PrepAway - Latest Free Exam Questions & Answers

Which of the following commands will configure a static…

Which of the following commands will configure a static pointtopoint VTI tunnel to use 128bit encryption?
(Select the best answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
crypto ipsec transform-set set1 esp-aes esp-sha-hmac

B.
crypto ipsec transform-set set1 esp-des esp-sha-hmac

C.
crypto ipsec transform-set set1 esp-3des esp-sha-hmac

D.
crypto ipsec transform-set set1 esp-seal esp-sha-hmac

E.
crypto ipsec transform-set set1 esp-null esp-sha-hmac

Explanation:
The crypto ipsec transform-set set1 esp-aes esp-sha-hmac command will configure a static pointtopoint virtual
tunnel interface (VTI) tunnel to use 128bit encryption. The syntax of the crypto ipsec transformset command is
crypto ipsec transform-set transformname transform1 [transform2] [transform3] [transform4]. Up to four
transforms can be specified in an IP Security (IPSec) transform set: one Encapsulating Security Payload (ESP)
authentication transform, one authentication header (AH) transform, one ESP encryption transform, and one IP
compression transform. For example, the crypto ipsec transformset set1 esp-aes esp-sha-hmac command
specifies one ESP encryption transform and one ESP authentication transform? an AH transform and an IP
compression transform could also be specified.
The following keywords can be used to specify the ESP encryption transform:
– esp-aes
– esp-aes 192
– esp-aes 256
– esp-des
– esp-3des
– esp-seal
– esp-null
When the esp-aes keyword is issued without additional parameters, the 128bit Advanced Encryption Standard
(AES) encryption algorithm is used. When the esp-aes 192 or esp-aes 256 keyword is issued, 192bit AES or
256bit AES is used, respectively.
The esp-des keyword does not configure a static pointtopoint VTI tunnel to use 128bit encryption. Data
Encryption Standard (DES) offers only 56bit encryption.
The esp-3des keyword does not configure a static pointtopoint VTI tunnel to use 128bit encryption. Triple DES
(3DES) offers 168bit encryption.
The esp-seal keyword does not configure a static pointtopoint VTI tunnel to use 128bit encryption.
Softwareoptimized Encryption ALgorithm (SEAL) offers 160bit encryption.
The esp-null keyword does not configure a static pointtopoint VTI tunnel to use 128bit encryption. The esp-null
keyword configures ESP to use null encryption.

Cisco: Cisco IOS Security Command Reference: crypto ipsec transformset


Leave a Reply