SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Plaintext
Access List Rules
Static NAT
L2TP Operating Layer
Telnet - HTTP - SNMP Vulnerability
2. Authentication Header (AH) and Encapsulated Security Payload (ESP)
ntp disable
Two Protocols of Tunnel Mode
Privilege Level 0
Higher IP Extended ACL Range
3. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
syslog
ACL to block incoming loopback packets
Rerouting
TCP Intercept Watch Mode
4. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. TCP Port 22
SSH Identifier
Privilege Levels 2-13
Networks
no ip redirect
6. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
SNMP Vulnerabilities
ACL to block TCP SYN Attack
IP Source Routing Vulnerabilities
Syntax for Reflexive ACLs
7. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
no service tcp-small-servers
Access List Rules
TCP/UDP Daytime Vulnerability
Tunnel Mode
8. Provides a checksum - ensuring traffic has not been modified along it's path
Dynamic NAT
no service udp-small-servers
Integrity Validation
General Format of Cisco IOS Version
9. Local and Remote
Two Types of Router Access
Devices
IP Directed Broadcast
BOOTP
10. Can discover vulnerabilities - network stats - and firewall discovery
IP Unreachable Vulnerabilities
Train Identifier 'S'
BOOTP
syslog
11. Buffer Overflow
TCP/UDP Chargen Vulnerability
CDP Vulnerabilities
Train Identifier 'B'
syslog
12. 1300-1999
Layer 2 Tunneling Protocol (L2TP)
Higher IP Standard ACL Range
ACL to block incoming loopback packets
IPSec AH Identifier
13. Technology
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. Major Version
Devices
First Part of IOS Version
Distribution Layer
BOOTP
15. 0x33 or 51
Smurf Attack
Tunneling
no ip mask-reply
IPSec AH Identifier
16. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
TCP Intercept Watch Mode
TCP SYN Attack
Train Identifier 'B'
Minimum ACLs Required for Reflexive ACLs
17. DENY IP ANY HOST <Broadcast Address>
Sixth (Optional) Part of the IOS Version
ACL to block a Smurf Attack or Fraggle Attack
Higher IP Standard ACL Range
Common uses of Access Lists
18. 33400-34400
Flags used by Established Line
Lower IP Standard ACL Range
Three Physical Security Vulnerabilities
UDP Traceroute Port Range
19. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
Cisco Discovery Protocol (CDP)
Layer 2 Tunneling Protocol (L2TP)
TCP Intercept
Session Hijacking
20. Access - Distribution - Core
HTTP Operating Layer
Rerouting
Privilege Level 0
Three Layers of Hierarchical Model
21. Layer 5
no service tcp-small-servers
Access Layer
BOOTP
L2TP Operating Layer
22. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
ACL to block IP multicast
BOOTP
IP Mask Reply Vulnerabilities
HTTP Tunneling
23. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Static NAT
ACL to block incoming loopback packets
Overloading
Dynamic NAT
24. Public IP address before translation
Two Protocols of Tunnel Mode
ACL to block a Land Attack
Outside Local Address
Encrypted Tunneling Methods
25. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
ACL to block a Land Attack
IP Source Routing
TCP/UDP Daytime Vulnerability
ntp disable
26. 2000-2699
no service udp-small-servers
General Format of Cisco IOS Version
Train Identifier 'B'
Lower IP Extended ACL Range
27. What Local and Global refer to in NAT
AUX Vulnerability
L2TP Operating Layer
Networks
echo - chargen - discard - daytime
28. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Reflexive ACL
Boot Network Vulnerabilities
Smurf Attack
Privilege Level 1
29. Uses SSL port 443
no ip bootp server
ESP Identifier
Outside
HTTPS Strength
30. Access-list <number> <deny | permit> source source-wildcard log
Standard ACL format
Third Part of the IOS Version
Outside Global Address
Unicast Reverse-Path Forwarding (uRPF)
31. 2000-2699
Higher IP Extended ACL Range
Anti-Replay
Core Layer
Masquerading
32. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Cisco Express Forwarding (CEF)
Outside Global Address
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Proxy ARP Vulnerabilities
33. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
no cdp run
Encrypting Traffic
Lower IP Standard ACL Range
Rerouting
34. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
SNMP Vulnerabilities
Boot Network
Outside
Higher IP Extended ACL Range
35. These ACLs filter by network or host IP address and only filter on source
Generic Routing Encapsulation (GRE)
Global Addresses
Standard IP ACLs
Inside
36. Mode where only the payload of the IP packet is encrypted and/or authenticated
Privilege Levels 2-13
ESP Identifier
Sixth (Optional) Part of the IOS Version
Transport Mode
37. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
IP Source Routing Vulnerabilities
TCP SYN Attack
Unicast Reverse-Path Forwarding (uRPF)
Proxy ARP
38. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Flags used by Established Line
TCP/UDP Chargen Vulnerability
Eavesdropping and Information Theft
Anti-Replay
39. Private IP address after translation
Distribution Layer
Session Hijacking
Common uses of Access Lists
Inside Global Address
40. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
login local
ACL to block a Land Attack
General Format of Cisco IOS Version
no ip redirect
41. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
IP Spoofing
ACL to block a Smurf Attack or Fraggle Attack
Denial of Service (DoS)
login local
42. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
Core Layer
Three Layers of Hierarchical Model
Local Addresses
43. Forces the user to enter both a valid username and password
IP Unreachable Vulnerabilities
Two Modes of IPSec
IP Direct Broadcast Vulnerabilties
login local
44. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Uses for ACLs
login local
no cdp run
Standard IP ACLs
45. Protects against repeating of secure sessions
Requirements for Reflexive TCP to be removed
Anti-Replay
HTTPS Strength
Session Hijacking
46. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
ACL to block telnet
User Account Vulnerabilites
Distributed Denial of Service Attacks
SSH Operating Layer
47. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
IP Spoofing
Established Line
TCP/UDP Chargen Vulnerability
Outside Local Address
48. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
TCP Intercept Watch Mode
Local Addresses
Cisco Discovery Protocol (CDP)
Global Addresses
49. Breaks LAN security perimeter extends LAN to Layer 2
Proxy ARP Vulnerabilities
Lower IP Standard ACL Range
Access Layer
Sixth (Optional) Part of the IOS Version
50. DNS Poisoning
IPSec AH Operating Layer
Encrypting Traffic
Fifth Part of the IOS Version
DNS Lookup Vulnerability
