Test your basic knowledge |

Router Security

Subject : it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Release Number
Boot Network
Requirements for Reflexive TCP to be removed
SNMP Vulnerabilities
Third Part of the IOS Version

2. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
IP Spoofing
Named ACL Format
NTP Vulnerabilities
TCP/UDP Daytime Vulnerability

3. Command to disable BOOTP Server
AUX Vulnerability
Named ACL Format
no ip bootp server
inger Server

4. Commands to disable Finger Server
no ip finger - no service finger
Distributed Denial of Service Attacks
TCP/UDP Echo Vulnerability
Session Hijacking

5. DENY IP 224.0.0.0 15.255.255.255 ANY
ACL to block IP multicast
IP Source Routing
Three Layers of Hierarchical Model
Anti-Replay

6. 0-99
Proxy ARP Vulnerabilities
Lower IP Standard ACL Range
Named ACL Format
no service tcp-small-servers

7. UDP Port 1701
TCP/UDP Daytime Vulnerability
L2TP Identifier
Three Physical Security Vulnerabilities
Train Identifier 'S'

8. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Third Part of the IOS Version
Privilege Level 0
SSH
TCP Load Distribution

9. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Tunneling
Syntax for Reflexive ACLs
ESP Operating Layer
Boot Network

10. What Tunnel Mode is used for
Privilege Level 0
Uses for ACLs
Network-to-Network Communications
Standard ACL format

11. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
no cdp run
Denial of Service (DoS)
ACL to block telnet
ACL to block a Land Attack

12. DENY TCP ANY HOST <IP Address> EQ 23
Network-to-Network Communications
L2TP Identifier
Secure Shell (SSH)
ACL to block telnet

13. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Distributed Denial of Service Attacks
Named ACL Format
Core Layer
Three Physical Security Vulnerabilities

14. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Common uses of Access Lists
Authenticating Peers
Network Address Translation (NAT)
Privilege Levels 2-13

15. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Proxy ARP
Inside Local Address
User Account Vulnerabilites
HTTP Identifier

16. Buffer Overflow
Train Identifier 'S'
TCP/UDP Chargen Vulnerability
IPSec AH Operating Layer
ACL to block telnet

17. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Train Identifier 'S'
Standard ACL format
Boot Network
Proxy ARP

18. Privilege level that is restricted to basic level operations
HTTP Operating Layer
Network Address Translation (NAT)
Generic Routing Encapsulation (GRE)
Privilege Level 1

19. Ip access-list <standard | extended> name - permit TCP any any established
Session Hijacking
Named ACL Format
Two Types of Router Access
Train Identifier 'T'

20. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
Denial of Service (DoS)
Finger Vulnerabilities
TCP Intercept
no ip mask-reply

21. Allows the source IP host to specify a route through the IP network
Encapsulation Security Payload (ESP)
Tunneling
Train Identifier 'T'
IP Source Routing

22. Provides confidentiality - so it cannot be read by unauthorized parties
Network Address Translation (NAT)
Encrypting Traffic
GRE Identifier
no ip http server

23. What Inside and Outside refer to in NAT
Devices
SSH1
Masquerading
Boot Network

24. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Finger Vulnerabilities
Inside Local Address
Reflexive ACL
SNMP Vulnerabilities

25. Interim Build Number
ACL to block a Land Attack
Inside Global Address
Lower IP Standard ACL Range
Fourth Part of the IOS Version

26. Device - Hostname - IOS - IP Address - Ports - Model
Inside Local Address
Second Part of IOS Version
Host-to-Host Communications
CDP Vulnerabilities

27. ACK and RST
Syntax for Reflexive ACLs
Flags used by Established Line
TCP/UDP Daytime Vulnerability
Authenticating Peers

28. Users - Host PC's - IP Addresses
Inside Local Address
HTTP Operating Layer
Finger Vulnerabilities
Integrity Validation

29. Can copy - poison - corrupt - or delete the IOS
no ip mask-reply
IP Unreachable Vulnerabilities
Requirements for Reflexive TCP to be removed
BOOTP Vulnerabilities

30. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
syslog
TCP/UDP Chargen Vulnerability
Two Protocols of Tunnel Mode
Land Attack

31. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
Train Identifier 'S'
IP Directed Broadcast
GRE Identifier
Network Address Translation (NAT)

32. 0x32 - or 50
TCP Intercept
Reflexive ACL
Unauthorized Access
ESP Identifier

33. None - uses attached application protocol's port
Reflexive ACL
TLS/SSL Identifier
no ip http server
Static NAT

34. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
ACL to block TCP SYN Attack
TCP Load Distribution
Transport Mode
Static NAT

35. Broadcast

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

36. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Secure Shell (SSH)
ESP Identifier
Flags used by Established Line
SSH1

37. Command used to disable the ICMP message Address Mask Reply
no ip mask-reply
SSH Identifier
Networks
Distribution Layer

38. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Extended ACL format
IP Source Routing
Route Injection Attack
Three Physical Security Vulnerabilities

39. ESP - SSH - SSL/TLP
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Three Layers of Hierarchical Model
no service tcp-small-servers
Encrypted Tunneling Methods

40. Layer 3
Fourth Part of the IOS Version
Integrity Validation
ESP Operating Layer
Anti-Replay

41. Technology

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

42. Layer 5
Standard ACL format
L2TP Operating Layer
Boot Network
Overloading

43. Mode where only the payload of the IP packet is encrypted and/or authenticated
Train Identifier 'T'
Transport Mode
GRE Identifier
Fifth Part of the IOS Version

44. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Higher IP Extended ACL Range
Proxy ARP Vulnerabilities
General Format of Cisco IOS Version
Dynamic NAT

45. Command to disable UDP small server on a router
HTTPS Strength
Sixth (Optional) Part of the IOS Version
Unicast Reverse-Path Forwarding (uRPF)
no service udp-small-servers

46. Minor Version
no ip http server
Cisco Express Forwarding (CEF)
Three Layers of Hierarchical Model
Second Part of IOS Version

47. Traffic is passed in plaintext
HTTP Vulnerability
TLS/SSL Identifier
Two Protocols of Tunnel Mode
Boot Network Vulnerabilities

48. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
ACL to block a Smurf Attack or Fraggle Attack
Uses for ACLs
Denial of Service (DoS)
Sixth (Optional) Part of the IOS Version

49. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
TCP Intercept Watch Mode
ntp disable
Train Idenifier 'E'
Common uses of Access Lists

50. Refers to the addresses on the public internet
IP Unreachable Vulnerabilities
Boot Network Vulnerabilities
Outside
Authenticating Peers