|
QUESTION 91 What is the function of the RADIUS attribute represented by the value 26?
A. It specifies accounting data specific to a particular vendor service.
B. It specifies the vendor name of the NAS.
C. It allows vendors to define out-of-band RADIUS timeouts.
D. It transmits vendor-specific attributes. Answer: D Explanation: Vendor-specific - allows vendors to support their own extended attributes that are unsuitable for general use. Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. Network Security Principles and Practices, Saadat Malik p 524
QUESTION 92 In which of the following ways does a Hash (such as MD5) differs from an Encryption (such as DES)?
A. A hash is easier to break.
B. Encryption cannot be broken.
C. A hash, such as MD5, has a final fixed length.
D. A hash is reversible.
E. Encryption has a final fixed length.
F. None of the above. Answer: C Explanation: The MD5 algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA. 'Message hashing is an encryption technique that can be used to ensure that a message has not been altered. The MD5 algorithm takes as input a clear text message of arbitrary length...The MD5 algorithm is run on the input, which produces as output a fixed-length,128-bit "message digest" or "hash" of the input.' "It is considered computationally infeasible to reverse the hash process or to produce two message having the same message digest" Managing Cisco Network Security by Michael Windstorm pg 464
QUESTION 93 Which of the following statements regarding the Diffie-Hellman key exchange is invalid?
A. The local secret key is combined with known prime numbers n and g in each router for the purposes of generating a Public key.
B. Each router uses the received random integer to generate a local secret (private) crypto key.
C. Each router combined the private key received from the opposite router with its own public key in the creation of a shared secret key.
D. The two routers involved in the key swap generate large random integers (I), which are exchanged covertly. Answer: B Explanation: more or less XvA=G^A mod P Network Security Principles and Practices, Saadat Malik p 284- 285
QUESTION 94 Exhibit:
Configuration of Router A: crypto map tag 1 ipsec-isakmp set security-association lifetime seconds 240 set security-association lifetime kilobytes 10000 Configuration of Peer Host Router B: crypto map tag 1 ipsec-isakmp set security-association lifetime seconds 120 set security-association lifetime kilobytes 20000 Router A is configured as shown. What situation will you encounter after 110 seconds and 1500 kilobytes of traffic?
A. There will be no communication between Router A and Router B because the security association lifetimes were misconfigured; they should be the same.
B. The security association will not be renegotiated until 20000 kilobytes of traffic have traversed the link, because the interval will be the greater of 2 parameters - time and kilobytes.
C. Security association renegotiation will have started by default
D. The present security associations will continue until almost 240 seconds have elapsed, assuming the same traffic pattern and rate. Answer: A Explanation:
I have heard different answers to this question. 1 is that the lesser of the values will be used. But the SA need to match which these don't.
QUESTION 95 The newly appointed Cisco Highway trainee technician wants to know which encryption algorithm is used for Microsoft Point-to-Point Encryption. What will your reply be?
A. DES CBC
B. RSA RC4
C. RSA CBC
D. DES RC4 Answer: B Explanation: MPPE uses the RSA RC4 [3] algorithm to provide data confidentiality.
QUESTION 96 What does the TFTP protocol do?
A. TFTP protocol makes use of the UDP transport layer and requires user authentication.
B. TFTP protocol makes use of the TCP transport layer and does not require user authentication.
C. TFTP protocol makes use of the UDP transport layer and does not require user authentication.
D. TFTP protocol makes use of TCP port 69.
E. TFTP protocol makes prevents unauthorized access by doing reverse DNS lookups before allowing a connection. Answer: C Explanation: TFTP does not require password authentication, and uses UDP port 69. this rules out all answers except C
QUESTION 97 What type of crypto maps and keying mechanism would advice the new Cisco Highway trainee technician to be the most secure for a router connecting to a dial PC IPSec client?
A. Static crypto maps with pre-shared keys.
B. Static crypto maps with RSA.
C. Dynamic crypto maps with CA.
D. Dynamic crypto maps with pre-shared keys. Answer: B Explanation: Dynamic crypto maps are not recommended as the required matches are very small.
QUESTION 98 Which of the following statements regarding the DLCI field in the Frame Relay header is valid?
A. It consists of two portions, namely source and destination, which map data to a logical channel.
B. It usually only has significance between the local switch and the DTE device.
C. It is an optional field in the ITU-T specification.
D. It is only present in data frames that are sent through the network. Answer: B Explanation: DLCI is only locally significant
QUESTION 99 What information will be received from the ISP authentication server when a user dials into the ISP router of a VPDN network as 'dking@abc.xzy' and the router is using TACACS+ or RADIUS authentication and authorization?
A. The tunnel-id and IP address of the Home Gateway (HGW) router based on domain abc.xzy.
B. An access-accept or access-reject (if RADIUS) or a PASS or FAIL (if TACACS) for userid dking@abc.xzy.
C. The tunnel-id, IP address of the HGW router, and the IP address of outgoing ISP router interface based on domain abc.xzy.
D. The IP address of the HGW router and IP address of the outgoing ISP router interface based on domain abc.xzy. Answer: B Explanation: The user must be authenticated first before any thing can happen (like the downloading of Access-lists)
QUESTION 100 The newly appointed Cisco Highway trainee technician wants to know what are the only two part found in a RADIUS user profile. What will your reply be?
A. Reply attributes, check attributes
B. Check items, reply attributes
C. Check attributes, reply items
D. Reply items, check items Answer: B Explanation: http://www.cisco.com/en/US/products/sw/secursw/ps4911/products_user_guide_chapter09186a008015c5bc.ht ml Step 7 Specify RADIUS-Cisco Check Item and Reply attributes: a. Click the RADIUS-Cisco attribute icon in the Profile pane. This displays the RADIUS-Cisco Options menu in the Attributes pane. b. Select Reply Attributes and Check Items in the Options menu and click Apply.
Search and Find Anything Here
|
|
