SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Access List Rules
Integrity Validation
Extended ACL format
Three Physical Security Vulnerabilities
2. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Third Part of the IOS Version
Inside Global Address
Route Injection Attack
SNMP
3. TCP Port 22
Train Identifier 'B'
Rerouting
Fourth Part of the IOS Version
SSH Identifier
4. Can obtain CIDR and router ID
Dynamic NAT
Secure Shell (SSH)
UDP Traceroute Port Range
IP Mask Reply Vulnerabilities
5. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Three Layers of Hierarchical Model
Uses for ACLs
ACL to block incoming loopback packets
Higher IP Standard ACL Range
6. War dialing
AUX Vulnerability
Encapsulation Security Payload (ESP)
Higher IP Standard ACL Range
Unauthorized Access
7. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Established Line
Overloading
SNMP
Unicast Reverse-Path Forwarding (uRPF)
8. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Boot Network
Core Layer
no ip mask-reply
Local Addresses
9. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Static NAT
Host-to-Host Communications
Sixth (Optional) Part of the IOS Version
TCP Intercept Watch Mode
10. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
no service udp-small-servers
Generic Routing Encapsulation (GRE)
Masquerading
TCP/UDP Chargen Vulnerability
11. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
SNMP Vulnerabilities
Outside Local Address
Unauthorized Access
ACL to block incoming loopback packets
12. The environment - catastrophic events an unauthorized access
Inside
Privilege Level 15
TCP/UDP Discard Vulnerability
Three Physical Security Vulnerabilities
13. Privilege level that is restricted to basic level operations
BOOTP Vulnerabilities
Privilege Level 1
IPSec AH Operating Layer
Cisco Express Forwarding (CEF)
14. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Three Layers of Hierarchical Model
SNMP Vulnerabilities
HTTP Tunneling
General Format of Cisco IOS Version
15. Mode where only the payload of the IP packet is encrypted and/or authenticated
Common uses of Access Lists
Cisco Discovery Protocol (CDP)
Transport Mode
Access Layer
16. Refers to the organization's private network
SSH Operating Layer
General Format of Cisco IOS Version
Sixth (Optional) Part of the IOS Version
Inside
17. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Session Hijacking
Standard ACL format
Encrypting Traffic
BOOTP
18. ACK and RST
Fourth Part of the IOS Version
Outside Local Address
Flags used by Established Line
syslog
19. The host can specify which route to take - which bypasses security
IP Source Routing Vulnerabilities
Standard ACL format
IP Unreachable Vulnerabilities
ntp disable
20. Command to disable CDP on a router
BOOTP Vulnerabilities
no ip http server
no cdp run
Telnet - HTTP - SNMP Vulnerability
21. Major Version
TCP/UDP Discard Vulnerability
First Part of IOS Version
ACL to block IP multicast
Lower IP Extended ACL Range
22. This server is used for querying a host about its logged in users
Named ACL Format
inger Server
Encrypting Traffic
IP Directed Broadcast
23. Layer 5
Minimum ACLs Required for Reflexive ACLs
no ip bootp server
L2TP Operating Layer
Boot Network
24. Service Provider
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
25. Command to disable UDP small server on a router
HTTP Identifier
Privilege Level 0
TCP SYN Attack
no service udp-small-servers
26. Uses server and host keys to authenticate systems
Host-to-Host Communications
Tunnel Mode
SSH1
Session Hijacking
27. These ACLs filter by network or host IP address and only filter on source
IPSec AH Operating Layer
Devices
Standard IP ACLs
TCP/UDP Chargen Vulnerability
28. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
IPSec AH Operating Layer
ACL to block a Land Attack
TCP/UDP Daytime Vulnerability
Distributed Denial of Service Attacks
29. Uses only host keys to authenticate systems
Requirements for Reflexive TCP to be removed
UDP Traceroute Port Range
HTTPS Strength
SSH2
30. Smurf attacks - can enumerate the network
IP Direct Broadcast Vulnerabilties
Reflexive ACL
Route Injection Attack
Authenticating Peers
31. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Overloading
Encrypted Tunneling Methods
no service tcp-small-servers
Proxy ARP
32. Startup-config can be deleted - copied - changed
no ip redirect
Cisco Express Forwarding (CEF)
L2TP Identifier
Boot Network Vulnerabilities
33. 33400-34400
TLS/SSL Identifier
Dynamic NAT
Inside Local Address
UDP Traceroute Port Range
34. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Network-to-Network Communications
Generic Routing Encapsulation (GRE)
Tunneling
Layer 2 Tunneling Protocol (L2TP)
35. Protects against repeating of secure sessions
Anti-Replay
no ip bootp server
Secure Shell (SSH)
Distributed Denial of Service Attacks
36. 2000-2699
Higher IP Extended ACL Range
echo - chargen - discard - daytime
Flags used by Established Line
inger Server
37. Plaintext
Host-to-Host Communications
Three Layers of Hierarchical Model
Telnet - HTTP - SNMP Vulnerability
Eavesdropping and Information Theft
38. Interim Build Number
Devices
Fourth Part of the IOS Version
Train Idenifier 'E'
Outside
39. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Train Idenifier 'E'
L2TP Identifier
no cdp run
Syntax for Reflexive ACLs
40. Release Number
BOOTP
Layer 2 Tunneling Protocol (L2TP)
Third Part of the IOS Version
Boot Network
41. Layer 3
GRE Operating Layer
Core Layer
Land Attack
Fourth Part of the IOS Version
42. Layer 7
Extended IP ACLs
HTTP Operating Layer
Denial of Service (DoS)
Privilege Level 0
43. Private IP address after translation
Inside Global Address
Generic Routing Encapsulation (GRE)
Session Hijacking
Distribution Layer
44. Command used to disable NTP on an interface
Requirements for Reflexive TCP to be removed
Network Address Translation (NAT)
ntp disable
Second Part of IOS Version
45. Technology
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
46. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
BOOTP Vulnerabilities
ACL to block TCP SYN Attack
Transport Mode
Access Layer
48. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Privilege Level 15
Internet Protocol Security (IPSec)
BOOTP Vulnerabilities
IP Mask Reply Vulnerabilities
49. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Privilege Levels 2-13
Inside Local Address
Third Part of the IOS Version
Extended IP ACLs
50. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
HTTP Tunneling
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Reflexive ACL
TCP SYN Attack