Test your basic knowledge |

Router Security

Subject : it-skills
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Private IP address after translation






2. 1300-1999






3. Device - Hostname - IOS - IP Address - Ports - Model






4. Public IP address before translation






5. 2000-2699






6. Interim Build Number






7. Layer 5






8. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets






9. Refers to the organization's private network






10. Command to disable UDP small server on a router






11. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP






12. Command used to disable NTP on an interface






13. Uses server and host keys to authenticate systems






14. Four TCP/UDP Small Server commands recommended to disable






15. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network






16. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered






17. Startup-config can be deleted - copied - changed






18. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses






19. Command used to disable the ICMP message Address Mask Reply






20. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet






21. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations






22. Minor Version






23. DENY IP 224.0.0.0 15.255.255.255 ANY






24. 2000-2699






25. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state






26. Ip access-list <standard | extended> name - permit TCP any any established






27. TCP and UDP Port 161






28. Routing mode depended on by uRPF in order to function






29. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address






30. Layer 7






31. Breaks LAN security perimeter extends LAN to Layer 2






32. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>






33. Provides confidentiality - so it cannot be read by unauthorized parties






34. This server is used for querying a host about its logged in users






35. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet






36. Two FIN bits or one RST bit






37. 0x33 or 51






38. The host can specify which route to take - which bypasses security






39. UDP Port 514






40. Can stop spoofed IP addresses






41. Can obtain CIDR and router ID






42. TCP Port 80






43. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used






44. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment






45. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments






46. These ACLs filter by network or host IP address and only filter on source






47. DENY TCP ANY HOST <IP Address> EQ 23






48. Commands to disable Finger Server






49. 0x2F - or 47






50. DENY IP <Network ID> <Network WC Mask> ANY