Test your basic knowledge |

Router Security

Subject : it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Geolocational positioning
no ip redirect
TCP/UDP Daytime Vulnerability
Local Addresses
Syntax for Reflexive ACLs

2. DENY IP 224.0.0.0 15.255.255.255 ANY
HTTP Operating Layer
no ip http server
ACL to block IP multicast
TCP/UDP Discard Vulnerability

3. Startup-config can be deleted - copied - changed
Boot Network Vulnerabilities
no ip mask-reply
ESP Identifier
Reflexive ACL

4. What Tunnel Mode is used for
BOOTP Vulnerabilities
Network-to-Network Communications
no ip redirect
Network Time Protocol (NTP)

5. Router threat where access by an entity or individual other than authorized users
Two Modes of IPSec
Unauthorized Access
IP Spoofing
Session Hijacking

6. Uses only host keys to authenticate systems
Minimum ACLs Required for Reflexive ACLs
SSH2
Proxy ARP
syslog

7. Privilege level that is restricted to basic level operations
inger Server
Privilege Level 1
Denial of Service (DoS)
Higher IP Extended ACL Range

8. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Cisco Express Forwarding (CEF)
Three Layers of Hierarchical Model
Smurf Attack
SNMP Vulnerabilities

9. Plaintext
no cdp run
Requirements for Reflexive TCP to be removed
Two Types of Router Access
Telnet - HTTP - SNMP Vulnerability

10. None - uses attach application protocol's layer
TLS/SSL Layer
L2TP Identifier
Global Addresses
Session Hijacking

11. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Static NAT
SNMP Vulnerabilities
Cisco Express Forwarding (CEF)
Common uses of Access Lists

12. TCP Port 80
HTTP Identifier
NTP Vulnerabilities
Privilege Level 0
uRPF Strength

13. Release Train Identifier
TLS/SSL Identifier
Fifth Part of the IOS Version
BOOTP Vulnerabilities
Inside Local Address

14. Service Provider

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

15. Layer 7
HTTP Operating Layer
Inside
no ip http server
Minimum ACLs Required for Reflexive ACLs

16. Command used to disable NTP on an interface
TCP Load Distribution
Layer 2 Tunneling Protocol (L2TP)
Named ACL Format
ntp disable

17. Users - Host PC's - IP Addresses
Finger Vulnerabilities
Masquerading
HTTP Operating Layer
no ip unreachable

18. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Higher IP Standard ACL Range
Authentication Header (AH)
login local
HTTP Vulnerability

19. Command used to disable the ICMP message Redirect
no ip redirect
no ip http server
Established Line
ACL to block spoofed IPs

20. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
IPSec AH Operating Layer
IP Direct Broadcast Vulnerabilties
Layer 2 Tunneling Protocol (L2TP)
BOOTP

21. Local and Remote
Boot Network
Privilege Level 1
Standard IP ACLs
Two Types of Router Access

22. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
ACL to block telnet
Overloading
Telnet - HTTP - SNMP Vulnerability
IP Directed Broadcast

23. Access-list <number> <deny | permit> source source-wildcard log
Standard ACL format
ACL to block telnet
Finger Vulnerabilities
Static NAT

24. Command to disable CDP on a router
ACL to block a Land Attack
no cdp run
Telnet - HTTP - SNMP Vulnerability
Outside

25. Command used to disable HTTP Server
Networks
Outside
no ip http server
TLS/SSL Layer

26. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Standard IP ACLs
Extended ACL format
SNMP Vulnerabilities
Reflexive ACL

27. Command used to disable the ICMP message Address Mask Reply
Proxy ARP
ACL to block incoming loopback packets
no ip mask-reply
Local Addresses

28. TCP and UDP Port 161
Rerouting
IP Direct Broadcast Vulnerabilties
SNMP
Transport Mode

29. Layer 3
SSH1
IPSec AH Operating Layer
Named ACL Format
Route Injection Attack

30. UDP Port 514
syslog
Local Addresses
Inside Local Address
TCP SYN Attack

31. TCP Port 22
Outside
Dynamic NAT
Anti-Replay
SSH Identifier

32. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Land Attack
ESP Identifier
Encapsulation Security Payload (ESP)
Cisco Discovery Protocol (CDP)

33. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Internet Protocol Security (IPSec)
Inside
ESP Identifier
Proxy ARP Vulnerabilities

34. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Train Identifier 'B'
Tunneling
BOOTP
IP Spoofing

35. 33400-34400
UDP Traceroute Port Range
Third Part of the IOS Version
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Network-to-Network Communications

36. Breaks LAN security perimeter extends LAN to Layer 2
HTTP Operating Layer
Two Modes of IPSec
Tunneling
Proxy ARP Vulnerabilities

37. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
Network-to-Network Communications
Two Types of Router Access
General Format of Cisco IOS Version
TCP Intercept

38. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Integrity Validation
UDP Traceroute Port Range
Cisco Discovery Protocol (CDP)
Rerouting

39. 2000-2699
Higher IP Extended ACL Range
Common uses of Access Lists
Uses for ACLs
no ip bootp server

40. Protects against repeating of secure sessions
Authentication Header (AH)
Global Addresses
Anti-Replay
Higher IP Standard ACL Range

41. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Uses for ACLs
Flags used by Established Line
no cdp run
Distributed Denial of Service Attacks

42. 0x33 or 51
Transport Mode
IP Source Routing
Syntax for Reflexive ACLs
IPSec AH Identifier

43. War dialing
Train Identifier 'T'
login local
AUX Vulnerability
TLS/SSL Layer

44. Command to disable UDP small server on a router
Access List Rules
HTTP Operating Layer
no service udp-small-servers
AUX Vulnerability

45. Ip access-list <standard | extended> name - permit TCP any any established
Privilege Levels 2-13
Named ACL Format
uRPF Strength
Established Line

46. Layer 3
Two Types of Router Access
no ip mask-reply
SNMP Vulnerabilities
GRE Operating Layer

47. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Encapsulation Security Payload (ESP)
TCP/UDP Daytime Vulnerability
Masquerading
Inside Local Address

48. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
SSH Operating Layer
ACL to block incoming loopback packets
Land Attack
Flags used by Established Line

49. 1300-1999
Higher IP Standard ACL Range
inger Server
Standard ACL format
L2TP Identifier

50. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Finger Vulnerabilities
Network Address Translation (NAT)
Higher IP Extended ACL Range
IP Directed Broadcast