FinalExam-NS2 (V2 0)

Exam Viewer - Final Exam - Network Security 2 (Version 2.
0)
Close Window
Assessment System
Exam Viewer - Final Exam - Network Security 2 (Version

2.0)
Below you will find the assessment items as presented on the exam as well as the scoring rules associated with the item.
Use of the exam information in the Exam Viewer is subject to the terms of the Academy Connection Website Usage Agreement between you and Cisco.
The purpose of the Exam Viewer is to support instruction while not compromising exam security for other Cisco Networking Academies or students. This
material should not be distributed outside a proctored and controlled setting. If misuse is found, action will be taken to limit access to assessment content.
Please remember to logout and close your browser window after using the Exam Viewer.
1 What is the difference between atomic and compound IDS signatures?

Atomic signatures require only one packet to be inspected to identify an alarm, while compound signatures require multiple packets
to be inspected to identify an alarm.
Atomic signatures require multiple packets to be inspected to identify an alarm, while compound signatures require only one packet
to be inspected to identify an alarm.
Atomic signatures detect information-gathering activity, while compound signatures detect attacks attempted into the protected
network.
Atomic signatures detect attacks attempted into the protected network, while compound signatures detect information-gathering
activity.
Scoring Rule For: correctness of response
2 points for Option 1

0 points for any other option
Max Value = 2
This item references content from the following areas:
Network Security 2
● 1.2.2 Types of signatures
http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (1 of 30)11/29/2007 3:33:07 PM

Exam Viewer - Final Exam - Network Security 2 (Version 2.0)
2 A network administrator needs to secure a corporate network made up of Cisco routers and switches against intrusion. Due to budget
constraints, the administrator is unable to purchase additional devices or hardware modules. Which Cisco product provides an effective
solution?
Cisco IDS Network Module
Cisco IPS 4240
Cisco IDSM-2
Cisco IOS IPS

Max Value = 2
Network Security 2
● 1.3.1 Cisco integrated solutions
3 Which method of detecting anomalies is used by the Cisco PIX IDS feature?
signature
heuristic
artificial intelligence
deterministic

Max Value = 2
Network Security 2
● 2.3.1 Intrusion detection and the PIX Security Appliance

4 During some testing, the PIX Security Appliance IDS was configured to exclude the ICMP Echo Reply signature. The Echo Reply
Message Number is 400010 and its Signature ID is 2000. Which command should be executed to include the Echo Reply signature
again?
pixfirewall(config)# ip audit signature 400010 enable
pixfirewall(config)# ip audit signature 2000 enable
pixfirewall(config)# no ip audit signature 2000 disable
pixfirewall(config)# no ip audit signature 400010 disable

Max Value = 2
Network Security 2
● 2.3.2 Configure intrusion detection
5 Which feature was introduced in Cisco PIX Firewall Software Version 6.2 to reduce CPU utilization while verifying the validity of
incoming TCP sessions?
TCP SYN attack
TCP Intercept
SYN cookies
AAA Flood Guard

Max Value = 2
Network Security 2
● 2.2.5 SYN Flood Guard

6 What is the function of the DNS Guard feature of the Cisco PIX Security Appliance?
It ensures that the full UDP timeout period is available for each DNS query.
It tears down the UDP conduit as soon as the first DNS response is received.
It drops attempted connections to internal DNS servers after a configured maximum is reached.
It allows port 53 UDP connections only to specifically configured DNS servers.

Max Value = 2
This item references content from the following

areas:
Network Security 2
● 2.2.2 DNS Guard
7 A host IP address has been shunned by the PIX Security Appliance. Which would apply to traffic originating from that IP address?
All packets would be blocked until the default blocking time had expired.
All packets would be blocked unless they entered the PIX Security Appliance from a trusted network.
All packets would be blocked regardless of the PIX Security Appliance interface that they arrived on.
All packets would be blocked unless an ACL specifically allowed the packets.

