SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
TCP Load Distribution
Proxy ARP Vulnerabilities
Encrypted Tunneling Methods
ACL to block a Land Attack
2. TCP Port 80
Fraggle Attack
HTTP Identifier
Unicast Reverse-Path Forwarding (uRPF)
Land Attack
3. Ip access-list <standard | extended> name - permit TCP any any established
Established Line
L2TP Identifier
Reflexive ACL
Named ACL Format
4. Mode where only the payload of the IP packet is encrypted and/or authenticated
Minimum ACLs Required for Reflexive ACLs
Transport Mode
UDP Traceroute Port Range
Named ACL
5. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Eavesdropping and Information Theft
SNMP Vulnerabilities
Tunnel Mode
Integrity Validation
6. Privilege level that is restricted to basic level operations
L2TP Identifier
User Account Vulnerabilites
Privilege Level 1
Global Addresses
7. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Named ACL
no cdp run
HTTP Identifier
Land Attack
8. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Rerouting
Encrypted Tunneling Methods
Network Address Translation (NAT)
TCP Intercept
9. Command used to disable the ICMP message Host Unreachable
Named ACL Format
ACL to block spoofed IPs
Extended ACL format
no ip unreachable
10. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Proxy ARP
BOOTP
L2TP Operating Layer
Boot Network
11. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
SSH Identifier
Distributed Denial of Service Attacks
TCP Intercept Watch Mode
ACL to block spoofed IPs
12. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
TCP Intercept
Network Address Translation (NAT)
ACL to block spoofed IPs
Proxy ARP Vulnerabilities
13. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Flags used by Established Line
Third Part of the IOS Version
TCP/UDP Daytime Vulnerability
Masquerading
14. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
ACL to block telnet
Uses for ACLs
Eavesdropping and Information Theft
Outside
15. Uses SSL port 443
Common uses of Access Lists
HTTPS Strength
IP Source Routing
Dynamic NAT
16. UDP Port 1701
User Account Vulnerabilites
L2TP Identifier
IP Direct Broadcast Vulnerabilties
Unicast Reverse-Path Forwarding (uRPF)
17. Transport and Tunnel
Unauthorized Access
Two Modes of IPSec
TLS/SSL Layer
login local
18. Traffic is passed in plaintext
Tunnel Mode
Two Protocols of Tunnel Mode
HTTP Vulnerability
Higher IP Extended ACL Range
19. 0x32 - or 50
ESP Identifier
General Format of Cisco IOS Version
Reflexive ACL
Proxy ARP Vulnerabilities
20. Router to Router Denial of Service
TCP/UDP Echo Vulnerability
SSH2
Established Line
Fraggle Attack
21. 0x33 or 51
IPSec AH Identifier
Extended IP ACLs
Route Injection Attack
Dynamic NAT
22. Can copy - poison - corrupt - or delete the IOS
IPSec AH Operating Layer
ACL to block incoming loopback packets
BOOTP Vulnerabilities
ACL to block a Land Attack
23. Can discover vulnerabilities - network stats - and firewall discovery
Common uses of Access Lists
TCP/UDP Echo Vulnerability
Extended ACL format
IP Unreachable Vulnerabilities
24. Breaks LAN security perimeter extends LAN to Layer 2
inger Server
Proxy ARP Vulnerabilities
IP Spoofing
Smurf Attack
25. 33400-34400
Sixth (Optional) Part of the IOS Version
TCP SYN Attack
UDP Traceroute Port Range
AUX Vulnerability
26. Public IP address before translation
Transport Mode
Outside Local Address
Boot Network Vulnerabilities
no ip bootp server
27. Interim Build Number
GRE Operating Layer
Named ACL
Tunneling
Fourth Part of the IOS Version
28. DNS Poisoning
DNS Lookup Vulnerability
BOOTP
no ip mask-reply
Inside Local Address
29. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Unicast Reverse-Path Forwarding (uRPF)
Two Protocols of Tunnel Mode
Overloading
User Account Vulnerabilites
30. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
UDP Traceroute Port Range
Telnet - HTTP - SNMP Vulnerability
Tunneling
Inside
31. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
Inside Global Address
Distribution Layer
ACL to block incoming loopback packets
32. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Distribution Layer
uRPF Strength
Train Identifier 'S'
Lower IP Extended ACL Range
33. 2000-2699
IP Source Routing Vulnerabilities
Network Address Translation (NAT)
Lower IP Extended ACL Range
Secure Shell (SSH)
34. Device - Hostname - IOS - IP Address - Ports - Model
CDP Vulnerabilities
no ip finger - no service finger
no ip unreachable
TCP Load Distribution
35. Local and Remote
Session Hijacking
IP Source Routing Vulnerabilities
Minimum ACLs Required for Reflexive ACLs
Two Types of Router Access
36. Time can be changed - Routing Table can be killed
NTP Vulnerabilities
Two Modes of IPSec
Overloading
ACL to block incoming loopback packets
37. Command used to disable NTP on an interface
Route Injection Attack
Core Layer
Network-to-Network Communications
ntp disable
38. Provides confidentiality - so it cannot be read by unauthorized parties
Anti-Replay
Encrypting Traffic
L2TP Identifier
TCP Intercept Watch Mode
39. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Inside
no ip finger - no service finger
Generic Routing Encapsulation (GRE)
Devices
40. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Encrypting Traffic
ACL to block telnet
SNMP
Secure Shell (SSH)
41. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
Named ACL Format
ESP Identifier
SSH
HTTP Tunneling
42. 2000-2699
First Part of IOS Version
UDP Traceroute Port Range
Higher IP Extended ACL Range
Sixth (Optional) Part of the IOS Version
43. Uses server and host keys to authenticate systems
Telnet - HTTP - SNMP Vulnerability
IP Unreachable Vulnerabilities
SSH1
IP Mask Reply Vulnerabilities
44. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
IP Spoofing
Extended IP ACLs
IP Mask Reply Vulnerabilities
Route Injection Attack
45. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Land Attack
Two Modes of IPSec
IPSec AH Identifier
Lower IP Standard ACL Range
46. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Fraggle Attack
IP Source Routing Vulnerabilities
Three Physical Security Vulnerabilities
TCP/UDP Daytime Vulnerability
47. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
L2TP Operating Layer
Session Hijacking
GRE Operating Layer
NTP Vulnerabilities
48. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
AUX Vulnerability
SSH Operating Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
L2TP Operating Layer
49. Layer 7
Access List Rules
SNMP Trap
HTTP Operating Layer
Two Modes of IPSec
50. PERMIT TCP ANY ANY ESTABLISHED
SNMP Trap
ACL to block TCP SYN Attack
no ip mask-reply
Distribution Layer
