SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
no ip unreachable
TCP SYN Attack
ESP Identifier
Unicast Reverse-Path Forwarding (uRPF)
2. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Dynamic NAT
User Account Vulnerabilites
TLS/SSL Layer
Second Part of IOS Version
3. DNS Poisoning
SSH2
Higher IP Standard ACL Range
Fourth Part of the IOS Version
DNS Lookup Vulnerability
4. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
BOOTP
Encrypted Tunneling Methods
Core Layer
5. What Local and Global refer to in NAT
GRE Operating Layer
echo - chargen - discard - daytime
IP Unreachable Vulnerabilities
Networks
6. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Session Hijacking
Network Time Protocol (NTP)
IP Directed Broadcast
DNS Lookup Vulnerability
7. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Tunneling
Inside
Secure Shell (SSH)
ACL to block a Smurf Attack or Fraggle Attack
8. Privilege level that has Global administration capabilities
Tunneling
Higher IP Extended ACL Range
Privilege Level 15
TCP/UDP Daytime Vulnerability
9. DENY IP 127.0.0.0 0.255.255.255 ANY
HTTP Identifier
Network Time Protocol (NTP)
TCP/UDP Discard Vulnerability
ACL to block incoming loopback packets
10. Command to disable TCP small server on a router
Three Layers of Hierarchical Model
TCP Intercept Watch Mode
Unauthorized Access
no service tcp-small-servers
11. UDP Port 1701
Eavesdropping and Information Theft
Fourth Part of the IOS Version
no service tcp-small-servers
L2TP Identifier
12. Command used to disable the ICMP message Address Mask Reply
Tunneling
no ip mask-reply
IP Direct Broadcast Vulnerabilties
SSH Identifier
13. Router to Router Denial of Service
Eavesdropping and Information Theft
HTTP Tunneling
TCP/UDP Echo Vulnerability
SSH1
14. Users - Host PC's - IP Addresses
Minimum ACLs Required for Reflexive ACLs
Lower IP Standard ACL Range
inger Server
Finger Vulnerabilities
15. Breaks LAN security perimeter extends LAN to Layer 2
Inside Global Address
Proxy ARP Vulnerabilities
no ip finger - no service finger
ACL to block incoming loopback packets
16. Refers to the organization's private network
Uses for ACLs
Inside
L2TP Operating Layer
SSH
17. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Tunneling
GRE Identifier
Sixth (Optional) Part of the IOS Version
IP Spoofing
18. Privilege level that is restricted to basic level operations
Privilege Level 1
TCP Load Distribution
TCP/UDP Daytime Vulnerability
Outside
19. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
TLS/SSL Layer
Fifth Part of the IOS Version
IP Directed Broadcast
Distribution Layer
20. Commands to disable Finger Server
Established Line
no ip finger - no service finger
no ip http server
Cisco Discovery Protocol (CDP)
21. Uses server and host keys to authenticate systems
GRE Identifier
IP Mask Reply Vulnerabilities
no ip http server
SSH1
22. Two - one Inbound or Evaluated and one Outbound or Reflected
IP Mask Reply Vulnerabilities
Third Part of the IOS Version
Two Protocols of Tunnel Mode
Minimum ACLs Required for Reflexive ACLs
23. Provides a checksum - ensuring traffic has not been modified along it's path
Privilege Level 1
L2TP Operating Layer
Core Layer
Integrity Validation
24. Public IP address after translation
Internet Protocol Security (IPSec)
Higher IP Extended ACL Range
Unicast Reverse-Path Forwarding (uRPF)
Outside Global Address
25. 2000-2699
Devices
IP Unreachable Vulnerabilities
Sixth (Optional) Part of the IOS Version
Lower IP Extended ACL Range
26. Layer 7
HTTP Operating Layer
TCP/UDP Discard Vulnerability
NTP Vulnerabilities
Reflexive ACL
27. DENY IP <Network ID> <Network WC Mask> ANY
Authentication Header (AH)
ACL to block spoofed IPs
Extended IP ACLs
First Part of IOS Version
28. Public IP address before translation
Sixth (Optional) Part of the IOS Version
Outside Local Address
Three Layers of Hierarchical Model
ACL to block incoming loopback packets
29. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
BOOTP
Host-to-Host Communications
Overloading
Syntax for Reflexive ACLs
30. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Uses for ACLs
HTTP Identifier
Masquerading
Static NAT
31. Forces the user to enter both a valid username and password
Tunneling
Inside Global Address
Host-to-Host Communications
login local
32. Command used to disable the ICMP message Host Unreachable
HTTP Tunneling
Proxy ARP Vulnerabilities
no ip unreachable
Masquerading
33. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
DNS Lookup Vulnerability
Route Injection Attack
Telnet - HTTP - SNMP Vulnerability
Authentication Header (AH)
34. Can copy - poison - corrupt - or delete the IOS
uRPF Strength
Unicast Reverse-Path Forwarding (uRPF)
Encrypting Traffic
BOOTP Vulnerabilities
35. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
TCP SYN Attack
Standard ACL format
ACL to block spoofed IPs
SSH1
36. DENY TCP ANY HOST <IP Address> EQ 23
Smurf Attack
Network Time Protocol (NTP)
ACL to block telnet
Standard ACL format
37. Layer 5
TCP SYN Attack
L2TP Operating Layer
AUX Vulnerability
ntp disable
38. None - uses attached application protocol's port
TLS/SSL Identifier
Flags used by Established Line
Overloading
no ip bootp server
39. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. Access - Distribution - Core
Masquerading
Outside Global Address
Higher IP Extended ACL Range
Three Layers of Hierarchical Model
41. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Three Layers of Hierarchical Model
no service udp-small-servers
Extended ACL format
Encrypting Traffic
42. 1300-1999
TCP SYN Attack
Telnet - HTTP - SNMP Vulnerability
Higher IP Standard ACL Range
Access List Rules
43. Two FIN bits or one RST bit
Encapsulation Security Payload (ESP)
Requirements for Reflexive TCP to be removed
Outside Global Address
ACL to block TCP SYN Attack
44. Transport and Tunnel
NTP Vulnerabilities
Two Modes of IPSec
Fourth Part of the IOS Version
Proxy ARP
45. Plaintext
SSH
Fourth Part of the IOS Version
Telnet - HTTP - SNMP Vulnerability
Dynamic NAT
46. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
Uses for ACLs
IP Source Routing
Tunnel Mode
Two Modes of IPSec
47. Mode where only the payload of the IP packet is encrypted and/or authenticated
Unauthorized Access
IP Spoofing
Session Hijacking
Transport Mode
48. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
TCP Load Distribution
Land Attack
IP Directed Broadcast
Devices
49. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Cisco Discovery Protocol (CDP)
Fraggle Attack
Encapsulation Security Payload (ESP)
NTP Vulnerabilities
50. Rebuild Number
IP Source Routing
Sixth (Optional) Part of the IOS Version
Distribution Layer
TCP/UDP Echo Vulnerability
