Practice Questions

Question 1

How does IPSec differ from SSH, SSL, and TLS?

Answer 1

It is the only protocol that does NOT operate in the upper layers of the OSI model (TSPA)

Question 2

What three protocols make up IPsec and perform its functions.

Answer 2

Security Association (SA), Authentication Header (AH), Encapsulating Security Payload (ESP)

Question 3

What is Security Association (SA) ?

Answer 3

Establishes secure connections, using either certificates or cryptographic keys.

Question 4

Authentication Header (AH)

Answer 4

The authentication information is a keyed hash based on the bytes in the packet. It can be used with (ESP).
IT can also protect against replay attacks by employing sliding window protocols, which puts limits on the total amount of packets that can be transmitting in a period of time.

Question 5

Encapsulating Security Payload (ESP)

Answer 5

The final product is encapsulated and encrypted; providing CIA.

Question 6

What is a PKI in its broadest sense?

Answer 6

Public Key Infrastructure is a complete environment for the public key, including hardware, software, and procedures

Question 7

What does a certificate do?

Answer 7

Certificates bind a users identity with a public key.

Question 8

How are certificates validated?

Answer 8

Computer initiates a certificate signing request (CSR) with proof of the users identity. If the website is invalid or the certificate is suspicious, it may be placed on a (CRL)

Question 9

What two items are included in a digital certificate?

Answer 9

User’s public key, certificate authority’s digital signature

Question 10

Rick has a local computer that uses software to generate and store key pairs. What type of PKI implementation is this?

Answer 10

Centralized?

Question 11

Which of the following is usually used with L2TP?

Answer 11

IPSec

Question 12

What ensures that a CRL is authentic and has not been modified?

Answer 12

The CRL is digitally signed by the CA

Question 13

What encryption concept is PKI based on?

Answer 13

Asymmetric

Question 14

You are in charge of PKI certificates. What should you implement so that stolen certificates cannot be used?

Answer 14

CRL

Question 15

What network protocol sends data between two computers while using a secure channel, and has since replaced telnet.

Answer 15

SSH

Question 16

What protocol uses port 443?

Answer 16

HTTPS

Question 17

What protocol creates an unencrypted tunnel by itself, and is usually combined with IPSec?

Answer 17

L2TP

Question 18

Which layer of the OSI model does IPSec operate at?

Answer 18

Layer 3 (Network)

Question 19

Which layer of the OSI model is where SSL provides encryption?

Answer 19

Session layer

Question 20

What should you do to make sure that a compromised PKI key cannot be used again?

Answer 20

Revoke the key

Question 21

What does IPSec do and which layer does it operate at?

Answer 21

IPSec authenticates and encrypts IP Packets, and works at the network layer of the OSI model.

Question 22

What is IPSec’s AH based on?

Answer 22

All of the bytes in a packet

Question 23

What should you publish a compromised certificate to?

Answer 23

CRL

Question 24

What uses an asymmetric key to establish a session then a symmetric key for communications.

Answer 24

SSL

Question 25

What is a Key Escrow?

Answer 25

A secure copy of a users encryption key in case it gets lost