“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 6-1 details the major topics discussed in this chapter and their corresponding quiz questions.
1. Which technology is a primary method that IPsec uses to implement data integrity?
a. MD5
b. AES
c. RSA
d. DH
2. What are the source and destination addresses used for an encrypted IPsec packet?
a. Original sender and receiver IP addresses
b. Original sender’s and outbound VPN gateway’s addresses
c. Sending and receiving VPN gateways
d. Sending VPN gateway and original destination address in the packet
3. Which phase is used for private management traffic between the two VPN peers?
a. IPsec
b. IKE Phase 1
c. IKE Phase 2
d. IKE Phase 3
4. Which of the following are negotiated during IKE Phase 1?
a. Hashing
b. DH group
c. Encryption
d. Authentication method
5. What method is used to allow two VPN peers to establish shared secret keys and to establish those keys over an untrusted network?
a. AES
b. SHA
c. RSA
d. DH
6. Which of the following is not part of the IKE Phase 1 process?
a. Negotiation of the IKE Phase 1 protocols
b. Running DH
c. Authenticating the peer
d. Negotiating the transform set to use
7. How is the negotiation of the IPsec (IKE Phase 2) tunnel done securely?
a. Uses the IKE Phase 1 tunnel
b. Uses the IPsec tunnel
c. Uses the IKE Phase 2 tunnel
d. Uses RSA
8. What are the two main methods for authenticating a peer as the last step of IKE Phase 1? (Choose all that apply.)
a. RSA signatures, using digital certificates to exchange public keys
b. PSK (pre-shared key)
c. DH Group 2
d. TCP three-way handshake
9. Which component acts as an if-then statement, looking for packets that should be encrypted before they leave the interface?
a. crypto isakmp policy
b. crypto map
c. crypto ipsec transform-set
d. crypto access-list (access list used for cryptography)
10. What is true about symmetrical algorithms and symmetrical crypto access lists used on VPN peers?
a. Symmetrical algorithms use the same secret (key) to lock and unlock the data. Symmetrical ACLs between two VPN peers should symmetrically swap the source and destination portions of the ACL.
b. Symmetrical algorithms like RSA use the same secret (key) to lock and unlock the data. Symmetrical ACLs between two VPN peers should symmetrically swap the source and destination portions of the ACL.
c. Symmetrical algorithms use the same secret (key) to lock and unlock the data. Symmetrical ACLs between two VPN peers should be identical.
d. Symmetrical algorithms use the same secret (key) to lock and unlock the data. Symmetrical ACLs between two VPN peers require that only symmetrical algorithms be used for all aspects of IPsec.
11. Which one of the following commands reveal the ACLs, transform sets, and peer information and indicate which interface is being used to connect to the remote IPsec VPN peer?
a. show crypto map
b. show crypto isakmp policy
c. show crypto config
d. show crypto ipsec sa