Ensurepass

QUESTION 261

Which algorithm is used to generate the IKEv2 session key?

 

A.

Diffie-Hellman

B.

Rivest, Shamir, and Adleman

C.

Secure Hash Algorithm

D.

Rivest Cipher 4

 

Correct Answer: A

 

 

QUESTION 262

Which statement is true about IKEv2 and IKEv1?

 

A.

IKEv2 can be configured to use EAP, but IKEv1 cannot.

B.

IKEv2 can be configured to use AES encryption, but IKEv1 cannot.

C.

IKEv2 can be configured to interoperate with IKEv1 on the other end.

D.

IKEv2 consumes more bandwidth than IKEv1.

Correct Answer: A

 

 

QUESTION 263

Which statement is true about IKEv2 preshared key authentication between two peers?

 

A.

IKEv2 allows usage of different preshared keys for local and remote authentication.

B.

IKEv2 allows usage of only one preshared key.

C.

IKEv2 allows usage of only one preshared key and only in hub-and-spoke topology.

D.

IKEv2 does not allow usage of preshared key authentication.

 

Correct Answer: A

 

 

QUESTION 264

How does 3DES use the DES algorithm to encrypt a message?

 

A.

encrypts a message with K1, decrypts the output with K2, then encrypts it with K3

B.

encrypts a message with K1, encrypts the output with K2, then encrypts it with K3

C.

encrypts K1 using K2, then encrypts it using K3, then encrypts a message using the output key

D.

encrypts a message with K1, encrypts the output with the K2, then decrypts it with K3

 

Correct Answer: A

 

 

QUESTION 265

Which protocol is superseded by AES?

 

A.

DES

B.

RSA

C.

RC4

D.

MD5

 

Correct Answer: A

 

 

QUESTION 266

What is the purpose of the SPI field in an IPsec packet?

 

A.

identifies a transmission channel

B.

provides anti-replay protection

C.

ensures data integrity

D.

contains a shared session key

 

Correct Answer: A

 

 

QUESTION 267

Which IPsec protocol provides data integrity but no data encryption?

 

A.

AH

B.

ESP

C.

SPI

D.

DH

 

Correct Answer: A

 

 

QUESTION 268

Which three statements about IKEv2 are correct? (Choose three.)

 

A.

INITIAL_CONTACT is used to synchronize state between peers.

B.

The IKEv2 standard defines a method for fragmenting large messages.

C.

The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.

D.

Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.

E.

NAT-T is not supported.

F.

Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLY mode.

 

Correct Answer: ACD

 

 

QUESTION 269

What entities decrypt a transmission sent by a GDOI group member?

 

A.

all group members

B.

the key server only

C.

the peer that is indicated by the key server

D.

the key server and the peer that is indicated by the key server

 

Correct Answer: A

 

 

QUESTION 270

What transport protocol and port are used by GDOI for its IKE sessions that are established between the group members and the key server?

 

A.

UDP port 848

B.

TCP port 848

C.

ESP port 51

D.

SSL port 443

E.

UDP port 4500

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 350-018 Practice Tests

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Comments are closed.