684 Appendix A: Answers to Review Questions
8
What network layer addresses should always be blocked from entering your network from
the outside?
127.0.0.0, 192.168.0.0, 172.16.1631.0, 10.0.0.0, and any inside network layer addresses.
9
Of the two key similar exchange mechanisms Diffie-Hellman and Oakley, which is
considered superior?
Oakley is superior, but Diffie-Hellman might be used more.
10
What does PKI stand for?
Public Key Infrastructure.
11
What does SHA authenticate?
SHA authenticates packet data.
12
Does ESP encrypt the IP Header?
No. Authentication Header protocol encrypts the header of the IP packet. ESP encrypts
only the payload portion.
13
Does L2F support multiprotocol?
No. Cisco's L2F is a Layer 2 tunneling protocol.
14
Does L2TP support multiprotocol?
Yes.
15
What is the name of the product that replaced NetRanger?
Intrusion Detection System (IDS).
16
Where would the local network server be located--at the ISP or on the customer's
property?
At the customer's location. The L2TP Access Concentrator is located at the ISP.
17
What does the authentication header protect?
It protects the entire datagram by embedding the header into the payload portion of the
packet.
18
How many bits does the MD5 hash encrypt with?
128.
19
What are the router commands that are used for exchanging keys called?
Crypto maps.
20
Name three layers that CBAC examines.
Network, Transport, Application.
87200333.book Page 684 Wednesday, August 22, 2001 1:41 PM