Fundamentals of IP Security

Question 1

Which technology is a primary method that IPSec uses to implement integrity?

Answer 1

MD5

Question 2

What are the source and destination addresses used for an encrypted IPSec packet?

Answer 2

Sending and Receiving VPN gateway’s

Question 3

Which phase is used for private management traffic between the two VPN peers?

Answer 3

IKE Phase 1

Question 4

Name four things that are negotiated during IKE Phase 1?

Answer 4

Hashing, DH group, Encryption, Authentication method

Question 5

What method is used to allow two VPN peers to establish shared secret keys and to establish those kays over an untrusted network?

Answer 5

Diffie-Hellman (DH)

Question 6

Name three parts of the IKE Phase 1 process?

Answer 6

Negotiation of the IKE Phase 1 protocols, Running DH, Authenticating the peer

Question 7

How is the negotiation of the IPSec (IKE Phase 2) tunnel done securely?

Answer 7

Uses the IKE Phase 1 tunnel

Question 8

What are the two main methods for authenticating a peer as the last step of IKE Phase 1?

Answer 8

RSA signatures, using digital certificates to exchange public keys, PSK (Pre-shared key)

Question 9

Which component acts as an if-then statement, looking for packets that should be encrypted before they leave the interface?

Answer 9

crypto map

Question 10

What is true about symmetrical algorithms and symmetrical crypto access lists used on VPN peers?

Answer 10

Symmetrical algorithms use the same secret (key) to lock and unlock the data. Symmetrical ACLs between two VPN peers should symmetrically swap the source and destination portions of the ACL.

Question 11

Which command reveals the ACL, transform sets, and peer information and indicate which interface is being used to connect to the remote IPSec VPN peer?

Answer 11

show crypto map