Max Value = 2
Network Security 2
● 2.4.1 Overview of shunning

8 Which two statements correctly describe the FragGuard and Virtual Reassembly features of a PIX Security Appliance? (Choose two.)
Full assembly is performed on ICMP error messages and the buffer space that must be reserved is minimized.
Full assembly is performed on all IP fragments, except ICMP error messages, and the buffer space that must be reserved is
maximized.
Virtual assembly is performed on all IP fragments, except ICMP error messages, and the buffer space that must be reserved is
minimized.
Virtual assembly is performed on ICMP error messages and the buffer space that must be reserved is maximized.
Option 1 and Option 3 are correct.

1 point for each correct option.
0 points if more options are selected than required.
Max Value = 2
Network Security 2
● 2.2.3 FragGuard and Virtual Reassembly
9 What is the name of an encryption system which uses the same key to encrypt and decrypt a message?
Diffie-Hellman
asymmetric encryption
symmetric encryption
MD5
SHA

Max Value = 2
Network Security 2
● 3.1.1 Symmetrical encryption

10 The originator of a message derives a hash and encrypts it with its private key. The encrypted hash is attached to the message and
forwarded to the remote end. At the remote end, the encrypted hash is decrypted using the originator's public key. If the decrypted hash
matches the re-computed hash, the message is genuine. What is being described?
the incorrect use of a hash
the use of a digital signature for origin authentication
symmetric encryption for enhanced secrecy of data
public key encryption for the secure encryption of data
the use of a digital signature for data encryption

Max Value = 2
Network Security 2
● 3.2.3 Digital signatures and certificates
11 What is the role of a crypto extended ACL that is applied to an outbound interface?
It permits or denies all traffic based on a protocol or an IP address.
It denies traffic based on a protocol and an encryption algorithm.
It permits only encrypted traffic.
It selects outbound traffic to be encrypted.

Max Value = 2


areas:
Network Security 2
● 3.6.8 IKE and IPSec
12 What is the purpose of the security parameter index (SPI) within the IPSec framework?
It identifies the encryption algorithm being used.
It identifies each established SA.
It identifies the IPSec mode being used.
It identifies the hash algorithm being used.

Max Value = 2
Network Security 2
● 3.6.5 Security associations
13 How will the IPSec process be initiated when IPSec is configured on a router?
IPSec actively monitors all traffic and discards it if it is not in an IPSec policy.
IPSec is initiated to establish a connection or discard traffic that is specifically denied by an ACL.
IPSec is initiated to establish a connection or discard traffic that fails to match any ACL.
IPSec is initiated when a packet triggers an ACL that defines traffic to be protected.

Max Value = 2

Network Security 2
● 3.6.6 Five steps of IPSec
14 A remote user launches a web browser to establish a secure tunnel connection across a public network to corporate headquarters. This
is an example of which type of VPN connection?
NAS-initiated remote-access VPN
router-initiated site-to-site VPN
client-initiated remote-access VPN
router-initiated site-to-site VPN

Max Value = 2
Network Security 2
● 3.4.2 Remote access VPNs
15 How is hashing used to protect data transmission?

A hash is transmitted to identify the source of data.
A hash is transmitted to guarantee the transmission of data.
A hash is transmitted to guarantee the confidentiality of data.
A hash is transmitted to guarantee the data has not been altered.

Max Value = 2


areas:
Network Security 2
● 3.2.1 Hashing
16 Which two are IPSec security protocols? (Choose two.)

SHA-1
MD5
ESP
AH
GRE
L2TP

Max Value = 2

areas:
Network Security 2
● 3.6.1 Overview
17 Which three are functions of the AH protocol? (Choose three.)

packet sender authentication
header encryption
replay detection/protection
packet integrity assurance
payload encryption

Option 1, Option 3, and Option 4 are correct.

Max Value = 3
Network Security 2
● 3.6.2 Authentication Header (AH)
18 Which IPSec protocol provides encryption protection for the data in a packet, but does not protect the outer headers in the transport
mode?
AH
MD5
ESP
GRE
CET

Max Value = 2
Network Security 2
● 3.6.3 Encapsulating Security Payload (ESP)
19 Which two are examples of common hashing algorithms? (Choose two.)

