多項選擇題Which of the following statements that describe Diffie Hellman Key exchange are correct? ()

A. A DH key exchange is an algorithm that utilizes asymmetric cryptographic keys.
B. The DH key exchange is used to establish a shared secret over an insecure medium during an IPSec phase 1 exchange.
C. The DH exchange is susceptible to man-in-the-middle attacks.
D. The DH exchange is used to authenticate the peer device duringan IPSec phase 1 exchange.
E.A DH exchange provides Perfect Forward Secrecy (PFS).


您可能感興趣的試卷

你可能感興趣的試題

1.多項選擇題Select the two correctstatements from the list below that describe DES and 3DES: ()

A. 3DES is muchmore secure than DES.
B. Both DES and 3DES are stream ciphers.
C. DES uses 64 bitkeys, although the effective key lengthis only 56bits.
D. The decryption operation for both DES and 3DES is the same as the encryption operation.
E. DES can only be used for encryption, whereas 3DES can also be used for authentication.

2.多項選擇題Which of the following is true about RADIUSV end or Specific Attribute? ()

A. The RADIUSVendor Specific Attribute type is decimal 26.
B. A radius server that does not understandthevendor-specific information sent by a clientmust reject the authentication request.
C. A vendor can freely choose theVendor-ID it wants to use when implementing Vendor Specific Attributes as long as the same Vendor-ID is used on all of its products.
D. Vendor Specific AttributeMUST include the Length field.
E. In Cisco’s Vendor Specific Attribute implementation, vendor-ID of 1 is commonly referred to as Cisco AV(Attribute Value) pairs.
F. Vendor Specific Attributes use a RADIUS attribute type between 127 and 255.

3.單項選擇題Which one of the following is NOT a valid RADIUS packet type?()

A. Access-reject
B. Access-response
C. Access-challenge
D. Access-reply
E. Access-accept

4.單項選擇題Which is a benefit of implementing RFC 2827?()

A.Prevents DoS from legimate, non-hostile end systems
B.Prevents disruption of "special services", such as Mobile IP
C.Defeats DoS Attacks which employ IPSource Address Spoofing
D.Restricts directed broadcasts at the ingress router
E.Allows DHCP or BOOTP packets to reach the relay agents asappropriate

5.單項選擇題When configuring a Cisco Adaptive Security Appliance in multiple context mode, which of the follow capabilities are supported?()

A. Multicastis supported
B. Dynamic routing protocols are supported
C. VPN configurations are supported
D. Static routes are supported

6.單項選擇題When configuring system state conditions with the Cisco SecurityAgent, what is the resulting action when configuring more than one system state condition? ()

A.Any matching state condition will result with the state being triggered
B. Once a state condition ismet, the system ceases searching further conditions and will cause the state condition to trigger
C. All specified state conditions are used as part of the requirements tobe met to for the state to trigger
D. Once the state conditions are met, they become persistent and can only be removed using the Reset feature

7.多項選擇題The RiskRating for an IPS signatureis calculatedusing four primary components. Select the four components below.   ()

A. SignatureFidelity Rating
B. Alert Severity Rating
C. Exploit Probability Rating
D. Target Value Rating
E. Attack Relevancy Rating

8.多項選擇題An IPS sensor with3 sniffing interfaces can be configuredas:  ()

A. 3 promiscuous sensors
B. 3 inline sensors
C. 1 inline sensor, 1 promiscuous sensor
D. 2 inline sensors, 1 promiscuous sensors

9.多項選擇題Given the topology of a server (with IP 209.165.202.150) protected behind the inside interface of an ASA/PIX,and the Internet on the outside interface. Users on the Internet need to access the server at any time, but the firewall administrator does not want to NAT the address of the server - since itis currentlya public address. Which of the following commands can be used to accomplish this? ()

A. nat (inside) 0 209.165.202.150 255.255.255.255
B. access-list no-nat permit ip host209.165.202.150 anynat(inside) 0 access-list no-nat
C. static(inside,outside) 209.165.202.150 209.165.202.150 netmask 255.255.255.255
D. no nat-control
E. nat (inside) 1 209.165.202.150 255.255.255.255

最新試題

Which statements are true concerning NAT? ()

題型:多項選擇題

When implementing best practices for IP Source Address Spoofing and Defeating Denial of Service Attacks with IP SourceAddress Spoofing, what RFC is commonly usedto protect your network?()

題型:單項選擇題

Which of the following statements that describe Diffie Hellman Key exchange are correct? ()

題型:多項選擇題

What technologies are included inAnti-X? ()

題型:多項選擇題

Which SSL protocol takes anapplication message tobe transmitted, fragments the datainto manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit ina TCPsegment?()

題型:單項選擇題

What are the header sizes for point-to-point and multi-point GRE(also known asmGRE) with tunnel key?()

題型:單項選擇題

Which should be the key driver for a company security policy’s creation, implementation and enforcement?()

題型:單項選擇題

When implementing internet standards you are required to follow RFC’s processes and procedures based onwhat RFC?()

題型:單項選擇題

What group in Cisco IOS does 1536-bit Diffie-Hellman prime modulus equivalent too?()

題型:單項選擇題

Which IOS QoS mechanism is used strictly to rate limit traffic destinedto the router itself?()

題型:單項選擇題