Do I Know This Already Quiz

The purpose of this assessment quiz is to help you determine how to spend your limited study time.

If you can answer most or all of these questions, you might want to skim the "Foundation Topics" section and return to it later, as necessary. Review the "Foundation Summary" section and answer the questions at the end of the chapter to ensure that you have a strong grasp of the material covered.

If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. If you find these assessment questions difficult, read through the entire "Foundation Topics" section and review it until you feel comfortable with your ability to answer all of these questions and the "Q & A" questions at the end of the chapter.

Answers to these questions can be found in Appendix A, "Answers to Quiz Questions."

1. What are the three components of AAA? (Choose the three best answers.)

a. Accounting b. Authorization c. Adapting d. Authentication

2. What Cisco IOS command must be issued to start AAA on a Cisco router?

a. aaa old-model b. aaa model c. aaa new model d. aaa new-model e. aaa new_model

3. What mathematical algorithm initiates an encrypted session between two routers by exchanging public keys over an insecure medium such as the Internet?

a. Routing algorithm b. Diffie-Hellman algorithm c. The switching engine d. The stac compression algorithm

4. Can you configure RADIUS and TACACS+ to be used on the same router?

b. Yes, provided you have the same lists names applied to the same interfaces.

c. Yes, provided you have the different lists names applied to the same interfaces.

d. Yes, provided you have the different list names applied to different interfaces.

5. How do you remotely launch ACS to a Windows 2000 device? (The remote IP address is 10.1.1.1 and the client is Internet Explorer.)

a. Type launch.

6. What RADIUS attribute is used by vendors and not predefined by RFC 2138?

a.

1

b.

2

c.

3

d.

4

e.

13

f.

26

g.

333

h.

33

7. RADIUS can support which of the following protocols?

b. OSPF

c. AppleTalk d. IPX

e. NLSP

8. When a RADIUS server identifies the wrong password entered by the remote user, what packet type is sent?

a. ACCEPT-USER

b. REJECT-USERS

c. REJECT-DENY

d. REJECT-ACCEPT

e. REJECT-ERROR

f. ACCESS-REJECT

9. Identify the false statement about RADIUS.

a. RADIUS is a defined standard in RFC 2138/2139.

b. RADIUS runs over TCP port 1812.

c. RADIUS runs over UDP port 1812.

d. RADIUS accounting information runs over port 1646.

10. What is the RADIUS key for the following configuration? If this configuration is not valid, why isn't it? (Assume that this configuration is pasted into Notepad and not on an active router.)

aaa authentication login use-radius group radius local aaa authentication ppp user-radius if-needed group radius aaa authorization exec default group radius aaa authorization network default group radius radius-server 3.3.3.3 radius-server key IlovemyMum a. The RADIUS key is IlovemyMum, and it is a valid configuration.

b. The RADIUS key is Ilovemymum, and it is a valid configuration.

c. This configuration will not work because the command aaa new-model is missing.

d. The RADIUS key is 3.3.3.3, and it is a valid configuration.

11. What is the RADIUS key for the following configuration?

aaa new-model aaa authentication login use-radius group radius local aaa authentication ppp user-radius if-needed group radius aaa authorization exec default group radius aaa authorization network default group radius radius-server 3.3.3.3 radius-server key IlovemyMum a. The RADIUS key is IlovemyMum.

b. The RADIUS key is Ilovemymum.

c. No RADIUS key exists.

12. What versions of TACACS does Cisco IOS support? (Select the best three answers.)

a. TACACS+

b. TACACS

c. Extended TACACS

d. Extended TACACS+

13. TACACS+ is transported over which TCP port number?

14. What is the predefined RADIUS server key for the following configuration?

radius-server host 3.3.3.3 radius-server key CCIEsrock a. 3.3.3.3

b. Not enough data c. CCIESROCK

d. CCIEsRock e. CCIEsrock

15. What does the following command accomplish?

tacacs_server host 3.3.3.3

a. Defines the remote TACACS+ server as 3.3.3.3

b. Defines the remote RADIUS server as 3.3.3.3

c. Nothing, because it is not a valid IOS command d. Configures a Radius server 3.3.3.3

e. An Invalid IOS command

16. Which of the following protocols does TACACS+ support?

b. AppleTalk c. NetBIOS

d. All of these

17. Which of the following key lengths are not supported by AES?

18. What is the number of bits used with a standard DES encryption key?

a. 56 bits b. 32 bits; same as IP address c. 128 bits d. 256 bits e. 65,535 bits f. 168 bits

19. What is the number of bits used with a 3DES encryption key?

a. 56 bits b. 32 bits; same as IP address c. 128 bits d. 256 bits e. 65,535 bits f. 168 bits

20. In IPSec, what encapsulation protocol encrypts only the data and not the IP header?

d. HASH

21. In IPSec, what encapsulation protocol encrypts the entire IP packet?

e. HASH

22. Which of the following is AH's IP number?

23. Which of the following is ESP's IP number?

24. Which of the following is not part of IKE phase I negotiations?

a. Authenticating IPSec peers b. Exchanging keys c. Establishing IKE security d. Negotiating SA parameters

25. Which of the following is not part of IKE phase II?

a. Negotiating IPSec SA parameters b. Periodically updating IPSec SAs c. Occasionally updating SAs (at most, once a day)

d. Establishing IPSec security parameters

26. Which is the fastest mode in IPSec?

a. Main mode b. Fast mode c. Aggressive mode d. Quick mode

27. Certificate Enrollment Protocol (CEP) runs over what TCP port number? (Choose the best two answers.)

a. Same as HTTP

b. Port 80

c. Port 50

d. Port 51

e. Port 333

f. Port 444

28. Which of the following are new features aimed at increasing wireless security? (Choose the best four answers.)

a.

TKIP

b.

AES

c.

EAP

d.

PEAP

e.

MIC

f.

802.1D

g.

ESP

h.

AH

Was this article helpful?

0 0

Post a comment