CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources]

Greg Bastien; Earl Carter; Christian Degu

نسخه متنی -صفحه : 191/ 80
نمايش فراداده

  • "Do I Know This Already?" Quiz

    The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

    The ten-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

    1.

    Which type of encryption is stronger?

    1. Group 2 Diffie-Hellman

    2. AES-128

    3. 3DES

    4. AES-192

    5. DES

    2.

    Which service uses UDP port 500?

    1. IPSec

    2. OAKLEY

    3. IKE

    4. None of the above

    3.

    Which service uses TCP port 50?

    1. IKE

    2. AH

    3. OAKLEY

    4. ESP

    5. None of the above

    4.

    What is the size of the output for a MD5 hash?

    1. There is no fixed size.

    2. 256 bits

    3. 255 bits

    4. 128 bits

    5. None of the above

    5.

    What is the most scalable VPN solution?

    1. Manual-ipsec with CAs

    2. IKE using OAKLEY

    3. IKE using CAs

    4. CAs using preshared keys

    5. None of the above

    6.

    What is the function of the access list with regard to VPNs?

    1. It tells the PIX what traffic should be allowed.

    2. It tells the PIX what traffic should be encrypted.

    3. It tells the PIX what traffic should be denied.

    4. None of the above

    7.

    What is the configuration value for the unlimited ISAKMP phase 1 lifetime?

    1. Unlim

    2. 99999

    3. 86400

    4. 19200

    5. 0

    8.

    The X509v3 standard applies to which standard or protocol?

    1. Authentication Header format

    2. ESP header format

    3. Digital certificates

    4. Diffie-Hellman negotiation

    5. AES encryption

    9.

    What are three types of VPNs?

    1. Hardware, software, and concentrator

    2. Manual, dynamic, and very secure

    3. Dialup, cable, and LAN

    4. Access, intranet, and extranet

    5. Internet, extranet, and dialup

    10.

    What command will allow you to watch the IKE negotiations?

    1. debug isakmp sa

    2. debug crypto isakmp

    3. view isakmp neg

    4. view crypto isakmp

    5. debug isakmp crypto

    The answers to the "Do I Know This Already?" quiz are found in Appendix A, "Answers to the ''''Do I Know This Already?'''' Quizzes and Q&A Sections." The suggested choices for your next step are as follows: