Cisco IOS IPSec Certificate Authority Support Questions Answers
Questions
|
1. |
A digital certificate is conceptually most like which type
of document?
-
Event admission ticket
-
Vehicle license plate
-
Passport
-
Social Security card |
|
|
2. |
Which of the following is not a common
name for a database service running on an existing or dedicated server that
allows users to submit and retrieve digital certificates?
-
Certificate server
-
CRL
-
Cert server
-
Key server |
|
|
3. |
What does the acronym PKI stand for?
-
PIX Key Interchange
-
Private Key Interchange
-
Public Key Infrastructures
-
PIX Key Interface |
|
|
4. |
Digital certificates are generated by which of the
following?
-
Sending peer
-
Certificate authority
-
Receiving peer
-
The government |
|
|
5. |
When checking a certificate against a CRL, what happens if a
match occurs?
-
The certificate is accepted
-
A new CRL is requested
-
The certificate is rejected
-
The request is sent to the CA |
|
|
6. |
Which of the following is a server that acts as a proxy for
the CA, so CA functions can continue when the CA is offline or otherwise
unavailable?
-
CRL
-
CAR
-
CA
-
RA |
|
|
7. |
Which of the following is an initiative for furthering open
development for certificate-handling protocols that can help ensure
interoperability with devices from many vendors?
-
PKI
-
CA
-
LDAP
-
SCEP |
|
|
8. |
Which of the following is not a CA
provider supported by the Cisco IOS?
-
Entrust Technologies, Inc.
-
Symantic
-
VeriSign
-
Microsoft |
|
|
9. |
Which is the IKE keyword for CA support authentication
method?
-
rsa-sig
-
pki
-
rsa-encr
-
preshare |
|
|
10. |
Which command specifies that certificates and CRLs should not be stored locally, but should be retrieved from the CA as
needed?
-
no ntp peer ip-address
-
crypto key generate rsa
-
crypto ca identity
-
crypto ca certificate query
|
|
|
11. |
In the following command, what does the word “six”
represent? Rtr1(config)#clock timezone CST -6
-
The number six is a sequence number
-
Six hours behind NY standard time
-
Six hours behind UTC/GMT
-
Six hours ahead of UTC/GMT |
|
|
12. |
Given the following command, how many RSA key pairs will be
generated? Rtr1(config)#crypto key generate rsa usage-keys
-
1
-
2
-
3
-
4 |
|
|
13. |
Which command is used to define the CA?
-
crypto ca enroll
-
crypto ca identity
-
crypto ca authenticate
-
crypto key zeroize rsa |
|
|
14. |
Which command removes all certificates associated with the
CA—the router’s certificate, the CA certificate, and any RA certificates?
-
no named-key key-name
-
no crypto ca identity
-
crypto key zeroize rsa
-
no certificate |
|
|
15. |
Which of the following is not required
for CA support on Cisco IOS devices?
-
Hostname defined
-
Special-usage keys ordered
-
Domain name defined
-
Software clock set |
|
Answers
|
1. |
C. Passport |
|
2. |
B. CRL |
|
3. |
C. Public Key Infrastructures
|
|
4. |
B. Certificate authority |
|
5. |
C. The certificate is rejected—it has been
revoked |
|
6. |
D. RA |
|
7. |
D. SCEP—Simple Certificate Enrollment
Protocol |
|
8. |
B. Symantic |
|
9. |
A. rsa-sig |
|
10. |
D. crypto ca certificate
query |
|
11. |
C. Six hours behind UTC/GMT |
|
12. |
B. 2 |
|
13. |
B. crypto ca identity
|
|
14. |
B. no crypto ca identity
|
|
15. |
B. Special-usage keys ordered |
531 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
