Implement IPsec VPN on Cisco routers using SDM

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Questions derived from the 642-552 – Securing Cisco Network Devices Exam Cisco Self-Test Software Practice Test.

 

Objective: Implement IPsec VPN on Cisco routers using SDM
SubObjective: Describe the building blocks of IPsec and the security functions it provides

 

Item Number: 642-552.9.2.12
Multiple Answer, Multiple Choice

 

Which statements are true regarding IPSec framework protocols AH and ESP? (Choose two.)

 

 

  1. AH provides data integrity for the entire IP packet.
  2. AH does not provide data integrity for the IP header.
  3. ESP provides data integrity for the entire IP packet.
  4. ESP does not provide data integrity for the IP header.
  5. AH provides data confidentiality for the entire IP packet.

 

Answer:
A. AH provides data integrity for the entire IP packet.
D. ESP does not provide data integrity for the IP header.

 

Tutorial:
The options stating that AH provides data integrity for the entire IP packet and ESP does not provide data integrity for the IP header are correct. AH provides data integrity for the entire IP packet whereas ESP provides data integrity only for the IP payload that does not include the IP header. The combination of ESP and AH can be used for protecting the IP header of ESP-encrypted packets.

 

The option stating that AH does not provide data integrity for the IP header is incorrect because AH provides data integrity for the entire data packet including the IP header.

 

The option stating that ESP provides data integrity for the entire IP packet is incorrect because ESP provides data integrity only for the IP payload and does not provide protection to the IP header.

 

The option stating that AH provides data confidentiality for the entire IP packet is incorrect because AH does not provide data confidentiality.

 

Reference:
http://www.cisco.com/web/about/ac123/ac147/ac174/ac197/about_cisco_ipj_archive_article09186a00800c830b.html

 

Network Security Fundamentals, Chapter 12: Virtual Private Networks, IPSec, Page 277-279.
http://www.microsoft.com/technet/network/ipsec/ipsecfaq.mspx

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>