SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
HTTP Tunneling
Secure Shell (SSH)
Named ACL
Established Line
2. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Common uses of Access Lists
Smurf Attack
Session Hijacking
Core Layer
3. Layer 7
HTTP Operating Layer
ACL to block telnet
IP Directed Broadcast
SSH Identifier
4. Major Version
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Encrypting Traffic
First Part of IOS Version
Land Attack
5. 1300-1999
DNS Lookup Vulnerability
Standard IP ACLs
Higher IP Standard ACL Range
Network Address Translation (NAT)
6. TCP Port 80
Cisco Discovery Protocol (CDP)
HTTP Identifier
Fourth Part of the IOS Version
Unauthorized Access
7. 2000-2699
BOOTP Vulnerabilities
Higher IP Extended ACL Range
Generic Routing Encapsulation (GRE)
TCP/UDP Daytime Vulnerability
8. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Masquerading
Network-to-Network Communications
Route Injection Attack
ACL to block IP multicast
9. Provides nonrepudiation - ensuring that traffic is from a trusted party
Static NAT
echo - chargen - discard - daytime
Authenticating Peers
ACL to block TCP SYN Attack
10. Local and Remote
Internet Protocol Security (IPSec)
Two Types of Router Access
ACL to block incoming loopback packets
no ip redirect
11. Layer 3
GRE Operating Layer
inger Server
SNMP Trap
ACL to block telnet
12. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
IP Mask Reply Vulnerabilities
ACL to block a Land Attack
Tunneling
SSH2
13. Two FIN bits or one RST bit
Distributed Denial of Service Attacks
Requirements for Reflexive TCP to be removed
SSH1
IP Spoofing
14. Time can be changed - Routing Table can be killed
Uses for ACLs
NTP Vulnerabilities
Extended IP ACLs
CDP Vulnerabilities
15. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
SNMP
Extended IP ACLs
Network Address Translation (NAT)
Lower IP Standard ACL Range
16. Can stop spoofed IP addresses
SSH Operating Layer
uRPF Strength
BOOTP
Two Modes of IPSec
17. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
TLS/SSL Identifier
SNMP Trap
Fourth Part of the IOS Version
Distributed Denial of Service Attacks
18. Private IP address after translation
Requirements for Reflexive TCP to be removed
Higher IP Extended ACL Range
Lower IP Standard ACL Range
Inside Global Address
19. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Network Address Translation (NAT)
IP Direct Broadcast Vulnerabilties
Internet Protocol Security (IPSec)
Second Part of IOS Version
20. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Core Layer
no service tcp-small-servers
Privilege Levels 2-13
User Account Vulnerabilites
21. 2000-2699
SNMP Trap
Lower IP Extended ACL Range
TCP Load Distribution
GRE Identifier
22. Command used to disable HTTP Server
Second Part of IOS Version
no ip http server
SNMP Vulnerabilities
Smurf Attack
23. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
GRE Identifier
Encapsulation Security Payload (ESP)
Route Injection Attack
Minimum ACLs Required for Reflexive ACLs
24. What Tunnel Mode is used for
no ip finger - no service finger
Common uses of Access Lists
Network-to-Network Communications
HTTP Operating Layer
25. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
26. Can discover vulnerabilities - network stats - and firewall discovery
no ip bootp server
TLS/SSL Layer
IP Unreachable Vulnerabilities
HTTPS Strength
27. Layer 3
Transport Mode
Eavesdropping and Information Theft
ACL to block IP multicast
ESP Operating Layer
28. Public IP address before translation
Core Layer
Outside Local Address
Local Addresses
Higher IP Standard ACL Range
29. Layer 5
syslog
Named ACL
L2TP Operating Layer
BOOTP Vulnerabilities
30. DENY IP 224.0.0.0 15.255.255.255 ANY
IP Mask Reply Vulnerabilities
UDP Traceroute Port Range
ACL to block IP multicast
Network Time Protocol (NTP)
31. Layer 3
IPSec AH Operating Layer
no service tcp-small-servers
Minimum ACLs Required for Reflexive ACLs
SSH Identifier
32. DENY IP <Network ID> <Network WC Mask> ANY
Tunnel Mode
IP Directed Broadcast
ACL to block spoofed IPs
no ip http server
33. UDP Port 1701
L2TP Identifier
TLS/SSL Identifier
Proxy ARP Vulnerabilities
Third Part of the IOS Version
34. Command to disable UDP small server on a router
no service udp-small-servers
no cdp run
Global Addresses
Unauthorized Access
35. Release Train Identifier
no ip redirect
Rerouting
no ip finger - no service finger
Fifth Part of the IOS Version
36. Refers to the organization's private network
Inside
Proxy ARP
L2TP Identifier
ACL to block a Smurf Attack or Fraggle Attack
37. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Rerouting
Two Types of Router Access
Networks
IP Mask Reply Vulnerabilities
38. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Train Identifier 'T'
TCP Intercept Watch Mode
TCP Load Distribution
HTTP Operating Layer
39. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Dynamic NAT
TCP/UDP Daytime Vulnerability
TLS/SSL Identifier
Unicast Reverse-Path Forwarding (uRPF)
40. Startup-config can be deleted - copied - changed
Boot Network Vulnerabilities
TLS/SSL Identifier
no service tcp-small-servers
L2TP Operating Layer
41. Refers to addresses used on the organization's private network
TCP Intercept Watch Mode
Encrypted Tunneling Methods
SNMP Vulnerabilities
Global Addresses
42. None - uses attach application protocol's layer
TCP/UDP Discard Vulnerability
TLS/SSL Layer
Authentication Header (AH)
ACL to block TCP SYN Attack
43. DNS Poisoning
Unicast Reverse-Path Forwarding (uRPF)
DNS Lookup Vulnerability
SSH1
Privilege Level 1
44. PERMIT TCP ANY ANY ESTABLISHED
DNS Lookup Vulnerability
Devices
ACL to block TCP SYN Attack
SNMP Vulnerabilities
45. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Layer 2 Tunneling Protocol (L2TP)
Minimum ACLs Required for Reflexive ACLs
HTTP Vulnerability
Encrypting Traffic
46. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
SNMP Vulnerabilities
Reflexive ACL
Overloading
Sixth (Optional) Part of the IOS Version
47. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
SNMP Vulnerabilities
SSH1
NTP Vulnerabilities
Fraggle Attack
48. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
no cdp run
TCP/UDP Chargen Vulnerability
Core Layer
Secure Shell (SSH)
49. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Privilege Level 15
Cisco Discovery Protocol (CDP)
Encapsulation Security Payload (ESP)
echo - chargen - discard - daytime
50. Protects against repeating of secure sessions
Two Modes of IPSec
Anti-Replay
HTTPS Strength
HTTP Tunneling
