Cisco Certified Internetwork Expert (CCIE) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Get ready for the CCIE exam with our powerful quiz. Study with interactive questions and detailed explanations to excel in your certification journey. Boost your confidence and expertise in networking!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which two statements about SCEP are true? (Choose two)

  1. The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm

  2. CA servers must support GetCACaps response messages in order to implement extended functionality

  3. The GetCert exchange is signed and encrypted only in the response direction

  4. It is vulnerable to downgrade attacks on its cryptographic capabilities

The correct answer is: CA servers must support GetCACaps response messages in order to implement extended functionality

The statement regarding CA servers needing to support GetCACaps response messages to implement extended functionality is correct. This is because the GetCACaps message allows the Client to inquire about the capabilities of the Certification Authority (CA) it is interfacing with. These capabilities could include supported encryption standards, hashing algorithms, or other functionalities that can enhance security or management of certificates. If a CA does not support this message, it limits its ability to provide important information, thereby restricting extended functionality that could improve operations and security in certificate management. The other statements, while they may have some technical relevance, do not correctly capture the foundational aspects of how SCEP (Simple Certificate Enrollment Protocol) operates concerning extended capabilities and functionality. For example, the technical specifics in the first option about encryption and hashing algorithms are not universally applicable to all CA implementations, as they may vary between configurations and security policies. The statement regarding the GetCert exchange being signed and encrypted only in the response direction addresses a possible operational detail, but it does not highlight a critical functionality aspect like the necessity of supporting GetCACaps for extended capabilities. Lastly, while vulnerabilities such as downgrade attacks exist in various protocols, they do not pertain specifically to the essential operations and capabilities being addressed in the main context of S

More Questions Like This