Exam Prep Questions

Question 1 Select the transforms that are considered to be stronger.
  • A. esp-null

  • B. esp-md5-hmac

  • C. esp-des

  • D. esp-3des

  • E. esp-sha-hmac

A1: Answers: D, E. 3DES uses a 168-bit encryption key, and SHA uses a 160-bit hashing key. esp-null does not provide any confidentiality services. esp-md5-hmac has a 128-bit encryption key, and esp-des uses 56-bit encryption key.
Question 2 Select the parameters that you can configure in an IKE Phase 1 policy.
  • A. PFS

  • B. Remote peer IP address

  • C. Crypto ACL

  • D. Hash algorithm

  • E. Encryption algorithm

A2: Answers: D, E. In addition, you can configure the D-H group number, the authentication method, and the IKE SA lifetime. PFS, the remote peer's IP address, and crypto ACLs are all IKE Phase 2 configurations. ...

Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.