SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 3
Uses for ACLs
Transport Mode
HTTP Identifier
GRE Operating Layer
2. Access - Distribution - Core
Three Layers of Hierarchical Model
Static NAT
Anti-Replay
Boot Network
3. Provides a checksum - ensuring traffic has not been modified along it's path
TCP Intercept Watch Mode
Integrity Validation
Cisco Express Forwarding (CEF)
ESP Identifier
4. Layer 7
ACL to block TCP SYN Attack
Privilege Level 1
HTTP Operating Layer
Fourth Part of the IOS Version
5. Router to Router Denial of Service
Tunneling
NTP Vulnerabilities
TCP/UDP Echo Vulnerability
Boot Network Vulnerabilities
6. The host can specify which route to take - which bypasses security
ACL to block TCP SYN Attack
no ip redirect
Local Addresses
IP Source Routing Vulnerabilities
7. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Secure Shell (SSH)
Distribution Layer
Encapsulation Security Payload (ESP)
Lower IP Standard ACL Range
8. Layer 5
L2TP Operating Layer
Standard ACL format
SSH2
ACL to block a Smurf Attack or Fraggle Attack
9. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Inside Local Address
General Format of Cisco IOS Version
Unauthorized Access
Train Idenifier 'E'
10. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Train Idenifier 'E'
Encrypting Traffic
SSH2
Layer 2 Tunneling Protocol (L2TP)
11. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
Proxy ARP Vulnerabilities
TCP SYN Attack
ESP Identifier
12. Mode where only the payload of the IP packet is encrypted and/or authenticated
Train Identifier 'B'
Three Physical Security Vulnerabilities
Transport Mode
Privilege Level 15
13. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Inside
Access Layer
Named ACL
Eavesdropping and Information Theft
14. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
no service tcp-small-servers
Tunneling
Train Idenifier 'E'
Higher IP Extended ACL Range
15. Users - Host PC's - IP Addresses
IPSec AH Identifier
Overloading
Finger Vulnerabilities
Network Time Protocol (NTP)
16. Breaks LAN security perimeter extends LAN to Layer 2
CDP Vulnerabilities
Encrypted Tunneling Methods
Tunnel Mode
Proxy ARP Vulnerabilities
17. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Extended IP ACLs
Rerouting
Devices
IP Directed Broadcast
18. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
TCP Load Distribution
Cisco Express Forwarding (CEF)
Distributed Denial of Service Attacks
GRE Operating Layer
19. Startup-config can be deleted - copied - changed
Second Part of IOS Version
Boot Network Vulnerabilities
Established Line
Global Addresses
20. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
Outside
TCP Intercept
TCP/UDP Discard Vulnerability
TCP Load Distribution
21. 2000-2699
echo - chargen - discard - daytime
L2TP Operating Layer
Two Modes of IPSec
Lower IP Extended ACL Range
22. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
SNMP Trap
Generic Routing Encapsulation (GRE)
TCP Intercept
23. Two - one Inbound or Evaluated and one Outbound or Reflected
GRE Identifier
ACL to block a Smurf Attack or Fraggle Attack
Network-to-Network Communications
Minimum ACLs Required for Reflexive ACLs
24. Uses only host keys to authenticate systems
SSH2
Core Layer
Privilege Level 15
TCP/UDP Discard Vulnerability
25. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
IP Directed Broadcast
Three Physical Security Vulnerabilities
Distribution Layer
Access Layer
26. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
Reflexive ACL
First Part of IOS Version
Third Part of the IOS Version
27. DENY IP 127.0.0.0 0.255.255.255 ANY
syslog
Encapsulation Security Payload (ESP)
ACL to block incoming loopback packets
Encrypted Tunneling Methods
28. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Extended IP ACLs
Telnet - HTTP - SNMP Vulnerability
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
SSH
29. Router threat where access by an entity or individual other than authorized users
Fifth Part of the IOS Version
Third Part of the IOS Version
no cdp run
Unauthorized Access
30. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. Provides nonrepudiation - ensuring that traffic is from a trusted party
TCP Intercept Watch Mode
ESP Operating Layer
Authenticating Peers
Network Address Translation (NAT)
32. ACK and RST
Flags used by Established Line
echo - chargen - discard - daytime
Privilege Levels 2-13
SSH2
33. Release Train Identifier
Fifth Part of the IOS Version
Extended IP ACLs
Cisco Express Forwarding (CEF)
Session Hijacking
34. Refers to addresses used on the organization's private network
Three Layers of Hierarchical Model
Local Addresses
ESP Operating Layer
Higher IP Standard ACL Range
35. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Network-to-Network Communications
Overloading
Established Line
Common uses of Access Lists
36. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Unicast Reverse-Path Forwarding (uRPF)
Higher IP Extended ACL Range
Higher IP Standard ACL Range
Boot Network
37. Interim Build Number
BOOTP Vulnerabilities
Fourth Part of the IOS Version
Overloading
SNMP Trap
38. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Outside
Authenticating Peers
AUX Vulnerability
Extended IP ACLs
39. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Privilege Levels 2-13
ACL to block IP multicast
Internet Protocol Security (IPSec)
CDP Vulnerabilities
41. TCP Port 22
TCP SYN Attack
NTP Vulnerabilities
Named ACL Format
SSH Identifier
42. UDP Port 1701
Session Hijacking
L2TP Identifier
IP Mask Reply Vulnerabilities
Tunneling
43. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
ACL to block spoofed IPs
no ip redirect
Dynamic NAT
Access Layer
44. Rebuild Number
no ip finger - no service finger
ACL to block telnet
Sixth (Optional) Part of the IOS Version
Boot Network
45. Access-list <number> <deny | permit> source source-wildcard log
Standard ACL format
IP Mask Reply Vulnerabilities
Privilege Level 1
Train Identifier 'S'
46. Geolocational positioning
Higher IP Standard ACL Range
Eavesdropping and Information Theft
TCP/UDP Daytime Vulnerability
Reflexive ACL
47. Can stop spoofed IP addresses
IP Spoofing
CDP Vulnerabilities
uRPF Strength
IP Unreachable Vulnerabilities
48. Device - Hostname - IOS - IP Address - Ports - Model
CDP Vulnerabilities
Two Protocols of Tunnel Mode
Transport Mode
TCP/UDP Chargen Vulnerability
49. Two FIN bits or one RST bit
SNMP Vulnerabilities
Local Addresses
no ip mask-reply
Requirements for Reflexive TCP to be removed
50. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Access Layer
Named ACL
Transport Mode
Train Identifier 'T'
