Certification Zone - Pass the Cisco CCIE, CCNA, and CCNP certification exams

Security a Growing Topic on All Cisco R&S; Exams

Those who are not spending a great deal of time studying security topics because they are not studying for a Cisco security exam may be in for a surprise. Security finds its way into many Cisco exams. If you read the topic lists for the CCIE R&S; written and the BCRAN 642-821 exams you find very little mentioned about security, but that's not what we are hearing. People are telling us that a solid understanding of security topics is necessary if you want to pass these two exams. Topics that we've heard that are on these two exams include: AAA, IPSec, AH, ESP, and IKE. CertZone now has three excellent Study Guides on these topics:

Securing Communications Part 1 by Annlee Hines
Other VPNs by Annlee Hines
And the newly released AAA by David Wolsefer

Encryption alone can assure

	a) Privacy
	b) Confidentiality
	c) Source identity
	d) Authorship

A Digital Certificate is a Digital Signature that has been encrypted with the signer's public key.

	a) True
	b) False

Which of the following are IPSec protocols?
(Choose 2)

	a) Authentication Header (AH)
	b) Internet Key Exchange (IKE)
	c) Encapsulating Security Payload (ESP)
	d) Security Association (SA)

Which of the following are IPSec operating modes?
(Choose 2)

	a) Manual configuration mode
	b) IKE mode
	c) Tunnel mode
	d) Transport mode

IPSec VPNs offer more ________ than Layer 2 VPNs.

	a) Confidentiality
	b) Nonrepudiation
	c) Integrity
	d) All of these are correct

IPSec crypto access lists:

	a) Select/deselect traffic for IPSec processing
	b) Select/deselect traffic for passage through the interface
	c) Cause manual IPSec associations to be created
	d) All of these are correct

While IPSec can be nested with Layer 2 VPNs, it cannot be applied in multiple layers itself.

	a) True
	b) False

Which of the following is true concerning IKE?

	a) IKE authenticates IPSec peers and establishes a session to create and manage keys (if necessary)
	b) IKE occurs in two phases
	c) IKE negotiation occurs using UDP rather than TCP
	d) All of these are correct

Which AAA system(s) does CiscoSecure ACS support?

	a) Radius
	b) Tacacs
	c) Kerberos
	d) Radius and Tacacs
	e) Radius, Tacacs, and Kerberos

10.

Which AAA protocol(s) encrypt the entire body of the packet, but leaves a standard header?

	a) Radius
	b) Tacacs
	c) Kerberos
	d) Radius and Tacacs
	e) None of the above, you need IPSec ESP to do this.

Please enter the email address you would like your results emailed to. In order to take advantage of any special offers, you will need to subscribe to Certification Zone using this same address:

Email:

I would like to receive Certification Zone emails about new features, special offers, discounts, and free "Study Question of the Week" newsletter:

	Personal Study Zone

	Home
	Join Now
	About the Site
	Exam Study Assistant
	Zone Newsletter
	Testimonials
	Shop for Study Tools
	Meet the Experts
	FAQ
	Contribute
	Partner / Advertise
	Contact Us
	More Resources

"Certification Zone is the first place I look to find subject materials to study."

Mang Chau
CCNA
Canada
Read More Testimonials

Certification Zone is an independent product, not sponsored by, endorsed by, or affiliated with Cisco Systems, Microsoft Corporation, or the Field Certified Professionals Association. Cisco®, Cisco Systems®, CCNA™, CCNP™, CCIE™, CCSI™, and the Cisco Systems logo are trademarks or registered trademarks of Cisco Systems Inc. Microsoft®, Windows®, Windows 2000™, Windows 2003™, MCSA™, and MCSE™ are trademarks or registered trademarks of Microsoft Corporation. FCSA™ and FCSE™ are registered trademarks of the Field Certified Professionals Association.