网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
IPSec中安全关联(Security Associations)三元组是( )。
A.<安全参数索引SPI,目标IP地址,安全协议>
B.<安全参数索引SPI,源IP地址,数字证书>
C.<安全参数索引SPI,目标IP地址,数字证书>
D.<安全参数索引SPI,源IP地址,安全协议>
B.<安全参数索引SPI,源IP地址,数字证书>
C.<安全参数索引SPI,目标IP地址,数字证书>
D.<安全参数索引SPI,源IP地址,安全协议>
参考答案
参考解析
解析:两台路由器要建立IPSec VPN连接,就需要保证各自采用加密、摘要、对称密钥交换、安全协议的参数是一致的。但是IPSec协议并没有确保这些参数一致的手段。同时,IPSec没有规定身份认证,无法判断通信双方的真实性,这就有可能出现假冒。
因此,在两台IPSec路由器交换数据之前就要建立一种约定,这种约定就称为SA。安全关联(Security Association,SA)是单向的,在两个使用IPSec的实体(主机或路由器)间建立的逻辑连接,定义了实体间如何使用安全服务(如加密)进行通信。SA包含了安全参数索引(Security Parameter Index,SPI)、IP目的地址、安全协议(AH或者ESP)三个部分。
因此,在两台IPSec路由器交换数据之前就要建立一种约定,这种约定就称为SA。安全关联(Security Association,SA)是单向的,在两个使用IPSec的实体(主机或路由器)间建立的逻辑连接,定义了实体间如何使用安全服务(如加密)进行通信。SA包含了安全参数索引(Security Parameter Index,SPI)、IP目的地址、安全协议(AH或者ESP)三个部分。
更多 “IPSec中安全关联(Security Associations)三元组是( )。A. B. C. D. ” 相关考题
考题
NAT无法多路传输IPSec数据流。ESP保护的IPSec流量没有包含可见的TCP或UDP报头。 ESP报头位于IP报头和加密的TCP或UDP报头之间,并且使用IP协议号50。因此,TCP或UDP端口号就无法将流量多路传输到不同的专用网主机。ESP报头包含一个名为Security Parameters Index(安全参数索引,SPI)的字段。SPI与明文(plaintext)IP报头中的目标IP地址和IPSec安全协议(ESP或AH)结合起来用于识别IPSec安全关联(SA)。应该如何解决?
考题
1P安全性(1P security,IPSee)提供了在局域网、广域网和互联网中安全通信的能力。关于IP安全性下列说法不正确的是______。A.IPSec可提供同一公司各分支机构通过的安全连接B.IPSec可提供远程安全访问C.IPSee可提高电子商务的安全性D.IPSec能在IP的新版本IPv 6下工作,但不适应IP目前的版本IPv 4
考题
●IPSec中安全关联(Security Associations)三元组是(45)。(45)A.安全参数索引SPI,目标IP地址,安全协议B.安全参数索引SPI,源IP地址,数字证书C.安全参数索引SPI,目标IP地址,数字证书D.安全参数索引SPI,源IP地址,安全协议
考题
IP安全性(IP Security,IPSec)提供了在局域网、广域网和因特网中安全通信能力。关于IP安全性下列说法不正确的是(28)。A.IPSec可提供同一公司各分支机构通过的安全连接B.IPSec可提供对的远程安全访问C.IPSec可提高电子商务的安全性D.IPSec能在IP的新版本IPv6下工作,但不适应IP目前的版本IPv4
考题
关于IPSec协议以下描述错误的是:
A. IPSec不是一个单独的协议,它是为保证IP及其上层协议的安全而制定的开放安全标准
B. IPSec协议使用IKE实现安全参数协商
C. AH和ESP协议都属于IPSec协议的一部分,它们都为IPSec提供数据保密和数据流保密等服务
D. 安全策略数据库和安全关联数据库是IPSec数据处理中必须的数据库
考题
IPsec, also known as the internet Protocol ( ) , defines the architecture for security services for IP network traffic IPsec describes the framework for providing security a the IP layer, as well as the suite of protocols designed to provide that security: through_ ( )_ and encryption of IP network packets. IPec can be used 10 protect network data, for example, by setting up circuits using IPsec ( ), in which all data being sent between two endpoints is encrypted, as with a Virtual (请作答此空) Network connection ;for encrypting application layer data ;and for providing security for routers sending routing data across the public internet. Internet traffic can also be secured from host to host without the use of IPsec, for example by encryption at the ( ) layer with HTTP Secure (TTPS)or an the transport layer wit the Transport Layer Security (TLS)protocol.A.pubic]
B.private]
C.personal
D.proper
考题
Which of the following commands will display a router’s crypto map IPsec security associationsettings?()A、show crypto map ipsec saB、show crypto mapC、show crypto engine connections activeD、show ipsec crypto mapE、show crypto map saF、show ipsec crypto map sa
考题
以下关于互联网协议安全(Internet Protocol Security,IPsec)协议说法错误的是()A、在传送模式中,保护的是IP负载B、验证头协议(Authentication Head,AH)和IP封装安全载荷协议(Encapsulating Security Payload,ESP)都能以传输模式和隧道模式工作C、在隧道模式中,保护的是整个互联网协议(Internet Protocol,IP)包,包括IP头D、IPsec仅能保证传输数据的可认证性和保密性
考题
Which two parameters are configured in IPsec policy?()A、modeB、IKE gatewayC、security proposalD、Perfect Forward Secrecy
考题
Which two configuration elements are required for a policy-based VPN?()A、IKE gatewayB、secure tunnel interfaceC、security policy to permit the IKE trafficD、security policy referencing the IPsec VPN tunnel
