20% OFF Passleader 350-018 Study Materials Ensure 100% PASS (261-270)

QUESTION 261
Which algorithm is used to generate the IKEv2 session key?

A.    Diffie-Hellman
B.    Rivest, Shamir, and Adleman
C.    Secure Hash Algorithm
D.    Rivest Cipher 4

Answer: A

QUESTION 262
Which statement is true about IKEv2 and IKEv1?

A.    IKEv2 can be configured to use EAP, but IKEv1 cannot.
B.    IKEv2 can be configured to use AES encryption, but IKEv1 cannot.
C.    IKEv2 can be configured to interoperate with IKEv1 on the other end.
D.    IKEv2 consumes more bandwidth than IKEv1.

Answer: A

QUESTION 263
Which statement is true about IKEv2 preshared key authentication between two peers?

A.    IKEv2 allows usage of different preshared keys for local and remote authentication.
B.    IKEv2 allows usage of only one preshared key.
C.    IKEv2 allows usage of only one preshared key and only in hub-and-spoke topology.
D.    IKEv2 does not allow usage of preshared key authentication.

Answer: A

QUESTION 264
How does 3DES use the DES algorithm to encrypt a message?

A.    encrypts a message with K1, decrypts the output with K2, then encrypts it with K3
B.    encrypts a message with K1, encrypts the output with K2, then encrypts it with K3
C.    encrypts K1 using K2, then encrypts it using K3, then encrypts a message using the outputkey
D.    encrypts a message with K1, encrypts the output with the K2, then decrypts it with K3

Answer: A

QUESTION 265
Which protocol is superseded by AES?

A.    DES
B.    RSA
C.    RC4
D.    MD5

Answer: A

QUESTION 266
What is the purpose of the SPI field in an IPsec packet?

A.    identifies a transmission channel
B.    provides anti-replay protection
C.    ensures data integrity
D.    contains a shared session key

Answer: A

QUESTION 267
Which IPsec protocol provides data integrity but no data encryption?

A.    AH
B.    ESP
C.    SPI
D.    DH

Answer: A

QUESTION 268
Which three statements about IKEv2 are correct? (Choose three.)

A.    INITIAL_CONTACT is used to synchronize state between peers.
B.    The IKEv2 standard defines a method for fragmenting large messages.
C.    The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.
D.    Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.
E.    NAT-T is not supported.
F.   Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLYmode.

Answer: ACD

QUESTION 269
What entities decrypt a transmission sent by a GDOI group member?

A.    all group members
B.    the key server only
C.    the peer that is indicated by the key server
D.    the key server and the peer that is indicated by the key server

Answer: A

QUESTION 270
What transport protocol and port are used by GDOI for its IKE sessions that are established between the group members and the key server?

A.    UDP port 848
B.    TCP port 848
C.    ESP port 51
D.    SSL port 443
E.    UDP port 4500

Answer: A

20% OFF Passleader 350-018 Study Materials Ensure 100% PASS