HMAC-MD5
HMAC-3DES
HMAC-AES
HMAC-SHA-1
HMAC-DES


Max Value = 2
Network Security 2
● 3.2.2 Hashed Method Authentication Code (HMAC)
20 When creating more than one crypto map entry for a given interface, an administrator can assign a sequence number for each map
entry. Which statement is true about the sequence number for crypto map entries?
The lower the sequence number, the higher the priority.
The higher the sequence number, the higher the priority.
The priority is based on the IP address of the IPSec peer.
The priority is in the order of the entries of configuration commands entered.

Max Value = 2
Network Security 2
● 4.3.5 Step 4 – Create crypto maps
21 Which statement accurately describes a site-to-site VPN using pre-shared keys for the authentication of IPSec sessions?
It is relatively simple to configure, and it scales well for large numbers of IPSec clients.
It is relatively simple to configure, but it does not scale well for large numbers of IPSec clients.
It is relatively complex to configure, but it scales well for large numbers of IPSec clients.
It is relatively complex to configure, and it does not scale well for large numbers of IPSec clients.


Max Value = 2
Network Security 2
● 4.1.1 IPSec encryption with pre-shared keys
22 For each unidirectional security association (SA) during IKE phase two, how many transform proposals are agreed upon by IPSec
peers?
1
2
4
8
16

Max Value = 2
Network Security 2
● 4.3.2 Step 1 – Configure transform set suites

23
Which Cisco IOS command generated the output shown in the graphic?
debug crypto ipsec
debug crypto isakmp
debug crypto socket
debug ip peer
show crypto isakmp policy

Max Value = 2
Network Security 2
● 4.4.6 Enable debug output for IPSec events
24 Which three steps should be accomplished when preparing to configure IPSec with digital certificates for authentication? (Choose
three.)
Plan for CA support.
Ensure that ACLs are compatible with the transform set.
Determine the ISAKMP policy.
Ensure that ACLs are compatible with IPSec.
Determine the RSA policy.
Plan the shared secrets between peers.


Max Value = 3
Network Security 2
● 5.2.2 Task 1 – prepare for IKE and IPSec
25 RSA key pairs are used to sign and encrypt IKE key management messages and are required before obtaining a certificate for the
router. Which statement is true regarding special-usage keys?
Special-usage keys use a maximum of 1024 bits instead of the 2048 bits that are used with general-purpose keys.
Special-usage keys are used only for digital signatures.
Special-usage keys are more secure than general-purpose keys because two sets of keys are generated.
Special-usage keys are not universally accepted because these keys use a proprietary algorithm.

Max Value = 2
Network Security 2
● 5.1.5 Step 4 – generate an RSA key pair
26 There are two possible modes for a PIX Security Appliance that is set up as an Easy VPN Remote. The two modes are client and
network extension. Which of the following statements is true if client mode is used?
The PIX Security Appliance does not use PAT to translate IPs of clients connected to the inside interface.
The PIX Security Appliance applies PAT to all clients connected to the inside interface.
The PIX Security Appliance applies reverse NAT to all clients connected to the inside interface.
The PIX Security Appliance applies outbound filtering to all clients connected to the inside interface.


Max Value = 2
Network Security 2
● 6.6.3 Easy VPN Client device mode and enabling Easy VPN Remote clients
27 What is an advantage of HIPS that is not provided by NIDS?

HIPS provides quick analyses of events through detailed logging.
HIPS deploys sensors at network entry points and protects critical network segments.
HIPS monitors network processes and protects critical files.
HIPS protects critical system resources and monitors operating system processes.

Max Value = 2
Network Security 2
● 1.1.2 Network-based versus host-based
28 How does an anomaly-based intrusion detection system detect previously unpublished attacks?
by recognizing signatures
by recognizing behavioral deviation from the security policy
by recognizing behavioral deviation from normal user activities
by recognizing behavioral deviation from device security settings


Max Value = 2
Network Security 2
● 1.2.3 Anomaly-based detection
29 The network administrator wants to decrease the size of the event buffer for SDEE. What effect will this have on events already in the
buffer?
All events will be lost.
The oldest events will be lost.
No stored events will be lost.
All events will be sent to the syslog server, then deleted.