考题
关于IPSec安全联盟(Security Association)的说法正确的是()。A、IPSec对数据流提供的安全服务通过安全联盟SA来实现B、一个安全联盟SA就是两个IPSec系统之间的一个单向逻辑连接C、输入数据流和输出数据流由输入安全联盟与输出安全联盟分别处理D、安全联盟可通过手工配置和自动协商两种方式建立
考题
IPSec中安全关联(SecurityAssociations)三元组是()。A、安全参数索引SPI,目标IP地址,安全协议B、安全参数索引SPI,源IP地址,数字证书C、安全参数索引SPI,目标IP地址,数字证书D、安全参数索引SPI,源IP地址,安全协议
考题
Regarding an IPsec security association (SA), which two statements are true?()A、IKE SA is bidirectional.B、IPsec SA is bidirectional.C、IKE SA is established during phase 2 negotiations.D、IPsec SA is established during phase 2 negotiations.
考题
Your network contains a DNS server that has a reverse lookup zone for all of your network segments. You have a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). An IP security policy is assigned to Server1. You verify IPSec traffic and see that the current security associations display only by IP address. You need to view the fully qualified domain names for all security associations. What should you do?()A、From the DNS console, add Server1 as a name server.B、From the DNS console, change dynamic updates to Secure only.C、From IP Security Monitor on Server1, enable DNS name resolution.D、From IP Security Monitor on Server1, create a new taskpad view.
考题
You are the administrator of an Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. A server named Filesrv1 contains confidential data that is only available to users in the human resources (HR) department. You want all computers in the HR department to connect to Filesrv1 by using an IPSec policy. You assign the Server (Request Security) IPSec policy to Filesrv1. Using Network Monitor, you notice that some computers in the HR department connect to Filesrv1 without using the IPSec policy. You need to configure Filesrv1 to ensure that all computers connect to it by using the IPSec policy. What should you do?()A、Assign the Secure Server(Require Security) IPSec policy.B、Assign the Client (Respond Only)IPSec policy.C、Unassign the Server(Request Security IPSec policy.D、Restart the IPSec Services service.
考题
Your network contains a server named Server1 that runs Windows Server 2003 Service Pack 2 (SP2). Server1 has IPSec enabled. Several users report that they cannot connect to Server1. You need to see how many IPSec connection attempts failed due to authentication failures. What should you do?()A、From IP Security Monitor, view the Main Mode Statistics.B、From Microsoft Baseline Security Analyzer, scan Server1.C、From the Security event log, view the events from the IPSec source.D、From System Monitor, add the IPSec V4 Driver : Active Security Associations counter.
考题
以下关于IPSec协议的描述哪一条是错误的?()A、IPSec中AH协议为报文提供数据源认证、完整性检测和重放攻击保护B、IPSec中ESP协议还提供了数据保密和有限数据流保密C、IPSec中IKE协议用来选择加密算法。D、IPSec中SA称之为安全关联,它决定了两个主机间通信的安全特征
考题
单选题Which of the following commands will display a router’s crypto map IPsec security associationsettings?()A
show crypto map ipsec saB
show crypto mapC
show crypto engine connections activeD
show ipsec crypto mapE
show crypto map saF
show ipsec crypto map sa
考题
单选题Which operational mode command displays all active IPsec phase 2 security associations?()A
show ike security-associationsB
show ipsec security-associationsC
show security ike security-associationsD
show security ipsec security-associations
考题
单选题在IPSec安全服务协议中,当建立安全关联的一端是安全网关时,只能使用()的安全关联。A
传输模式B
隧道模式C
通配模式D
交换模式
热门标签
最新试卷
