1. |
Which of the following are not security threats to an IP telephony system? (Choose two.)
- Loss of privacy
- Impersonation
- Integrity
- Loss of integrity
- Loss of control
- DoS
|
2. |
Which of the following represent correct mappings of applicationprotocolsecurity features? (Choose two.)
- Secure signalingSRTPdevice authentication, integrity
- Secure signalingTLSdevice authentication, integrity, privacy
- Secure mediaSRTPprivacy, confidentiality, security
- Secure mediaTLSprivacy, confidentiality, security
- Secure mediaTLSprivacy, integrity
- Secure mediaSRTPprivacy, integrity
|
3. |
Which two statements about trusted introducing are incorrect?
- The trusted introducer has to be trusted by all other members of the system.
- The trusted introducer has to trust all other members of the system.
- The trusted introducer guarantees the authenticity of entities it is introducing to others.
- Only the trusted introducer has to trust the root of the system.
- The trusted introducer is the root of a system.
- Any entity of the system can guarantee the authenticity of any other member.
|
|
|
4. |
Which two statements about PKI topologies in Cisco IP telephony are true?
- MICs are self-signed by the IP phone.
- Cisco IP Phone 7940, 7960, and 7970 models can have MICs and LSCs.
- The CAPF has a self-signed certificate.
- Only Cisco IP Phone 7940, 7960, and 7970 (and subsequent) models can have LSCs.
- The CTL is signed by the Cisco manufacturing CA.
- MICs are signed by CAPF.
|
5. |
Which are the two valid options to secure enrollment in a PKI?
- Perform the enrollment from a trusted device only.
- Perform the enrollment in both directions.
- Perform the enrollment over a trusted network.
- Use self-signed certificates on all devices.
- Do not send the private key in the enrollment.
- Perform mutual out-of-band authentication between the PKI user and CA.
|
6. |
Which statement about enrollment in the IP telephony PKI is true?
- MICs are issued by CAPF itself or by an external CA.
- LSCs are issued by the Cisco CTL client or by CAPF.
- CAPF enrollment supports the use of authentication strings.
- CAPF itself has to enroll with the Cisco CTL client.
- Enrollment of IP phones occurs automatically if the cluster is in secure-only mode.
- LSCs can be issued by an external CA when using the CTL client as a proxy.
|
7. |
Which of the following entities uses a smart token for key storage?
- CTL
- CTL client
- CAPF in proxy mode
- CAPF in CA mode
- Cisco IP Phone 7940 and 7960
- Cisco IP Phone 7970
|
|
|
8. |
What are the authentication features of TLS in Cisco IP telephony?
- Two-way device authentication
- Two-way device authentication and signed media messages
- One-way device authentication and signed signaling message
- Two-way device authentication and signed signaling messages
- One-way device authentication and signed media messages
- Signed signaling messages
|
9. |
During an encrypted call between two IP phones, which two of the following does not happen?
- Mutual certificate exchange between Cisco CallManager and each IP phone
- Mutual certificate exchange between the IP phones
- SRTP packet authentication and encryption
- Encrypted transmission of SRTP session keys between the IP phones
- TLS packet authentication and encryption
- Encrypted transmission of TLS session keys between Cisco CallManager and the IP phones
|
10. |
Which is the most accurate list of tasks required to configure a Cisco CallManager cluster for security?
- Enable services, set cluster to mixed mode, create a signed CTL, and deploy certificates to the IP phones.
- Enable services, set cluster to secure-only mode, create a signed CTL, and deploy certificates to the IP phones.
- Enable extended services, set cluster to authenticated or encrypted mode, create a signed CTL, and deploy certificates to the IP phones.
- Disable extended services, set cluster to mixed mode, create a signed CTL, and deploy certificates to the IP phones.
- Enable services, set cluster to mixed mode, create a signed CTL, deploy certificates to the IP phones, and set the device security mode.
- Run the auto-secure feature.
|