SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Rebuild Number
Host-to-Host Communications
Sixth (Optional) Part of the IOS Version
inger Server
Inside Local Address
2. None - uses attached application protocol's port
TLS/SSL Identifier
TCP Load Distribution
ACL to block incoming loopback packets
TCP Intercept
3. Access-list <number> <deny | permit> source source-wildcard log
Anti-Replay
Standard ACL format
NTP Vulnerabilities
Uses for ACLs
4. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Encrypted Tunneling Methods
Flags used by Established Line
Internet Protocol Security (IPSec)
BOOTP Vulnerabilities
5. Protocol used to keep their time-of-day clocks accurate and in sync
IP Unreachable Vulnerabilities
SNMP Vulnerabilities
Network Time Protocol (NTP)
Uses for ACLs
6. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Access Layer
Unicast Reverse-Path Forwarding (uRPF)
ACL to block telnet
IP Direct Broadcast Vulnerabilties
7. What Local and Global refer to in NAT
ESP Identifier
SSH1
Second Part of IOS Version
Networks
8. Can stop spoofed IP addresses
UDP Traceroute Port Range
uRPF Strength
SNMP Trap
Static NAT
9. 0-99
IP Unreachable Vulnerabilities
User Account Vulnerabilites
Lower IP Standard ACL Range
GRE Identifier
10. Forces the user to enter both a valid username and password
Network Time Protocol (NTP)
GRE Identifier
login local
Unauthorized Access
11. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
HTTP Operating Layer
BOOTP
Devices
Authentication Header (AH)
12. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
no ip http server
Host-to-Host Communications
Two Modes of IPSec
Fraggle Attack
13. Local and Remote
ESP Operating Layer
Two Types of Router Access
TCP SYN Attack
Boot Network
14. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
L2TP Operating Layer
TCP Intercept Watch Mode
Minimum ACLs Required for Reflexive ACLs
Syntax for Reflexive ACLs
15. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Privilege Levels 2-13
Tunneling
Three Layers of Hierarchical Model
General Format of Cisco IOS Version
16. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Telnet - HTTP - SNMP Vulnerability
Internet Protocol Security (IPSec)
Proxy ARP
Named ACL
17. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Established Line
Standard IP ACLs
Host-to-Host Communications
Smurf Attack
18. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
ntp disable
no cdp run
Cisco Discovery Protocol (CDP)
AUX Vulnerability
19. Commands to disable Finger Server
no ip finger - no service finger
Generic Routing Encapsulation (GRE)
Inside Local Address
IPSec AH Operating Layer
20. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Denial of Service (DoS)
Layer 2 Tunneling Protocol (L2TP)
Flags used by Established Line
DNS Lookup Vulnerability
21. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Rerouting
ACL to block spoofed IPs
SNMP Trap
Route Injection Attack
22. Major Version
Sixth (Optional) Part of the IOS Version
UDP Traceroute Port Range
First Part of IOS Version
HTTPS Strength
23. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
Session Hijacking
General Format of Cisco IOS Version
TCP Load Distribution
Rerouting
24. Startup-config can be deleted - copied - changed
Unauthorized Access
Boot Network Vulnerabilities
Extended ACL format
Privilege Level 0
25. War dialing
AUX Vulnerability
IP Source Routing
Smurf Attack
Requirements for Reflexive TCP to be removed
26. UDP Port 514
Outside Global Address
Fifth Part of the IOS Version
Encrypted Tunneling Methods
syslog
27. Can copy - poison - corrupt - or delete the IOS
Local Addresses
BOOTP Vulnerabilities
HTTPS Strength
TCP/UDP Discard Vulnerability
28. What Transport Mode is used for
Host-to-Host Communications
Proxy ARP
Inside Global Address
Requirements for Reflexive TCP to be removed
29. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
IPSec AH Identifier
Boot Network
TCP Intercept
Sixth (Optional) Part of the IOS Version
30. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
SNMP
Common uses of Access Lists
Overloading
Land Attack
31. Release Number
Inside Local Address
Minimum ACLs Required for Reflexive ACLs
Standard ACL format
Third Part of the IOS Version
32. Mode where only the payload of the IP packet is encrypted and/or authenticated
First Part of IOS Version
GRE Operating Layer
Transport Mode
Higher IP Standard ACL Range
33. Public IP address after translation
Privilege Level 15
General Format of Cisco IOS Version
Outside Global Address
Access List Rules
34. PERMIT TCP ANY ANY ESTABLISHED
no ip redirect
Third Part of the IOS Version
ACL to block TCP SYN Attack
ACL to block a Land Attack
35. Refers to addresses used on the organization's private network
inger Server
Cisco Express Forwarding (CEF)
Named ACL
Local Addresses
36. TCP Port 22
Lower IP Standard ACL Range
TLS/SSL Layer
Privilege Level 0
SSH Identifier
37. Command to disable UDP small server on a router
DNS Lookup Vulnerability
uRPF Strength
SSH Operating Layer
no service udp-small-servers
38. TCP Port 80
Dynamic NAT
HTTP Identifier
Flags used by Established Line
uRPF Strength
39. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
GRE Operating Layer
Reflexive ACL
Extended IP ACLs
Encapsulation Security Payload (ESP)
40. DENY IP ANY HOST <Broadcast Address>
ACL to block a Smurf Attack or Fraggle Attack
NTP Vulnerabilities
Devices
General Format of Cisco IOS Version
41. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
Global Addresses
Unicast Reverse-Path Forwarding (uRPF)
Encrypting Traffic
Denial of Service (DoS)
42. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Access Layer
Common uses of Access Lists
Train Idenifier 'E'
Minimum ACLs Required for Reflexive ACLs
43. Can discover vulnerabilities - network stats - and firewall discovery
IP Unreachable Vulnerabilities
ACL to block a Smurf Attack or Fraggle Attack
Second Part of IOS Version
no ip mask-reply
44. 0x32 - or 50
ESP Identifier
TCP/UDP Chargen Vulnerability
Fraggle Attack
Encrypted Tunneling Methods
45. Public IP address before translation
no cdp run
ACL to block a Land Attack
ESP Operating Layer
Outside Local Address
46. Transport and Tunnel
Two Modes of IPSec
Access List Rules
Encrypting Traffic
AUX Vulnerability
47. Layer 7
HTTP Vulnerability
no cdp run
SSH Operating Layer
Authenticating Peers
48. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
UDP Traceroute Port Range
Secure Shell (SSH)
DNS Lookup Vulnerability
Inside
49. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
IP Unreachable Vulnerabilities
Two Protocols of Tunnel Mode
IP Spoofing
SSH
50. Two FIN bits or one RST bit
ESP Operating Layer
Requirements for Reflexive TCP to be removed
Proxy ARP
Two Types of Router Access
