SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Access-list <number> <deny | permit> source source-wildcard log
IP Source Routing Vulnerabilities
Lower IP Standard ACL Range
Distributed Denial of Service Attacks
Standard ACL format
2. Protects against repeating of secure sessions
Unauthorized Access
Named ACL
Anti-Replay
Authenticating Peers
3. Local IP address before translation
SSH2
Encrypting Traffic
Inside Local Address
UDP Traceroute Port Range
4. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Authentication Header (AH)
Internet Protocol Security (IPSec)
Proxy ARP
NTP Vulnerabilities
5. Traffic is passed in plaintext
Network Address Translation (NAT)
Outside Global Address
GRE Identifier
HTTP Vulnerability
6. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Land Attack
Requirements for Reflexive TCP to be removed
Encapsulation Security Payload (ESP)
ACL to block a Smurf Attack or Fraggle Attack
7. Can stop spoofed IP addresses
Network Address Translation (NAT)
Rerouting
no ip finger - no service finger
uRPF Strength
8. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Network Address Translation (NAT)
Eavesdropping and Information Theft
Higher IP Standard ACL Range
Established Line
9. Refers to the addresses on the public internet
Inside Local Address
Boot Network
Outside
Lower IP Extended ACL Range
10. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Inside
Local Addresses
BOOTP
Internet Protocol Security (IPSec)
11. 1300-1999
Privilege Level 0
Outside Global Address
Three Layers of Hierarchical Model
Higher IP Standard ACL Range
12. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Core Layer
ACL to block incoming loopback packets
Fraggle Attack
Distribution Layer
13. DNS Poisoning
General Format of Cisco IOS Version
DNS Lookup Vulnerability
Anti-Replay
Standard IP ACLs
14. Command to disable UDP small server on a router
no service udp-small-servers
Network Time Protocol (NTP)
Rerouting
ACL to block IP multicast
15. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
Access List Rules
Requirements for Reflexive TCP to be removed
User Account Vulnerabilites
Lower IP Extended ACL Range
16. None - uses attach application protocol's layer
ESP Identifier
Cisco Express Forwarding (CEF)
TLS/SSL Layer
Higher IP Standard ACL Range
17. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
IP Spoofing
TCP/UDP Echo Vulnerability
Denial of Service (DoS)
Inside Global Address
18. Layer 3
Tunneling
Proxy ARP
IPSec AH Operating Layer
Dynamic NAT
19. Privilege level that is restricted to basic level operations
Privilege Level 1
Two Types of Router Access
Network-to-Network Communications
no ip http server
20. Layer 3
Finger Vulnerabilities
L2TP Operating Layer
ESP Operating Layer
Static NAT
21. TCP Port 80
SSH1
Internet Protocol Security (IPSec)
HTTP Identifier
no ip finger - no service finger
22. UDP Port 1701
Masquerading
ACL to block incoming loopback packets
Inside Global Address
L2TP Identifier
23. Protocol used to keep their time-of-day clocks accurate and in sync
Fourth Part of the IOS Version
Network Time Protocol (NTP)
Anti-Replay
no ip redirect
24. Provides confidentiality - so it cannot be read by unauthorized parties
Two Modes of IPSec
Encrypting Traffic
Standard IP ACLs
TLS/SSL Identifier
25. Two FIN bits or one RST bit
no ip unreachable
HTTP Vulnerability
Flags used by Established Line
Requirements for Reflexive TCP to be removed
26. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Higher IP Extended ACL Range
ACL to block TCP SYN Attack
Global Addresses
Boot Network
27. DENY IP 224.0.0.0 15.255.255.255 ANY
Standard ACL format
ACL to block IP multicast
Minimum ACLs Required for Reflexive ACLs
Extended ACL format
28. What Local and Global refer to in NAT
SNMP Vulnerabilities
Fraggle Attack
Networks
L2TP Identifier
29. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Boot Network
Fifth Part of the IOS Version
Syntax for Reflexive ACLs
syslog
30. Two - one Inbound or Evaluated and one Outbound or Reflected
Extended ACL format
ACL to block IP multicast
BOOTP
Minimum ACLs Required for Reflexive ACLs
31. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Transport Mode
ESP Operating Layer
Masquerading
Access List Rules
32. Broadcast
33. Layer 5
Eavesdropping and Information Theft
Internet Protocol Security (IPSec)
L2TP Operating Layer
Requirements for Reflexive TCP to be removed
34. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Cisco Discovery Protocol (CDP)
Rerouting
Proxy ARP Vulnerabilities
Third Part of the IOS Version
35. Release Number
Internet Protocol Security (IPSec)
DNS Lookup Vulnerability
echo - chargen - discard - daytime
Third Part of the IOS Version
36. Command used to disable HTTP Server
Established Line
Authentication Header (AH)
Higher IP Extended ACL Range
no ip http server
37. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Syntax for Reflexive ACLs
Static NAT
Named ACL
Common uses of Access Lists
38. 0x33 or 51
IPSec AH Operating Layer
IPSec AH Identifier
Higher IP Extended ACL Range
ACL to block spoofed IPs
39. This server is used for querying a host about its logged in users
Two Modes of IPSec
Distributed Denial of Service Attacks
HTTP Vulnerability
inger Server
40. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
SNMP Vulnerabilities
login local
no ip unreachable
Session Hijacking
41. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
HTTP Tunneling
User Account Vulnerabilites
Unauthorized Access
Fraggle Attack
42. Provides nonrepudiation - ensuring that traffic is from a trusted party
Train Identifier 'S'
Denial of Service (DoS)
Authenticating Peers
UDP Traceroute Port Range
43. 0-99
Tunnel Mode
Lower IP Standard ACL Range
TCP Intercept
Anti-Replay
44. PERMIT TCP ANY ANY ESTABLISHED
no cdp run
L2TP Identifier
ACL to block TCP SYN Attack
Inside Global Address
45. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Inside Global Address
Generic Routing Encapsulation (GRE)
ACL to block IP multicast
Core Layer
46. What Inside and Outside refer to in NAT
Minimum ACLs Required for Reflexive ACLs
Devices
Privilege Level 0
GRE Operating Layer
47. Router threat where access by an entity or individual other than authorized users
Unauthorized Access
Devices
Train Identifier 'B'
Route Injection Attack
48. Command to disable TCP small server on a router
ESP Identifier
Session Hijacking
ACL to block IP multicast
no service tcp-small-servers
49. Interim Build Number
Access Layer
Lower IP Extended ACL Range
Fourth Part of the IOS Version
IP Unreachable Vulnerabilities
50. Breaks LAN security perimeter extends LAN to Layer 2
no cdp run
Network Address Translation (NAT)
Two Types of Router Access
Proxy ARP Vulnerabilities