Max Value = 2
Network Security 2
● 2.1.5 Configure logging using Syslog or SDEE
30 How many parameters are defined either explicitly or by default for each IKE policy before an IKE security association is established?
three
five
seven
nine


Max Value = 2
Network Security 2
● 4.2.2 Step 2 – Create IKE policies
31 WebVPN Content Filtering lets the administrator block or remove the parts of websites that do which three things? (Choose three.)
display images
use obscene terms
deliver cookies
scripting
contain pornography
generate popups

Max Value = 3
Network Security 2
● 6.7.6 Configure WebVPN content filters and ACLs

32
The network administrator for ABC Company is configuring an Adaptive Security Appliance to properly handle e-mail communications
for WebVPN users. The only remaining task is to define e-mail and authentication servers. Given the information in the graphic, which
commands will accomplish this task ?
ciscoasa(config-pop3s)# server 10.0.1.0
ciscoasa(config-pop3s)# authentication-server AUTHSERVER
ciscoasa(config-pop3s)# authentication type piggyback
ciscoasa(config-pop3s)# authentication-server-group AUTHSERVER
ciscoasa(config-pop3s)# authentication piggyback
ciscoasa(config-pop3s)# authentication-server AUTHSERVER
ciscoasa(config-pop3s)# authentication piggyback
ciscoasa(config-pop3s)# authentication-server-group AUTHSERVER
ciscoasa(config-pop3s)# authentication type piggyback

Max Value = 2
Network Security 2
● 6.7.5 Configure WebVPN e-mail proxy

33 The network administrator of a large corporate network needs to use IKE authentication with an easily scalable solution for generation
and distribution of public and private keys. Which method should be used?
CA server
pre-shared keys
PGP server
secured HTTP

Max Value = 2
Network Security 2
● 5.3.1 Scaling PIX Security Appliance VPNs
34 When the Cisco Easy VPN Client initiates the IKE Phase I process, there are two ways to perform authentication. Which two statements
correctly pair the authentication method with the correct IKE Phase I mode? (Choose two.)
pre-shared key authentication, initiate aggressive mode (AM)
pre-shared key authentication, initiate main mode (MM)
digital certificate authentication, initiate aggressive mode (AM)
digital certificate authentication, initiate main mode (MM)

Max Value = 2
Network Security 2
● 6.1.5 Easy VPN Remote client connection in detail

35 An administrator has entered the crypto key zeroize rsa command in global configuration mode. What effect will this command have?
It will reset the counter for the number of times the key has been used.
It will delete all RSA keys on the local and peer routers.
It will delete the RSA keys from the router.
It will reset the timeout countdown timer for RSA key negotiation.

Max Value = 2
Network Security 2
● 5.1.10 Step 9 – monitor and maintain CA interoperability
36
The router VPNGATE serves as a Cisco Easy VPN Server. The network administrator entered the following command. What is the
result of the configuration command?
VPNGATE(config)# crypto isakmp keepalive 20 10

VPNGATE sends a hello message every 10 seconds.
VPNGATE times out the IPSec tunnel after 20 seconds with no activity.
VPNGATE sends a DPD message if the remote client doesn't respond to traffic.
VPNGATE sends keepalives at random intervals to the remote client.

