$1.$ Stella and George are using Public Key encryption. Stella$$s public and private keys are named S$-$Pub and S$-$Priv.$$ George$$s public and private keys are named G$-$Pub and G$-$Priv.

a$)(5$ points$)$ Assume George is sending encrypted data to Stella. Which key $($of the $4$ key names above$)$ does George use to encrypt the data?$$ Which key does Stella use to decrypt the data?

b$)(5$ points$)$ Assume Stella is adding a digital signature to her messages to George to prove her identity. Which key $($of the $4$ key names above$)$ does Stella use to encrypt the Message Authentication Code $($MAC$)$ that she sends?$$ Which key does George use to decrypt the MAC that he receives?

$2.(5$ points$)$ You are choosing between SEAL and AES for symmetric encryption to ensure confidentiality on a $10$ Gbps data session. Describe SEAL and AES. Name one advantage to choosing SEAL as compared with AES.

$3.$ Look at the Cluster of $4$ ASA Firewalls network diagram on slide $37$ of the $4$FW$-$Architectures slides $($Week $4).$ These $4$ firewalls share an Inside Virtual IP and an Outside Virtual IP address.$$ All inside hosts will use this Inside Virtual IP as their default gateway.

a$)(5$ points$)$ What is a First Hop Redundancy Protocol $($FHRP$)?$ Explain how the $4$ firewalls can share one Virtual IP using an FHRP$.$

b$)(5$ points$)$ Name one reason that a network manager might prefer to use GLBP rather than HSRP as the FHRP for this cluster.

c$)(5$ points$)$ If this cluster uses Active$/$Active redundancy, then what is the maximum number of ASA firewalls that can simultaneously be processing packet traffic for new TCP connections $(1,2,3$ or $4)?$ Explain your answer.

$4.(5$ points$)$ In the IPSEC Framework, the four Confidentiality algorithm options $($DES$,3$DES, AES or SEAL$)$ are all private$-$key $($symmetric$)$ encryption algorithms. There are no public$-$key $($asymmetric$)$ encryption algorithms $($such as RSA$)$ in this list. Why does the IPSEC Framework not allow the use of any public$-$key encryption algorithm for Confidentiality?

$5.(5$ points$)$ The IPSEC AH protocol does not encrypt the packet data. However, an RSA encryption key is often required for an AH security association $($SA$)$ to be established. What is the purpose of this RSA key, given that the SA packet data is not being encrypted?

$6.(5$ points$)$ In which IPSEC ESP mode is the original IP header sent before the ESP header is sent?$$ Possible answers: $($a$)$ Transport mode only $($b$)$ Tunnel mode only $($c$)$ both Transport mode and Tunnel mode.

$7.(5$ points$)$ What is an Identity NAT rule? Explain why you often need to configure an Identity NAT rule when you set up an IPSEC VPN on a Cisco ASA firewall that is using NAT.