket Granting Server (TGS) in a Kerberos system has 2 pre-shared keys. These are shared with:
    • A. 

      The Authentication Server and the server in a network

    • B. 

      The Authentication Server and the user/client

    • C. 

      The user/client and the server in a network

    • D. 

      The 2 servers in the network

    • E. 

      None of the above

  • 23. 
    What is true for a hash function:
    • A. 

      It can be used to create an asymmertic key

    • B. 

      It can be used to create a symmertic key

    • C. 

      It can be used to encrypt informasjon

    • D. 

      It can secure key exchange algorithm

    • E. 

      It can be used to crate a MAC

  • 24. 
    What is symmetric encryption?
    • A. 

      A form of cryptosystem in which encryption and decryption are preformed using the same key

    • B. 

      A form of cryptosystem in which encryption and decryption are symmetric according to the x-axis.

    • C. 

      A form of cryptosystem in which encryption and decryption are symmetric according to the y-axis.

    • D. 

      A form of cryptosystem that is based on groups of symmetry.

    • E. 

      A mathematical procedure that is using a symmetric group.

  • 25. 
    Assume that 1 in 10.000 network packets are related to an attack. Assume our IDS system will detect malicious (attack) packets with 99% certainty and will wrongly mark 1% of the normal traffic as an attack packet. If the IDS classifies a particular packet as malicious, then the possibillity that this is a wrong decision is approximatly: 
    • A. 

      1%

    • B. 

      10%

    • C. 

      50%

    • D. 

      90%

    • E. 

      99%

  • 26. 
    What does SPD mean?
    • A. 

      Secure Packet Distribution

    • B. 

      Secure Passing Direction

    • C. 

      Security Policy Database

    • D. 

      .Secure Payload

    • E. 

      Sensitive Packet Distribution

  • 27. 
    Suppose a firewall has the following rules implemented:What will this firewall do?
    • A. 

      Allows DNS lookup as a client

    • B. 

      Allows only for incoming connections to our SMTP server

    • C. 

      Allows only outgoing connections to an external SMTP server

    • D. 

      Allows our network to be tracerouted

    • E. 

      Block and blacklist bad guys who try to access our SMTP server

  • 28. 
    Kerberos is using an authentication protocol that is based on the following protocolDiffie-Hellman
    • A. 

      Diffie-Hellman

    • B. 

      IPec

    • C. 

      Needham-Schroeder

    • D. 

      RSA

    • E. 

      X.509

  • 29. 
    What does DES mean? 
    • A. 

      Data Encapsulating Standard

    • B. 

      Data Encapsulating System

    • C. 

      Data Encryption Standard

    • D. 

      Digital Encipherment System

    • E. 

      Digital Encryption System

  • 30. 
    Where was the Kerberos protocol developed?
    • A. 

      Cambridge

    • B. 

      HIG

    • C. 

      MIT

    • D. 

      Oxford

    • E. 

      Stanford

  • 31. 
    There exist___versions of the X.509 certificate:
    • A. 

      1

    • B. 

      3

    • C. 

      5

    • D. 

      Depends on the IPsec verson number

    • E. 

      Depends on the user

  • 32. 
    The DES crypto system uses
    • A. 

      32 bit blocks, 56 bit key, 12 rounds

    • B. 

      32 bit blocks, 64 bit key, 12 rounds

    • C. 

      64 bit blocks, 56 bit key, 16 rounds

    • D. 

      64 bit blocks, 64 bit key, 16 rounds

    • E. 

      128 bit blocks, 128, 192, 256 bit keys, 10,12 or 14 rounds (number of rounds depends on key length).

  • 33. 
    Twofish is an example of a _________-structure crypto system
    • A. 

      Feistel

    • B. 

      Permutation

    • C. 

      Round

    • D. 

      Substitution

    • E. 

      Blowfish

  • 34. 
    What does IDS mean? 
    • A. 

      Intrusion Decoding System

    • B. 

      Intrusion Derived System

    • C. 

      Intrusion Detection System

    • D. 

      Intrusion Detention System

    • E. 

      Intrusion Prevention System

  • 35. 
    What does the abbervation “OFB mode” stand for?
    • A. 

      Open Fall Back mode

    • B. 

      Open Forward Blocking mode

    • C. 

      Output Fail Backup mode

    • D. 

      Output Feed Back mode.

    • E. 

      Output Final Block mode

  • 36. 
    Which is NOT TRUE for an anomaly detection IDS system? 
    • A. 

      Is suitable to detect port scans.

    • B. 

      Looks for statistical deviatons from the normal situation

    • C. 

      Must adapt to changes in users’s behaviour

    • D. 

      Needs to define “normal” expected behaviour of a system

    • E. 

      Vulnerable for zero-days exploits