Max Value = 2

Network Security 2
● 6.2.10 Task 9 – enable IKE dead peer detection
37 When configuring a Cisco PIX Security Appliance as a Cisco Easy VPN Server, what are three possible uses of dynamic crypto maps?
(Choose three.)
initiate new IPSec security associations with remote peers
initiate new IPSec security associations from remote peers with the PIX Security Appliance
evaluate traffic
define interesting traffic
complete all missing configuration parameters on the remote peer
complete any missing configuration parameters necessary for IPSec traffic

Max Value = 3
Network Security 2
● 6.5.8 Task 9 – configure NAT and NAT 0
38 The Router MC requires that one of two components be in place before the installation can be accomplished. Which two components
will meet this requirement? (Choose two.)
Cisco Router Security Audit
Cisco Network Analysis Module
CiscoWorks 2000
Cisco Intrusion Detection System
CiscoWorks VMS 2.1 Common Services


Max Value = 2
Network Security 2
● 7.3.4 Router MC installation
39
A network administrator has entered the commands shown in the graphic for a router that will communicate with the Router MC server.
What is the result of this configuration?
The router will be configured to use IPSec to communicate with the MC server.
The router will be configured to use RSA pre-shared keys to communicate with the MC server.
The router will be configured to use SSH to communicate with the MC server.
The router will be configured to use SSL to communicate with the MC server.

Max Value = 2
Network Security 2
● 7.3.5 Installation process

40 Which three security features does SNMPv3 provide? (Choose three.)

message integrity
availability
authentication
encryption
accounting
compression

Max Value = 3
Network Security 2
● 7.4.3 SNMP Version 3 (SNMPv3)
41
Refer to the graphic. The network shown requires high availability as well as the need to trunk information between switches. Which two
measures can be used to mitigate CAM table vulnerability and prevent unauthorized access to the security zone? (Choose two.)
port security
CAM table locking

DHCP snooping
802.1x authentication

Max Value = 2
Network Security 2
● 7.1.5 Single security zone, multiple user groups, multiple physical switches
42 In which two situations should multiple security contexts be considered using a single Cisco PIX Security Appliance? (Choose two.)
any network that wants to deploy only one physical firewall
a large enterprise that wants to keep all departments separate
an enterprise that wants to apply a uniform security policy to all departments
a service provider that wants to sell firewall services to customers

Max Value = 2
Network Security 2
● 8.1.1 Security context overview

43 When changing a Cisco PIX Security Appliance to multiple mode, the PIX Security Appliance converts the running configuration into
which two new files? (Choose two.)
system config
user config
running config
admin config

Max Value = 2
Network Security 2
● 8.1.2 Enable multiple context mode
44 When ARP inspection is enabled on a Cisco PIX Security Appliance, which two statements are correct? (Choose two.)
If the logical address, physical address, and destination interface match an entry in the ARP table, the packet is passed through.
If there is a mismatch between the physical address and the logical address of the source interface, the PIX Security Appliance will
flood the packet through all interfaces.
If the logical address, physical address, and source interface match an entry in the ARP table, the packet is passed through.
If the ARP packet does not match any entries in the static ARP table, the PIX Security Appliance can be set to flood the packet out
all interfaces.

Max Value = 2

Network Security 2
● 8.3.2 Enable transparent firewall mode
45 Which Cisco SDM mode presents a list of possible security problems so that administrators can pick and choose which vulnerabilities
should be locked down?
Management Console
Monitor
One-Step Lockdown
Security Audit

Max Value = 2
Network Security 2
● 7.2.1 Using SDM to perform security audits
46 Which two statements are true regarding Secure Shell (SSH) for remote management of the Cisco PIX Security Appliance? (Choose
two.)
The PIX Security Appliance functions as both an SSH client and an SSH server.
Only the remote host initiating an SSH connection is required to be authenticated by the PIX Security Appliance.
The PIX Security Appliance supports SSHv2 in version 7.0 of the software.
The PIX Security Appliance uses AES or DES for symmetric key encryption.
The PIX Security Appliance allows up to five SSH clients to simultaneously access the console.

