SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Two - one Inbound or Evaluated and one Outbound or Reflected
ntp disable
Minimum ACLs Required for Reflexive ACLs
no ip mask-reply
TCP Intercept
2. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Core Layer
Syntax for Reflexive ACLs
Train Identifier 'T'
no cdp run
3. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Rerouting
no ip bootp server
IP Spoofing
Outside Local Address
4. DNS Poisoning
TCP Load Distribution
TLS/SSL Identifier
DNS Lookup Vulnerability
SSH1
5. Privilege level that has Global administration capabilities
BOOTP Vulnerabilities
L2TP Identifier
no ip bootp server
Privilege Level 15
6. 0-99
Lower IP Standard ACL Range
ACL to block spoofed IPs
SSH Operating Layer
TCP/UDP Chargen Vulnerability
7. Command used to disable NTP on an interface
IP Mask Reply Vulnerabilities
SSH2
ntp disable
no service udp-small-servers
8. Refers to addresses used on the organization's private network
SSH Operating Layer
Uses for ACLs
IP Unreachable Vulnerabilities
Local Addresses
9. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Masquerading
no cdp run
Global Addresses
Minimum ACLs Required for Reflexive ACLs
10. Command to disable UDP small server on a router
Train Identifier 'S'
User Account Vulnerabilites
Three Layers of Hierarchical Model
no service udp-small-servers
11. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Minimum ACLs Required for Reflexive ACLs
Sixth (Optional) Part of the IOS Version
TLS/SSL Layer
Established Line
12. Command used to disable HTTP Server
Uses for ACLs
Encrypted Tunneling Methods
no ip http server
NTP Vulnerabilities
13. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Access List Rules
Fifth Part of the IOS Version
Devices
14. TCP and UDP Port 162
SNMP Trap
Third Part of the IOS Version
Encrypted Tunneling Methods
ACL to block a Smurf Attack or Fraggle Attack
15. Release Train Identifier
Fifth Part of the IOS Version
Requirements for Reflexive TCP to be removed
ACL to block a Land Attack
Transport Mode
16. 0x33 or 51
Reflexive ACL
Train Identifier 'S'
IPSec AH Identifier
IPSec AH Operating Layer
17. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
Access Layer
no service tcp-small-servers
Anti-Replay
18. Layer 3
AUX Vulnerability
GRE Operating Layer
Transport Mode
Host-to-Host Communications
19. Router to Router Denial of Service
Higher IP Standard ACL Range
Extended ACL format
TCP/UDP Echo Vulnerability
Generic Routing Encapsulation (GRE)
20. The host can specify which route to take - which bypasses security
IP Source Routing Vulnerabilities
L2TP Operating Layer
GRE Operating Layer
First Part of IOS Version
21. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Overloading
IP Unreachable Vulnerabilities
SSH Identifier
ntp disable
22. Can stop spoofed IP addresses
SSH
Anti-Replay
Privilege Level 1
uRPF Strength
23. Public IP address after translation
Static NAT
Outside Global Address
Internet Protocol Security (IPSec)
Distributed Denial of Service Attacks
24. DENY IP ANY HOST <Broadcast Address>
Higher IP Extended ACL Range
ACL to block a Smurf Attack or Fraggle Attack
Route Injection Attack
SSH2
25. Two FIN bits or one RST bit
Outside
ACL to block spoofed IPs
General Format of Cisco IOS Version
Requirements for Reflexive TCP to be removed
26. Uses server and host keys to authenticate systems
Flags used by Established Line
SSH1
TCP Intercept
SNMP Trap
27. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
BOOTP
Higher IP Extended ACL Range
Network-to-Network Communications
Tunnel Mode
28. What Tunnel Mode is used for
Encrypting Traffic
BOOTP Vulnerabilities
Network-to-Network Communications
Three Physical Security Vulnerabilities
29. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Higher IP Standard ACL Range
Unicast Reverse-Path Forwarding (uRPF)
Route Injection Attack
Network Address Translation (NAT)
30. Access-list <number> <deny | permit> source source-wildcard log
Privilege Level 0
Cisco Discovery Protocol (CDP)
Standard ACL format
SSH Identifier
31. Rebuild Number
ntp disable
Overloading
Sixth (Optional) Part of the IOS Version
Named ACL Format
32. Protocol used to keep their time-of-day clocks accurate and in sync
ESP Operating Layer
Network Time Protocol (NTP)
IP Source Routing Vulnerabilities
no cdp run
33. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Named ACL
Local Addresses
Standard IP ACLs
TLS/SSL Layer
34. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
Anti-Replay
TCP Load Distribution
Three Layers of Hierarchical Model
User Account Vulnerabilites
35. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Reflexive ACL
Three Physical Security Vulnerabilities
Fraggle Attack
Train Identifier 'T'
36. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
ACL to block spoofed IPs
Higher IP Standard ACL Range
TCP Intercept
Session Hijacking
37. 0x32 - or 50
BOOTP Vulnerabilities
Common uses of Access Lists
Static NAT
ESP Identifier
38. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Outside
Higher IP Standard ACL Range
Unauthorized Access
Session Hijacking
39. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Integrity Validation
SNMP Trap
Encapsulation Security Payload (ESP)
Distribution Layer
40. Users - Host PC's - IP Addresses
TCP/UDP Discard Vulnerability
Finger Vulnerabilities
SNMP
Encrypted Tunneling Methods
41. Layer 7
HTTP Operating Layer
Flags used by Established Line
DNS Lookup Vulnerability
Anti-Replay
42. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
no ip redirect
Access List Rules
ACL to block a Smurf Attack or Fraggle Attack
TCP Intercept Watch Mode
43. This server is used for querying a host about its logged in users
First Part of IOS Version
Denial of Service (DoS)
inger Server
TCP Load Distribution
44. Minor Version
Second Part of IOS Version
User Account Vulnerabilites
Inside
DNS Lookup Vulnerability
45. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
HTTP Tunneling
Overloading
Reflexive ACL
Tunnel Mode
46. Provides confidentiality - so it cannot be read by unauthorized parties
ACL to block TCP SYN Attack
TCP/UDP Discard Vulnerability
Encrypting Traffic
Outside Local Address
47. The environment - catastrophic events an unauthorized access
Three Physical Security Vulnerabilities
Outside Global Address
TCP SYN Attack
Global Addresses
48. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Privilege Level 0
TCP Intercept
Core Layer
Common uses of Access Lists
49. Provides nonrepudiation - ensuring that traffic is from a trusted party
Authenticating Peers
Cisco Express Forwarding (CEF)
Higher IP Standard ACL Range
Syntax for Reflexive ACLs
50. Uses SSL port 443
Local Addresses
HTTPS Strength
IP Direct Broadcast Vulnerabilties
IP Directed Broadcast