Test your basic knowledge |

Router Security

Subject : it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. PERMIT TCP ANY ANY ESTABLISHED
User Account Vulnerabilites
Standard IP ACLs
ACL to block TCP SYN Attack
Global Addresses

2. Command used to disable the ICMP message Redirect
Network-to-Network Communications
no ip redirect
AUX Vulnerability
TLS/SSL Layer

3. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Lower IP Extended ACL Range
SNMP Trap
Session Hijacking
ESP Identifier

4. Command used to disable the ICMP message Host Unreachable
no ip unreachable
Network Time Protocol (NTP)
L2TP Operating Layer
no ip http server

5. Command used to disable HTTP Server
no ip unreachable
BOOTP Vulnerabilities
HTTP Vulnerability
no ip http server

6. Layer 7
Flags used by Established Line
SSH Operating Layer
Two Types of Router Access
Inside Local Address

7. Command to disable BOOTP Server
Generic Routing Encapsulation (GRE)
Three Physical Security Vulnerabilities
no service tcp-small-servers
no ip bootp server

8. Command to disable UDP small server on a router
no service udp-small-servers
no ip finger - no service finger
First Part of IOS Version
Extended ACL format

9. Access - Distribution - Core
Transport Mode
Uses for ACLs
Three Layers of Hierarchical Model
ACL to block telnet

10. Refers to addresses used on the organization's private network
no service udp-small-servers
Cisco Discovery Protocol (CDP)
Local Addresses
Internet Protocol Security (IPSec)

11. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
SSH Identifier
Distributed Denial of Service Attacks
Route Injection Attack
TCP/UDP Chargen Vulnerability

12. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
SSH
Standard IP ACLs
uRPF Strength
no ip unreachable

13. TCP and UDP Port 162
CDP Vulnerabilities
SNMP Trap
TCP SYN Attack
Requirements for Reflexive TCP to be removed

14. Local and Remote
IP Unreachable Vulnerabilities
Two Types of Router Access
Uses for ACLs
GRE Operating Layer

15. Privilege level that is restricted to basic level operations
Privilege Level 1
Finger Vulnerabilities
Local Addresses
uRPF Strength

16. This server is used for querying a host about its logged in users
Fourth Part of the IOS Version
TCP Load Distribution
inger Server
ACL to block a Smurf Attack or Fraggle Attack

17. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
ACL to block a Smurf Attack or Fraggle Attack
Secure Shell (SSH)
Finger Vulnerabilities
Eavesdropping and Information Theft

18. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Core Layer
no service tcp-small-servers
Cisco Discovery Protocol (CDP)
Rerouting

19. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Uses for ACLs
HTTP Tunneling
SNMP Vulnerabilities
Extended IP ACLs

20. Refers to addresses used on the organization's private network
TCP Load Distribution
TLS/SSL Identifier
Global Addresses
no service tcp-small-servers

21. Two - one Inbound or Evaluated and one Outbound or Reflected
Session Hijacking
ACL to block TCP SYN Attack
SNMP Trap
Minimum ACLs Required for Reflexive ACLs

22. 1300-1999
Masquerading
Higher IP Standard ACL Range
Privilege Level 1
Route Injection Attack

23. 0x32 - or 50
ESP Identifier
First Part of IOS Version
Devices
Smurf Attack

24. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Extended ACL format
Reflexive ACL
General Format of Cisco IOS Version
Encapsulation Security Payload (ESP)

25. Minor Version
Uses for ACLs
TCP Load Distribution
Second Part of IOS Version
TCP/UDP Chargen Vulnerability

26. Enterprise

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. 0x33 or 51
ACL to block IP multicast
IPSec AH Identifier
Encrypting Traffic
Third Part of the IOS Version

28. Uses SSL port 443
HTTPS Strength
Network-to-Network Communications
ESP Identifier
Uses for ACLs

29. ESP - SSH - SSL/TLP
no service udp-small-servers
Network Time Protocol (NTP)
Smurf Attack
Encrypted Tunneling Methods

30. Time can be changed - Routing Table can be killed
Three Physical Security Vulnerabilities
NTP Vulnerabilities
Inside Local Address
Devices

31. Plaintext
Telnet - HTTP - SNMP Vulnerability
no ip unreachable
no ip redirect
no ip mask-reply

32. Forces the user to enter both a valid username and password
login local
HTTP Operating Layer
no cdp run
Network-to-Network Communications

33. Commands to disable Finger Server
TCP/UDP Daytime Vulnerability
Network Address Translation (NAT)
no ip finger - no service finger
Host-to-Host Communications

34. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Privilege Level 0
Dynamic NAT
HTTP Tunneling
Extended ACL format

35. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Established Line
Standard IP ACLs
Second Part of IOS Version
Layer 2 Tunneling Protocol (L2TP)

36. 0x2F - or 47
GRE Identifier
Layer 2 Tunneling Protocol (L2TP)
Global Addresses
SNMP Vulnerabilities

37. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Named ACL
Train Identifier 'T'
Session Hijacking
Cisco Discovery Protocol (CDP)

38. Layer 3
ESP Operating Layer
Unicast Reverse-Path Forwarding (uRPF)
Proxy ARP
Inside Global Address

39. DENY TCP ANY HOST <IP Address> EQ 23
NTP Vulnerabilities
SSH
no ip mask-reply
ACL to block telnet

40. Can stop spoofed IP addresses
HTTP Operating Layer
uRPF Strength
Secure Shell (SSH)
SNMP

41. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Authentication Header (AH)
IP Source Routing Vulnerabilities
Land Attack
no ip redirect

42. Interim Build Number
Privilege Level 15
Fourth Part of the IOS Version
UDP Traceroute Port Range
Flags used by Established Line

43. None - uses attached application protocol's port
TLS/SSL Identifier
SSH Identifier
NTP Vulnerabilities
ACL to block telnet

44. 0-99
Lower IP Standard ACL Range
SSH1
Outside Global Address
Fourth Part of the IOS Version

45. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
ACL to block a Land Attack
Land Attack
TCP SYN Attack
Extended ACL format

46. Privilege levels that can have passwords assigned to them
Train Identifier 'B'
Privilege Levels 2-13
Reflexive ACL
no ip bootp server

47. DENY IP ANY HOST <Broadcast Address>
NTP Vulnerabilities
ACL to block a Smurf Attack or Fraggle Attack
AUX Vulnerability
IP Unreachable Vulnerabilities

48. Provides nonrepudiation - ensuring that traffic is from a trusted party
Minimum ACLs Required for Reflexive ACLs
BOOTP Vulnerabilities
Authenticating Peers
Access Layer

49. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Session Hijacking
Secure Shell (SSH)
Rerouting
Tunneling

50. Private IP address after translation
L2TP Identifier
Masquerading
HTTP Identifier
Inside Global Address