Max Value = 2

Network Security 2
● 8.4.2 Managing SSH access
47 Which two types of hardware failover are available for the Cisco PIX Security Appliance and Cisco Adaptive Security Appliance?
(Choose two.)
master/slave
active/active
primary/secondary
master/master
active/standby
primary/primary

Max Value = 2
Network Security 2
● 8.2.1 Understanding failover
48 Which two licenses can be used for active/active failover on a secondary Cisco PIX Security Appliance? (Choose two.)
failover (FO)
restricted (R)
unrestricted (UR)
failover-active/active (FO-A/A)
failover-active/standby (FO-A/S)


Max Value = 2
Network Security 2
● 8.2.2 Failover requirements
49
A network administrator enters the command shown in the graphic on an Adaptive Security Appliance. Which task is being performed?
file directory management
password recovery
IOS image upgrade
configuration file upload

Max Value = 2
Network Security 2
● 8.4.5 Adaptive Security Appliance password recovery

50
The graphic shows the display on a Cisco PIX Security Appliance after the network administrator issues the show run crypto isakmp
command. What can be determined from the information shown?
The 768-bit Diffie-Hellman group is specified in the IKE policy.
The encryption algorithm used in the IKE policy is 56-bit DES.
Each security association should last one day before expiring as specified in the IKE policy.
The ISAKMP policy uses IKE group 2 and all other groups below.

Max Value = 2
Network Security 2
● 4.5.3 Task 2 – Configure IKE parameters
Reset View
Showing 1 of 1 Prev Page: 1 Next
Close Window

All content copyright 1992-2007 Cisco Systems, Inc. Privacy Statement and Trademarks.

FinalExam-NS2 (V2 0)

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FinalExam-NS2 (V2 0)

Uploaded by

Copyright:

Available Formats

Exam Viewer - Final Exam - Network Security 2 (Version 2.

Exam Viewer - Final Exam - Network Security 2 (Version

1 What is the difference between atomic and compound IDS signatures?

Scoring Rule For: correctness of response

2 points for Option 1

This item references content from the following areas:

● 1.2.2 Types of signatures

http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (1 of 30)11/29/2007 3:33:07 PM

Scoring Rule For: correctness of response

2 points for Option 4

This item references content from the following areas:

● 1.3.1 Cisco integrated solutions

Scoring Rule For: correctness of response

2 points for Option 1

This item references content from the following areas:

● 2.3.1 Intrusion detection and the PIX Security Appliance

http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (2 of 30)11/29/2007 3:33:07 PM

Scoring Rule For: correctness of response

2 points for Option 3

This item references content from the following areas:

● 2.3.2 Configure intrusion detection

Scoring Rule For: correctness of response

2 points for Option 3

This item references content from the following areas:

● 2.2.5 SYN Flood Guard

http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (3 of 30)11/29/2007 3:33:07 PM

Scoring Rule For: correctness of response

2 points for Option 2

This item references content from the following

● 2.2.2 DNS Guard

Scoring Rule For: correctness of response

2 points for Option 3

This item references content from the following areas:

● 2.4.1 Overview of shunning

http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (4 of 30)11/29/2007 3:33:07 PM

Scoring Rule For: correctness of response

Option 1 and Option 3 are correct.

This item references content from the following areas:

● 2.2.3 FragGuard and Virtual Reassembly

Scoring Rule For: correctness of response

2 points for Option 3

This item references content from the following areas:

● 3.1.1 Symmetrical encryption

http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (5 of 30)11/29/2007 3:33:07 PM

Scoring Rule For: correctness of response

2 points for Option 2

This item references content from the following areas:

● 3.2.3 Digital signatures and certificates

Scoring Rule For: correctness of response

2 points for Option 4

http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (6 of 30)11/29/2007 3:33:08 PM

This item references content from the following

● 3.6.8 IKE and IPSec

Scoring Rule For: correctness of response

2 points for Option 2

This item references content from the following areas:

● 3.6.5 Security associations

Scoring Rule For: correctness of response

2 points for Option 4

http://ev-iip.netacad.net/virtuoso/delivery/pub-doc/exam_viewer.shtml...OFFERING_ID=knet-20EVFmdTF2AwZQJTaA&LANGUAGE=en&ASMT_ID=knet-as_13060 (7 of 30)11/29/2007 3:33:08 PM

This item references content from the following areas:

● 3.6.6 Five steps of IPSec